12
返回列表 发新帖
楼主: huangsijun17
收起左侧

[可疑文件] AMD主板BIOS解锁程序

[复制链接]
AlphaRabbit
头像被屏蔽
发表于 2022-11-7 12:17:18 | 显示全部楼层
本帖最后由 AlphaRabbit 于 2022-11-7 12:18 编辑
wowocock 发表于 2022-11-7 10:03
BOOTLOADER虽然没签名,但在不开SECURE BOOT的机器上,可被利用来加载恶意模块,从而实现UEFI BOOTKIT.

我的电脑没开安全启动,但是有TPM+Bitlocker(需要输入PIN),所以这类UEFI Bootkit对我无效。
tdsskiller
发表于 2022-11-7 14:56:38 | 显示全部楼层
AlphaRabbit 发表于 2022-11-7 12:17
我的电脑没开安全启动,但是有TPM+Bitlocker(需要输入PIN),所以这类UEFI Bootkit对我无效。

现在Secureboot老外乱穿,因为公开了不少微软自身的boot 0day……为什么公开了,貌似是现在的tpm可以甚至让你急救盘都启动不起来,所以secureboot穿不穿透已经无所谓了
tdsskiller
发表于 2022-11-7 14:58:24 | 显示全部楼层
本帖最后由 tdsskiller 于 2022-11-7 15:02 编辑
AlphaRabbit 发表于 2022-11-7 12:17
我的电脑没开安全启动,但是有TPM+Bitlocker(需要输入PIN),所以这类UEFI Bootkit对我无效。

baton drop (CVE-2022-21894): Secure Boot Security Feature Bypass Vulnerability
Windows Boot Applications allow the truncatememory setting to remove blocks of memory containing "persistent" ranges of serialised data from the memory map, leading to Secure Boot bypass.
  • The truncatememory BCD element will remove all memory above a specified physical address from the memory map.
  • This is performed for each boot application during initialisation, before the serialised Secure Boot policy is read from memory.
  • Therefore, such an element can be used to remove the serialised Secure Boot policy from the memory map.
  • This will allow dangerous settings to be used in a boot application (bootdebug, testsigning, nointegritychecks), thus breaking Secure Boot.
This issue was fixed by two different changes:
  • After attempting to load a serialised Secure Boot policy, if no policy was loaded, and Secure Boot is enabled, and the boot application was not loaded directly by UEFI firmware, and the boot application is not bootmgr, boot application initialisation fails.
  • When loading a boot application, if it has a VERSIONINFO resource containing an OriginalFilename, if that filename is included in a blocklist (containing bootmgr.exe and hvloader.exe; in Nickel, hvloader.efi was added but this did not get backported), the load fails.
    • In Windows 8 and Windows 8.1, hvloader.exe is not included in winload's blocklist - it originally was, which broke Hyper-V loading!
    • Since Windows 10 version 1809, if a certain flags bit is set (used with flightedbootmgr element to load bootmgr from disk), the OriginalFilename is required to be bootmgr.exe.

[color=var(--color-accent-fg)]Exploitation
The attacker needs to ensure the serialised Secure Boot Policy is allocated above a known physical address.
  • By default, it is allocated at the lowest possible address.
  • Originally, the serialised Secure Boot Policy gets allocated after it is loaded, before using any configuration loaded from the BCD.
    • Since RS1, the serialised Secure Boot Policy gets allocated when loading a boot application.
    • Since RS2, any existing serialised Secure Boot Policy gets freed when serialising a Secure Boot Policy.
  • The serialised Secure Boot Policy gets reallocated if, when loading a boot application, the BCD entry's osdevice is a BitLocker-encrypted partition where the VMK was derived using the TPM.
    • This can be faked by setting bit 0 of the key flags after successful TPM unsealing; this bit can be set manually in the BitLocker metadata, with additional metadata added to specify Secure Boot being used for integrity validation.

The avoidlowmemory element can be used to ensure all allocations of physical memory are above a specified physical address:
  • Since Windows 10, this element is disallowed if VBS is enabled, but as it is used during boot application initialisation, before the serialised Secure Boot policy is read from memory, loading bootmgr and specifying a custom BCD path (using bcdfilepath element aka custom:22000023) can be used to bypass this.
  • If BitLocker is present on the OS volume, or the target system is running TH1 or TH2, then this method will fail; it is therefore also possible to run the attack once with a Windows 8.x bootmgr to disable VBS and then swap back to the original bootloader.
    • Windows 10 changed boot application initialisation to cap all TPM PCRs once, so a Windows 8.x bootmgr will fail to unseal the VMK on a Windows 10+ system.

hvloader.efi can be loaded with the nointegritychecks element to load a self-signed mcupdate.dll, whose entry point will be called before ExitBootServices.
Alternatively, on non-AMD64 systems, winload.efi before TH2 can be used with the testsigning element; this allows self-signed binaries with the szOID_NT5_CRYPTO EKU in the certificate.
On ARMv7 systems, loading a patched self-signed hal.dll with an import to mcupdate.dll will be necessary to get code execution.
On x86 and AMD64 systems, the file loaded as mcupdate.dll must be named mcupdate_*.dll, where * is the CPUID manufacturer string (GenuineIntel, AuthenticAMD etc).
On ARM64 systems, this technique cannot be used due to the earliest available production signed build being a WinPE of RS2; thus currently only tethered code execution can be performed (using bootdebug).
[color=var(--color-accent-fg)]Included files
This repository includes the following files:
  • Source code for a simple payload is provided. This payload just waits for an interrupt infinitely, as without finding interesting functions and variables in the calling boot application, it is impossible to do anything else.
    • Because mcupdate.dll runs at a virtual address with paging enabled, it is impossible to call EFI functions directly (paging needs to be disabled to call EFI functions, returning to a virtual address with paging off does not lead to a good time).
    • To call EFI functions, a payload would need to call BlImgLoadPEImageEx or BlImgLoadPEImageFromSourceBuffer with bit 0 set in the flags to load an additional payload at a 1:1 physical address-virtual address mapping.
      • Alternatively, it can call BlImgAllocateImageBuffer with the same bit set to allocate memory at a 1:1 physical address-virtual address mapping; then load a payload itself (or remap itself there).

  • An ISO that exploits this issue on AMD64 using the bootmG{过}F{滤}W from Windows 8 RTM and the hvloader from TH1 RTM.
    • The payload used here prints a message to the screen by using a function from hvloader obtained by offset and then infinite loops.
  • An ISO that exploits this issue on AMD64 using bootmgr from RS1 and the hvloader from TH1 RTM.
  • An ISO that exploits this issue on AMD64 using bootmgr version 19041.1081 and the hvloader from TH1 RTM.
[color=var(--color-accent-fg)]Postscript
This issue can be used to dump BitLocker keys (where Secure Boot is used for integrity validation).
  • Although it is possible, the exact method of getting code execution with derived BitLocker keys for an arbitrary volume in memory will not be disclosed.
The fix for this issue also fixed another issue which has no CVE.
  • bootmgr ignores any BitLocker keytable already in memory and allocates a new one, without wiping the old one.
    • Therefore, an attacker could load RS2+ bootmgr from bootmgr (specifying an arbitrary osdevice where Secure Boot is used for integrity validation), boot to WinPE, load a known vulnerable driver, and use it to search for and dump the existing BitLocker keytable in physical memory.

No known vulnerable boot application has been revoked yet.
  • Until revocation happens, an attacker can just bring their own vulnerable bootloader(s).
  • Revocation would cause all existing Windows installation/recovery media, and old backups, to fail to boot.
    • Boot failure would occur even with Secure Boot disabled due to bootmgr checking its own signature.


本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
tdsskiller
发表于 2022-11-7 16:59:59 | 显示全部楼层
本帖最后由 tdsskiller 于 2022-11-7 17:01 编辑
AlphaRabbit 发表于 2022-11-7 12:17
我的电脑没开安全启动,但是有TPM+Bitlocker(需要输入PIN),所以这类UEFI Bootkit对我无效。

这类微软自己的漏洞bootloader貌似是能实现偷走你的Bitlocker key的,至于具体情况你得问问wowocock
我估计以后微软可能不会让老版本的任何bootloader通过启动认证,无论任何急救盘,还是系统恢复的boot都要全部禁掉
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-11-2 22:25 , Processed in 0.104541 second(s), 19 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表