I have access to official AMI BIOS Core8 source code for more than a year now,
due to one of my work. I think it's good to share the ups and downs of having access to such source code.
It's nice to have BIOS source code at your hand because you can do a lot of things.
However, having access to the source code doesn't equal understanding the code any better.
It's quite a steep learning curve to understand how to use the development tools and
also some code requires you to understand various hardware protocol to have a sense on it.
Of course, having reversed some BIOS binaries helped me. But, it also produces unwanted effects.
Sometimes, I tend to use "binary surgical" approach instead of trying to use the existing development tools,
which in the end produces ugly kludge. It takes sometime for me to get used to the development tools.
Overall, though I can say that I learned a lot from the source code.
Friday, July 20, 2012
Saturday, July 7, 2012
The Mebromi BIOS Rootkit Hype: An adapted version of Kris Kaspesky ISA ROM shell coders?
Is the Mebromi BIOS Rootkit hype is based on an adapted version of Kris Kaspesky ISA ROM shell coders?
Well, this is probably one of the most hillarious thing that ever happened if it's true. I need to investigate further. I cannot say for sure until further evidence confirm my suspicion. From quick glimpse, it looks like infecting the IVT of Windows XP (probably I'm wrong) . So, stay tuned!
Well, this is probably one of the most hillarious thing that ever happened if it's true. I need to investigate further. I cannot say for sure until further evidence confirm my suspicion. From quick glimpse, it looks like infecting the IVT of Windows XP (probably I'm wrong) . So, stay tuned!
Friday, July 6, 2012
Tweeting New Articles
I'm starting to tweet link to articles I'm writing. I've been too busy lately. Probably that should be enough for sometime. You could follow the update over at twitter @Pinczakko. Of course, this blog will still be more in-depth.
Implanting malicious hardware
After reading this and this over at Bunnie's blog, I came to think that how easy someone can "implant" malicious hardware anywhere in the supply chain before the hardware reaches it's destination. Ball Grid Array chips are complex beast to work with physically. But, with the BGA reballing tool, even a complex chip like that could be replaced with ease (quote from Bunnie's blog):
Before seeing this, I was under the impression that reballing was an involved process, but with this jig the operator could strip and reball a chip in under a few minutes, which translates to a labor cost of a couple dozen centsThis is insane. In PC motherboard, the chipset is mostly in BGA packaging. Flash ROM chips these days are back in the old "DIP" (Dual In-line Package), so it's quite easy to work with. But, to think that even BGA chips could be altered with ease is just mind boggling.
Monday, July 2, 2012
Malicious Code Execution in PCI Expansion ROM Article
The "Malicious Code Execution in PCI Expansion ROM" article is up. You could read it over at: http://resources.infosecinstitute.com/pci-expansion-rom/.
It's a mix of old and new things; from what we have known from the old PCI expansion ROM as mentioned in PCI specification and new "feature" added by the PCI firmware spec.
It's a mix of old and new things; from what we have known from the old PCI expansion ROM as mentioned in PCI specification and new "feature" added by the PCI firmware spec.
Subscribe to:
Posts (Atom)
