< Return to Video

Jethro Beekman: Reversing UEFI by execution

  • 0:09 - 0:12
    Herald: So, in this talk we will hear about
  • 0:12 - 0:16
    what UEFI is, how it can be used,
  • 0:16 - 0:19
    and how it can be executed in userspace,
  • 0:19 - 0:20
    and our speaker is Jethro Beekman,
  • 0:20 - 0:26
    and... the stage is yours.
  • 0:26 - 0:28
    Jethro Beekman: Thank you for the introduction.
  • 0:28 - 0:32
    applause
  • 0:32 - 0:35
    Alright, thank you for the introduction.
  • 0:35 - 0:38
    So, I'm a PhD student at UC Berkeley,
  • 0:38 - 0:40
    and in my copious amounts of free time,
  • 0:40 - 0:43
    I like to reverse-engineer things.
  • 0:43 - 0:45
    In particular, this time,
  • 0:45 - 0:47
    I reverse-engineered UEFI,
  • 0:47 - 0:50
    which is the modern BIOS replacement.
  • 0:50 - 0:53
    And, in this talk, I will discuss some tools
  • 0:53 - 0:55
    that you can use - that you too can use
  • 0:55 - 0:57
    to reverse-engineer UEFI,
  • 0:57 - 0:59
    including some tools that I wrote,
  • 0:59 - 1:02
    and tools that other people wrote.
  • 1:02 - 1:05
    So, this whole project started
  • 1:05 - 1:08
    when I bought a new SSD for my laptop
  • 1:08 - 1:11
    and, as you might know, modern SSDs have
  • 1:11 - 1:14
    built-in encryption capabilities,
  • 1:14 - 1:16
    whether this is secure or not is a question,
  • 1:16 - 1:18
    is a good question, but really,
  • 1:18 - 1:20
    reverse-engineering SSD firmware
  • 1:20 - 1:23
    is a talk for another day.
  • 1:23 - 1:28
    So, I decided to use this encryption,
  • 1:28 - 1:31
    and use it using the built-in
  • 1:31 - 1:33
    hardware password option
  • 1:33 - 1:36
    of my UEFI firmware.
  • 1:36 - 1:39
    This is the password I chose, 64 characters,
  • 1:39 - 1:42
    "correct horse battery staple galaxy
    piece position require house".
  • 1:42 - 1:48
    It's very secure, obviously.
  • 1:48 - 1:50
    So this all seemed to be working fine,
  • 1:50 - 1:51
    and I was trusting that my hard drive
  • 1:51 - 1:54
    was encrypted properly,
  • 1:54 - 1:55
    but once you start to think about
  • 1:55 - 1:56
    how it actually works,
  • 1:56 - 1:59
    there's a small discrepancy, really,
  • 1:59 - 2:02
    because the way this password's input
  • 2:02 - 2:05
    to the hard drive is using
  • 2:05 - 2:07
    the ATA security feature set,
  • 2:07 - 2:09
    the security-unlock command.
  • 2:09 - 2:11
    And if you look at the unlock command,
  • 2:11 - 2:13
    you clearly see that the password
  • 2:13 - 2:17
    is supposed to be 32 bytes.
  • 2:17 - 2:21
    How are these 64 characters
    turned into 32 bytes?
  • 2:21 - 2:23
    That is my question,
  • 2:23 - 2:25
    because if my laptop dies
  • 2:25 - 2:28
    but my SSD is still functional,
  • 2:28 - 2:30
    I want to be able to take my SSD
  • 2:30 - 2:32
    and put it into another computer
  • 2:32 - 2:34
    to get access to my data.
  • 2:34 - 2:36
    I tried all the standard things,
  • 2:36 - 2:41
    like truncating it, or using a standard
  • 2:41 - 2:43
    hash function like SHA-256
  • 2:43 - 2:45
    that has 32-byte output,
  • 2:45 - 2:48
    but these things all didn't work.
  • 2:48 - 2:50
    So then I decided to, you know,
  • 2:50 - 2:53
    really dive into the firmware
  • 2:53 - 2:55
    to figure out how it works.
  • 2:55 - 2:56
    So this talk will also be called
  • 2:56 - 3:00
    "How to turn 64 characters into 32 bytes".
  • 3:00 - 3:07
    applause
  • 3:08 - 3:09
    So what are some challenges
  • 3:09 - 3:12
    when reverse-engineering UEFI?
  • 3:12 - 3:14
    So first of all, this is the first thing
  • 3:14 - 3:18
    that runs when your computer is booted up.
  • 3:18 - 3:19
    So that means you will not be able
  • 3:19 - 3:21
    to use a standard debugger.
  • 3:21 - 3:24
    Surely people who develop firmware for a living
  • 3:24 - 3:27
    have some kind of hardware debugger
  • 3:27 - 3:31
    but that's unlikely to work on a commodity
    system
  • 3:31 - 3:35
    such as this laptop,
    which is all I got from the store.
  • 3:35 - 3:37
    Maybe you think you can emulate the firmware
  • 3:37 - 3:39
    using qemu or something like that,
  • 3:39 - 3:41
    but the hardware that the firmware
  • 3:41 - 3:43
    is designed to support
  • 3:43 - 3:46
    is unlikely to be correctly emulated by qemu.
  • 3:46 - 3:50
    So that is also probably not a viable way
  • 3:50 - 3:52
    to debug this.
  • 3:52 - 3:58
    Also, because UEFI is basically one big process,
  • 3:58 - 4:01
    using one address space,
  • 4:01 - 4:02
    there's no operating system
  • 4:02 - 4:05
    so there's no system calls.
  • 4:05 - 4:07
    Also there's no dynamic linker,
  • 4:07 - 4:09
    so there's no dynamic symbols,
  • 4:09 - 4:10
    there's no symbol table that you can use
  • 4:10 - 4:13
    as a starting point in your reverse-engineering.
  • 4:13 - 4:16
    You know, if you were reverse-engineering
  • 4:16 - 4:20
    a standard password utility in userspace
  • 4:20 - 4:22
    or something, you might start at
  • 4:22 - 4:24
    the read system call for,
  • 4:24 - 4:27
    that would be displayed to the user
  • 4:27 - 4:28
    to enter the password.
  • 4:28 - 4:35
    But in UEFI, no, that is not an option.
  • 4:35 - 4:37
    And even though there's no dynamic linker,
  • 4:37 - 4:38
    the whole firmware consists
  • 4:38 - 4:42
    of 281 different modules, in my case,
  • 4:42 - 4:46
    and it could be similar numbers
    on your UEFI laptop.
  • 4:46 - 4:51
    And these modules all need to interact
    in some way.
  • 4:51 - 4:54
    So, let's take a look at these different modules.
  • 4:54 - 4:57
    There's a tool called UEFITool,
  • 4:57 - 4:59
    written by Nikolaj Schlej, and
  • 4:59 - 5:00
    this really should be in your bag of tricks
  • 5:00 - 5:02
    if you're interested in doing anything
  • 5:02 - 5:05
    with UEFI firmware.
  • 5:05 - 5:11
    So, here I'll just go and use UEFIExtract,
  • 5:11 - 5:15
    which is a command line utility
  • 5:15 - 5:17
    included with UEFITool
  • 5:17 - 5:20
    that allows you to extract a firmware blob,
  • 5:20 - 5:22
    so in this case I took the firmware blob
  • 5:22 - 5:26
    from the Lenovo firmware update CD
  • 5:26 - 5:30
    and we're going to extract that.
  • 5:30 - 5:34
    After extracting it, we get this nice
    directory structure
  • 5:34 - 5:38
    with one subdirectory per module
  • 5:38 - 5:40
    and as you can see, there's quite a few of
    them.
  • 5:40 - 5:45
    Here's, there's system management
    mode control module,
  • 5:45 - 5:48
    timer module, things like that.
  • 5:48 - 5:49
    And as you can see,
  • 5:49 - 5:51
    each module has a bunch of subdirectories
  • 5:51 - 5:52
    for the different sections
  • 5:52 - 5:53
    that are included in that module.
  • 5:53 - 5:57
    And one that appears a lot is the PE32+ image.
  • 5:57 - 5:59
    This is a portable execution image,
  • 5:59 - 6:03
    this is a format that Windows uses for executables.
  • 6:03 - 6:06
    So, you might think you might be able to run
  • 6:06 - 6:11
    these modules, and that is true.
  • 6:11 - 6:14
    But first, let's take a look at
  • 6:14 - 6:16
    what happens when you run a module like that.
  • 6:16 - 6:20
    Each module has an entry point, main,
  • 6:20 - 6:23
    and the main function gets passed
  • 6:23 - 6:25
    a pointer to the system table.
  • 6:25 - 6:27
    The system table is just...
  • 6:27 - 6:30
    contains more pointers to other structures.
  • 6:30 - 6:32
    For example, for the terminals,
  • 6:32 - 6:35
    cons in, cons out, standard error,
  • 6:35 - 6:38
    the standard text inputs and outputs,
  • 6:38 - 6:41
    and also the boot services structure.
  • 6:41 - 6:43
    The boot services structure contains
  • 6:43 - 6:45
    a bunch of function pointers,
  • 6:45 - 6:48
    including these install protocol interface
  • 6:48 - 6:51
    and locate protocol functions.
  • 6:51 - 6:53
    The install protocol interface allows
  • 6:53 - 6:56
    a module to install a protocol interface
  • 6:56 - 7:00
    using, specified by a particular GUID
  • 7:00 - 7:03
    and the interface is specified by just some
    pointer.
  • 7:03 - 7:06
    Then, later, another module can call
  • 7:06 - 7:09
    a locate protocol function with the same GUID
  • 7:09 - 7:11
    and it will receive a pointer
  • 7:11 - 7:13
    to this interface that was previously installed
  • 7:13 - 7:14
    by the other modules.
  • 7:14 - 7:18
    So, most modules in their main function
  • 7:18 - 7:21
    start by loading a bunch of protocols
  • 7:21 - 7:24
    and then, after that, installing one more
  • 7:24 - 7:28
    of their own protocols.
  • 7:28 - 7:29
    This is all done at runtime.
  • 7:29 - 7:31
    So there's really no static way of
  • 7:31 - 7:33
    viewing the dependencies
  • 7:33 - 7:35
    between the different modules.
  • 7:35 - 7:36
    Luckily, we might be able to
  • 7:36 - 7:37
    execute these modules,
  • 7:37 - 7:41
    as I was alluding to before.
  • 7:41 - 7:42
    These modules, they're written
  • 7:42 - 7:44
    for the hardware you're currently using,
  • 7:44 - 7:47
    with your current operating system.
  • 7:47 - 7:49
    So they have a compatible instruction set.
  • 7:49 - 7:50
    So in order to execute them,
  • 7:50 - 7:52
    you just need a compatible
  • 7:52 - 7:55
    application binary interface, or ABI.
  • 7:55 - 7:56
    This is what I've written,
  • 7:56 - 7:58
    with the efiperun tool.
  • 7:58 - 8:02
    You can think of efiperun as WINE for UEFI.
  • 8:02 - 8:04
    Just like WINE allows you to run
  • 8:04 - 8:06
    Windows applications on Linux,
  • 8:06 - 8:09
    efiperun allows you to run EFI modules
  • 8:09 - 8:12
    on Linux.
  • 8:12 - 8:19
    applause
  • 8:22 - 8:25
    So, efiperun has a bunch of features,
  • 8:25 - 8:29
    it includes many of the standard EFI APIs
  • 8:29 - 8:32
    and it's very easy to add implementations
  • 8:32 - 8:33
    for missing APIs.
  • 8:33 - 8:36
    Also, at runtime, a missing API
  • 8:36 - 8:37
    will be generated automatically
  • 8:37 - 8:40
    with some stub functions.
  • 8:40 - 8:41
    It supports memory map annotations,
  • 8:41 - 8:46
    so that you can see which parts of memory
  • 8:46 - 8:48
    have been allocated by which module
  • 8:48 - 8:50
    and you can all run these in your standard
  • 8:50 - 8:53
    debugger environments, like gdb.
  • 8:53 - 8:55
    Also, as an interesting aside,
  • 8:55 - 8:57
    I think this the only project
  • 8:57 - 8:58
    I could find online
  • 8:58 - 9:00
    that uses the cross-stdarg header
  • 9:00 - 9:03
    which is used for calling
  • 9:03 - 9:04
    variable-argument functions
  • 9:04 - 9:07
    across calling conventions.
  • 9:07 - 9:14
    So, let's do a little demo of efiperun.
  • 9:14 - 9:16
    In this demo, I will just
  • 9:16 - 9:21
    run efiperun on each different module
  • 9:21 - 9:24
    to see which other modules it interacts with.
  • 9:34 - 9:36
    So, I just wrote this little Ruby script
  • 9:36 - 9:38
    which traverses the directory tree
  • 9:38 - 9:42
    that we just saw from the UEFIExtract utility
  • 9:42 - 9:44
    and then it executes efiperun
  • 9:44 - 9:47
    for each different module.
  • 9:47 - 9:48
    Whee!
  • 9:50 - 9:52
    Assertion error that I've never seen before,
  • 9:52 - 9:54
    that's always fun.
  • 9:54 - 9:56
    As you can see, 281 processes are launched,
  • 9:56 - 9:58
    most modules return
  • 9:58 - 10:00
    from the main function, normally,
  • 10:00 - 10:01
    but some of them get stuck
  • 10:01 - 10:04
    in an infinite loop,
  • 10:04 - 10:06
    so efiperun will automatically terminate
  • 10:06 - 10:08
    after 10 seconds in this case.
  • 10:08 - 10:10
    Let's look at the output of
  • 10:10 - 10:14
    all these different efiperun modules.
  • 10:17 - 10:18
    You can see a bunch of them segfault,
  • 10:18 - 10:21
    which, you know, can be, is understandable
  • 10:21 - 10:23
    because they might be expecting
  • 10:23 - 10:26
    some memory setup from the early boot
  • 10:26 - 10:29
    that is not existent anymore,
  • 10:29 - 10:32
    but there are a bunch of modules that do work
  • 10:32 - 10:37
    such as system boot manager.
  • 10:37 - 10:40
    You can see that it prints out
    a bunch of stuff,
  • 10:40 - 10:44
    version information, copyright information,
  • 10:44 - 10:46
    then it requests a protocol,
  • 10:46 - 10:48
    this protocol has a GUID that is specified
  • 10:48 - 10:50
    by the EFI specification,
  • 10:50 - 10:53
    so we can interpret that GUID
  • 10:53 - 10:56
    and then it calls some stub functions
  • 10:56 - 10:58
    that we have not implemented
  • 10:58 - 10:59
    and then afterwards,
  • 10:59 - 11:00
    it installs its own protocol,
  • 11:00 - 11:02
    which is also a protocol specified
  • 11:02 - 11:07
    by the EFI specification.
  • 11:07 - 11:08
    Another interesting module
  • 11:08 - 11:12
    is the system splash module,
  • 11:12 - 11:16
    which we see over here.
  • 11:16 - 11:19
    As you can see, it actually requests
  • 11:19 - 11:21
    a bunch of protocols that are not implemented
  • 11:21 - 11:23
    by efiperun and you will see
  • 11:23 - 11:25
    it will automatically generate
  • 11:25 - 11:28
    a dummy interface for that purpose.
  • 11:28 - 11:31
    And then you will see that it calls
  • 11:31 - 11:32
    a function in this dummy interface
  • 11:32 - 11:34
    that was created here,
  • 11:34 - 11:36
    namely function number 2,
  • 11:36 - 11:40
    and because we are unable to handle this function
  • 11:40 - 11:43
    we just abort.
  • 11:43 - 11:46
    Okay, so now that I've shown you
  • 11:46 - 11:49
    that we can run these different modules,
  • 11:49 - 11:50
    we really need to get started with
  • 11:50 - 11:52
    the reverse-engineering of my BIOS
  • 11:52 - 11:54
    to figure how to turn those 64 characters
  • 11:54 - 11:57
    into 32 bytes.
  • 11:57 - 12:00
    You might remember this picture
    from slide 2.
  • 12:00 - 12:02
    You can see that there's a little graphic
  • 12:02 - 12:04
    displayed in the password prompt.
  • 12:04 - 12:05
    So this graphic needs to be stored
  • 12:05 - 12:06
    somewhere in the BIOS,
  • 12:06 - 12:08
    and it needs to be coded to display
  • 12:08 - 12:12
    this graphic to the user at some point.
  • 12:12 - 12:14
    So, let's take a look at the different modules
  • 12:14 - 12:15
    that might have something to do with images
  • 12:15 - 12:18
    and graphics and things like that.
  • 12:18 - 12:20
    Turns out there's only 4 of the 281
  • 12:20 - 12:22
    that have a file names that seems to correspond
  • 12:22 - 12:24
    to something with graphics or images.
  • 12:24 - 12:28
    And if this, the first module is called
  • 12:28 - 12:30
    by another module,
  • 12:30 - 12:32
    which is Lenovo prompt service.
  • 12:32 - 12:34
    And Lenovo prompt service contains
  • 12:34 - 12:36
    in one of its data sections,
  • 12:36 - 12:38
    this image over here.
  • 12:38 - 12:40
    So now we know that we've found something
  • 12:40 - 12:45
    that has to do with the password prompt.
  • 12:45 - 12:47
    This prompt module is called by only one
  • 12:47 - 12:48
    other module, which is
  • 12:48 - 12:50
    the Lenovo password CP module,
  • 12:50 - 12:51
    which probably means something like
  • 12:51 - 12:56
    password control panel or something like that.
  • 12:56 - 12:57
    The password CP module also calls
  • 12:57 - 13:00
    into 3 other modules, namely
  • 13:00 - 13:02
    the sound service module, presumably to
  • 13:02 - 13:04
    play beeps if the user does something wrong
  • 13:04 - 13:06
    while entering the password,
  • 13:06 - 13:08
    the translate service module, which is used
  • 13:08 - 13:10
    to translate characters,
  • 13:10 - 13:12
    which I've reverse-engineered,
  • 13:12 - 13:16
    I've figured out that it's used to translate
  • 13:16 - 13:20
    ascii characters back into keyboard scan codes.
  • 13:20 - 13:22
    Keyboard scan codes are codes that are assigned
  • 13:22 - 13:24
    to each different key on your keyboard.
  • 13:24 - 13:26
    It's the way the hardware keyboard
  • 13:26 - 13:30
    communicates with your computer.
  • 13:30 - 13:32
    And then there's the Lenovo crypt service
    module,
  • 13:32 - 13:34
    which turns out to be
  • 13:34 - 13:37
    standard SHA-256 hash function.
  • 13:40 - 13:42
    Right, so let's see and have a demo,
  • 13:42 - 13:44
    in which we are going to call
  • 13:44 - 13:45
    one of the functions in
  • 13:45 - 13:48
    this Lenovo password CP module.
  • 13:54 - 13:58
    So, efiperun allows you to write code
  • 13:58 - 14:00
    to interact with the EFI modules
  • 14:00 - 14:03
    that are loaded at runtime.
  • 14:03 - 14:05
    Here I've written this Lenovo-specific
  • 14:05 - 14:07
    debug module and you can specify
  • 14:07 - 14:10
    two functions that will be called.
  • 14:10 - 14:12
    The first function in it will be called
  • 14:12 - 14:15
    before all the EFI modules are loaded,
  • 14:15 - 14:17
    the second function will be called after
  • 14:17 - 14:19
    all the EFI functions are loaded.
  • 14:19 - 14:20
    So in this case, we'll first call
  • 14:20 - 14:22
    the install something function, and then
  • 14:22 - 14:24
    call, after loading the EFI modules,
  • 14:24 - 14:27
    the call something function.
  • 14:27 - 14:31
    The install function installs a stub
  • 14:31 - 14:34
    Lenovo crypt service protocol.
  • 14:34 - 14:36
    This is necessary because the standard
  • 14:36 - 14:37
    Lenovo crypt service calls into system
  • 14:37 - 14:39
    management mode to do the hashing,
  • 14:39 - 14:41
    which is currently not possible from
  • 14:41 - 14:44
    Linux userspace.
  • 14:44 - 14:48
    The second function,
    call_LenovoPasswordCp_8cc,
  • 14:48 - 14:51
    will determine the address of the function
  • 14:51 - 14:52
    in the Lenovo password CP module
  • 14:52 - 14:55
    at offset 8cc and then call it.
  • 14:55 - 14:57
    It will take two parameters, in and out.
  • 14:57 - 15:01
    In will use this unicode string, my password,
  • 15:01 - 15:02
    and for the output,
  • 15:02 - 15:06
    we'll just pass this array buffer.
  • 15:07 - 15:10
    Then we'll just print the output
  • 15:10 - 15:13
    of the buffer after calling the function.
  • 15:30 - 15:32
    So, as you can see here,
  • 15:32 - 15:34
    the Lenovo translate service module
  • 15:34 - 15:37
    installs this protocol E3AB-etc.
  • 15:37 - 15:39
    and then later Lenovo password CP module
  • 15:39 - 15:43
    requests the same protocol E3AB-etc.
  • 15:43 - 15:46
    Also, you will see that
  • 15:46 - 15:48
    the Lenovo password CP module
  • 15:48 - 15:52
    requests the protocol C73E4-etc.
  • 15:52 - 15:54
    which is the Lenovo crypt service protocol
  • 15:54 - 15:56
    that we installed earlier.
  • 15:56 - 15:58
    Then it does a bunch of memory operations,
  • 15:58 - 16:00
    and at the end, we get the output.
  • 16:00 - 16:02
    So I reverse-engineered this function
  • 16:02 - 16:08
    at offset 8cc, and it turns out that
  • 16:08 - 16:10
    it is, in fact, the following function:
  • 16:10 - 16:13
    it takes the input password and
  • 16:13 - 16:15
    converts it into scan codes,
  • 16:20 - 16:26
    and then it pads it to 64 characters,
  • 16:26 - 16:30
    and then it takes a SHA-256 hash
  • 16:30 - 16:34
    and then it displays the first half of that.
  • 16:37 - 16:40
    Alright, here we go, so...
  • 16:40 - 16:46
    applause
  • 16:46 - 16:47
    We have reverse-engineered to
  • 16:47 - 16:51
    the first half of the password algorithm.
  • 16:51 - 16:53
    Took me about three weeks to decode
  • 16:53 - 16:55
    the entire algorithm,
  • 16:55 - 16:58
    and here it is.
  • 16:58 - 16:59
    So this is the hash that we just saw
  • 16:59 - 17:02
    of the password, and then this hash is
  • 17:02 - 17:04
    concatenated with the serial number and
  • 17:04 - 17:06
    model number of the hard drive.
  • 17:06 - 17:09
    That all is then hashed again,
  • 17:09 - 17:12
    and that is then passed to the SATA drive
  • 17:12 - 17:14
    over the ATA protocol.
  • 17:14 - 17:15
    Now this is actually quite a good idea
  • 17:15 - 17:18
    because it means that if you sniff
  • 17:18 - 17:21
    the password on the SATA bus
  • 17:21 - 17:23
    you will only be able to then later
  • 17:23 - 17:24
    unlock the same drive.
  • 17:24 - 17:25
    Because other drives, even though
  • 17:25 - 17:27
    they might be using the same password,
  • 17:27 - 17:28
    will have a different serial number
  • 17:28 - 17:30
    and model number.
  • 17:30 - 17:33
    So this hash will not work for them.
  • 17:33 - 17:36
    Unfortunately, the algorithm is
  • 17:36 - 17:41
    a little more complex than this.
  • 17:41 - 17:43
    The password hash, as I said, actually
  • 17:43 - 17:45
    uses the scan codes of the password, which
  • 17:45 - 17:47
    means that there is no distinguishing in
  • 17:47 - 17:49
    case of the letters.
  • 17:49 - 17:52
    Also, after hashing it, it truncates it
  • 17:52 - 17:54
    to only 12 bytes. Which means that
  • 17:54 - 17:57
    there's a maximum of 96 bits of entropy
  • 17:57 - 18:00
    in this password hash.
  • 18:00 - 18:02
    This is quite unfortunate.
  • 18:02 - 18:05
    But most human passwords have less than
  • 18:05 - 18:08
    96 bits of entropy to start with,
  • 18:08 - 18:12
    so it's probably not that big of a deal.
  • 18:12 - 18:15
    Okay, then again this part of the hash is
  • 18:15 - 18:17
    concatenated with the serial number
  • 18:17 - 18:18
    and the model number,
  • 18:18 - 18:19
    except the bytes are swapped.
  • 18:19 - 18:22
    And I really can't figure out why
  • 18:22 - 18:23
    the bytes are swapped here.
  • 18:23 - 18:25
    But it probably has to do something with
  • 18:25 - 18:28
    the fact that the ATA protocol uses
  • 18:28 - 18:30
    16-bit words while this model number and
  • 18:30 - 18:33
    serial number are 8-bit character strings.
  • 18:33 - 18:35
    So maybe they did some endianness mess-up
  • 18:35 - 18:37
    or something like that.
  • 18:37 - 18:41
    Alright, so in this talk, I've shown you
  • 18:41 - 18:44
    how you too can reverse-engineer UEFI
  • 18:44 - 18:45
    with some tools that you can use
  • 18:45 - 18:47
    in this including the efiperun tool
  • 18:47 - 18:49
    which allows you to run EFI modules
  • 18:49 - 18:51
    in linux userspace.
  • 18:51 - 18:53
    The code of this is of course available
  • 18:53 - 18:55
    under GPL license on github,
  • 18:55 - 18:56
    and if you want to read about
  • 18:56 - 18:58
    the second part of reverse-engineering
  • 18:58 - 18:59
    the algorithm, you can find more
  • 18:59 - 19:01
    information on my blog.
  • 19:01 - 19:03
    Thank you very much.
  • 19:03 - 19:12
    applause
  • 19:12 - 19:15
    H: So, thank you, Jethro, and we have
  • 19:15 - 19:17
    more than ten minutes' time for Q&A.
  • 19:17 - 19:19
    Is there a question from the Internet,
  • 19:19 - 19:21
    signal angel?
  • 19:21 - 19:23
    Signal: Not right now.
  • 19:23 - 19:24
    H: And do we have questions
  • 19:24 - 19:25
    from the audience?
  • 19:25 - 19:31
    Please line up at the microphones.
  • 19:31 - 19:35
    Then we'll start with microphone 2, please.
  • 19:35 - 19:38
    Q: Thanks a lot for making your tools available,
  • 19:38 - 19:39
    as someone else who does a lot of
  • 19:39 - 19:42
    UEFI reversing, I've been through similar
  • 19:42 - 19:45
    rabbit holes of trying to track this down.
  • 19:45 - 19:47
    You mentioned that SMM is not supported
  • 19:47 - 19:49
    and I assumed also the real mode
  • 19:49 - 19:51
    in the transition into long mode
  • 19:51 - 19:52
    is not supported.
  • 19:52 - 19:54
    Is that on your roadmap or something,
  • 19:54 - 19:56
    that you're interested in continuing
  • 19:56 - 19:57
    development on?
  • 19:57 - 20:00
    A: Yeah, I'm interested in it, but
  • 20:00 - 20:02
    I'm not quite sure how to do it,
  • 20:02 - 20:06
    especially calling into
    system management mode,
  • 20:06 - 20:07
    protected mode should probably,
  • 20:07 - 20:09
    you know, also be possible,
  • 20:09 - 20:11
    but currently I'm also doing 64-bit mode
  • 20:11 - 20:15
    but, yeah, if anyone wants to help me
  • 20:15 - 20:24
    implement it, obviously I welcome your support.
  • 20:24 - 20:25
    H: Okay, and from the Internet, please.
  • 20:25 - 20:27
    Q: Yes. The Internet wants to know
  • 20:27 - 20:33
    what is the advantage of UEFI
    compared to coreboot?
  • 20:33 - 20:33
    A: I'm sorry, I didn't...
  • 20:33 - 20:35
    Q: The Internet wants to know
  • 20:35 - 20:38
    what is the advantage of UEFI compared
  • 20:38 - 20:40
    with coreboot, for example?
  • 20:40 - 20:42
    A: The advantage of UEFI compared to what?
  • 20:42 - 20:45
    Q: To coreboot, coreboot, this open source
  • 20:45 - 20:46
    BIOS replacement.
  • 20:46 - 20:48
    A: Oh okay. coreboot is UEFI,
  • 20:48 - 20:50
    coreboot is Intel's open source
  • 20:50 - 20:51
    implementation of UEFI.
  • 20:51 - 20:54
    Q: Actually, well, actually it's not.
  • 20:54 - 20:56
    A: Oh, it's not, no, that's tianocore,
  • 20:56 - 21:00
    you're right.
  • 21:00 - 21:03
    The only advantage is,
  • 21:03 - 21:05
    I don't know what the advantage is,
  • 21:05 - 21:07
    this is just what's supported on my laptop.
  • 21:07 - 21:09
    So that's what I was interested in.
  • 21:09 - 21:15
    laughter, applause
  • 21:15 - 21:18
    H: Okay. Microphone 3, please.
  • 21:18 - 21:20
    Q: Hi. Thank you for your talk.
  • 21:20 - 21:21
    Have you looked at any other firmware
  • 21:21 - 21:25
    besides your Lenovo?
  • 21:25 - 21:28
    A: I've not personally, but
  • 21:28 - 21:33
    I know other people have.
  • 21:33 - 21:35
    H: Okay. 4, please.
  • 21:35 - 21:37
    Q: Thank you for the talk. How did you
  • 21:37 - 21:42
    come out how to get the password, the hash
  • 21:42 - 21:48
    with the combination of the serial number
  • 21:48 - 21:50
    and the module number?
  • 21:50 - 21:53
    A: So, the full details of this
  • 21:53 - 21:56
    are in my blog post, but in short,
  • 21:56 - 21:59
    there is a EFI protocol for talking
  • 21:59 - 22:01
    to the hard drive, which is
  • 22:01 - 22:02
    the ATA support protocol,
  • 22:02 - 22:04
    if I remember correctly,
  • 22:04 - 22:06
    there's a special module,
  • 22:06 - 22:07
    there are only a few modules,
  • 22:07 - 22:09
    that invoke this protocol,
  • 22:09 - 22:12
    so I just disassembled those, and looked
  • 22:12 - 22:13
    at what they did, and what commands
  • 22:13 - 22:15
    they sent to the ATA drive.
  • 22:15 - 22:17
    Q: Thank you.
  • 22:17 - 22:19
    H: And there is another question
    from the chat.
  • 22:19 - 22:22
    Q: Yes. The chat wants to know if you found
  • 22:22 - 22:25
    any other unexpected bugs and
  • 22:25 - 22:29
    if it is possible to check UEFI code,
  • 22:29 - 22:31
    for example, when running it with valgrind
  • 22:31 - 22:35
    or something.
  • 22:35 - 22:37
    A: I've not really run into any other
  • 22:37 - 22:39
    unexpected bugs, but I must say I also
  • 22:39 - 22:42
    really wasn't looking for them.
  • 22:42 - 22:44
    H: Okay. 2, please.
  • 22:44 - 22:49
    Q: I have little understanding of EFI, but
  • 22:49 - 22:55
    I had the idea to look into trying to get
  • 22:55 - 23:01
    boot ROMs from PC graphic cards
  • 23:01 - 23:04
    to be running on a MacOS computer,
  • 23:04 - 23:10
    old Mac Pros when they
    still were having cards,
  • 23:10 - 23:12
    and I was wondering,
    I wanted to figure out...
  • 23:12 - 23:16
    these cards run, apparently, the old BIOS,
  • 23:16 - 23:19
    real mode, and I wanted to figure out
  • 23:19 - 23:23
    if I can write a stub that gets loaded
  • 23:23 - 23:27
    by the EFI system and then that...
  • 23:27 - 23:31
    my code would then invoke
    the initialization boot ROM
  • 23:31 - 23:34
    for the graphics card
    and provide the functions.
  • 23:34 - 23:38
    Would your toolset, would that help me in
  • 23:38 - 23:41
    tracing that while my Mac is running,
  • 23:41 - 23:43
    because I can't do it while it's booting?
  • 23:43 - 23:48
    A: I don't... it sounds like a,
    quite a complex setup,
  • 23:48 - 23:50
    I think it would be possible to write
  • 23:50 - 23:52
    an EFI module to do what you're saying,
  • 23:52 - 23:53
    but I'm not sure if you'll be able
  • 23:53 - 23:57
    to run that while your operating system
    is also running.
  • 23:57 - 24:02
    So... I'm not sure, I'll have to talk more
  • 24:02 - 24:06
    offline to discuss your specific situation.
  • 24:06 - 24:08
    H: Okay, and microphone 3, please.
  • 24:08 - 24:16
    Q: Hi. Have you looked into using
    SerialICE for emulation of the UEFI
  • 24:16 - 24:23
    which is essentially qemu but it has,
    does forward all of the hardware accesses
  • 24:23 - 24:26
    to real hardware, so you can just trace it
  • 24:26 - 24:30
    and run arbitrary BIOS or UEFI code in it?
  • 24:30 - 24:31
    A: I've not looked into that, but that
  • 24:31 - 24:34
    sounds a very interesting
    avenue to explore.
  • 24:34 - 24:36
    Q: Thank you.
  • 24:36 - 24:38
    H: Okay. I see no more questions.
  • 24:38 - 24:40
    Thank you to our speaker.
  • 24:40 - 24:41
    applause
  • 24:41 - 24:53
    subtitles created by c3subtitles.de
    Join, and help us!
Title:
Jethro Beekman: Reversing UEFI by execution
Description:

This talk will be an overview of how to reverse-engineer Unified Extensible Firmware Interface (UEFI) firmware, the replacement for BIOS. Various useful tools will be discussed, including those written by the presenter and those written by others. One of the highlights will be a tool that enables running parts of the firmware in userspace on a standard Operating System.

Jethro Beekman

more » « less
Video Language:
English
Duration:
24:53

English subtitles

Revisions