DE MYSTERIIS DOM JOBSIVS Mac EFI Rootkits - Reverse ...

More documents

Recommendations

Info

DEFENCEUEFI SECURE BOOT‣ Issues‣ “The public key must be stored in non-volatile storage which istamper and delete resistant.”‣ May not prevent evil maid attacks if NVRAM can be reset‣ Blank NVRAM == back to “setup” mode‣ Use the TPM‣Signing needs to be enforced through the whole stack‣ More?De Mysteriis Dom Jobsivs - Black Hat USA2012
IN CONCLUSION...I HAD FUN.‣ So basically we’re all screwed‣ What should you do?‣ Glue all your ports shut‣ Use an EFI password to prevent basic local attacks‣ Stop using computers, go back to the abacus‣ What should Apple do?‣ Implement UEFI Secure Boot (actually use the TPM)‣ Disable loading of option ROMs from devices on bus expansions‣ When an EFI password is set I guess?‣ Audit the damn EFI code (see Heasman/ITL)‣ Sacrifice more virginsDe Mysteriis Dom Jobsivs - Black Hat USA2012
Page 1 and 2:
DE MYSTERIIS DOM JOBSIVS:MAC EFI RO
Page 3 and 4:
AGENDA‣ Things I will talk aboutI
Page 5 and 6:
INTRODUCTIONI WANT A COOL BOOT SCRE
Page 8 and 9:
II. EFI FUNDAMENTALSDe Mysteriis Do
Page 10 and 11:
EFI ARCHITECTUREPUTTING THE “SUCK
Page 12 and 13:
EFI ARCHITECTURE‣ Tables - pointe
Page 14 and 15: EFI ARCHITECTURE‣ Some telling ex
Page 16 and 17: III. DOING BAD THINGS WITHEFIDe Mys
Page 18 and 19: DOING BAD THINGS WITH EFIATTACKING
Page 24 and 25: ATTACKING THE KERNEL‣ Patch the k
Page 26 and 27: ATTACKING THE KERNELStart of kernel
Page 28 and 29: ATTACKING THE KERNELPATCHING THE KE
Page 31 and 32: ATTACKING THE KERNEL‣ What’s ou
Page 33 and 34: ATTACKING THE KERNEL‣ Preparing o
Page 35 and 36: ATTACKING THE KERNELOTHER HALF-ASSE
Page 37 and 38: ‣ In ascending order of awesome
Page 39 and 40: PERSISTENCEEFI SYSTEM PARTITION‣
Page 41 and 42: PERSISTENCEPCI DEVICE EXPANSION ROM
Page 43 and 44: PERSISTENCEFIRMWARE FLASH‣ Apple
Page 46 and 47: PERSISTENCEFIRMWARE FLASH‣ Manipu
Page 48 and 49: V. EVIL MAID ATTACKSDe Mysteriis Do
Page 50 and 51: EVIL MAID ATTACKSWHAT CAN WE DO WIT
Page 52 and 53: EVIL MAID ATTACKSIT’S MY JOB TO K
Page 54 and 55: EVIL MAID ATTACKSTHUNDERBOLT TO GIG
Page 56 and 57: DEMO‣ Evil maid using USB‣ Boot
Page 58 and 59: DEMODe Mysteriis Dom Jobsivs - Blac
Page 60 and 61: IN CASE MY DEMO BROKEHERE’S SOME
Page 62 and 63: DEFENCEEFI FIRMWARE PASSWORD?‣ Ha
Page 66 and 67: REFERENCES‣ UEFI Spec‣ http://w
show all

DE MYSTERIIS DOM JOBSIVS Mac EFI Rootkits - Reverse ...

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?