![]() ![]() Thankfully, Nikolaj pointed me at a current script that works at least for my E6510 laptop - which by the way also has CompuTrace. Some old extraction instructions exist, but they are out of date. ASUS and Intel both do that, but for instance Dell devices will provide the firmware upgrade only as a Windows (or DOS) executable. Unfortunately this only works for manufacturers that provide raw firmware updates right now. The information that VirusTotal provides (or to be precise the tools behind it) include information about certificates, which for instance told me that my home PC would allow me to install Ubuntu under SecureBoot, since the Canonical certificate is present - or, according to Matthew Garrett, it will allow an Ubuntu signed bootloaded to boot just about anything defeating SecureBoot altogether. This tool is very interesting under many different point of views, because not only it will (maybe in due time, as firmware behaviour analysis improves) provide information about possibly-known malware (such as CompuTrace) in a firmware upgrade, before you apply it, but even before you even buy the computer.Īnd this is not just about malware. On the other hand, sticking with ASUS, my ZenBook shows in its report the presence of CompuTrace - luckily for me I don’t run this on Windows. They are pretty good but since this is still in the early stages, there are still a few things to iron out.įor instance, when I first scanned the firmware of my home PC it was reported with a clearly marker of malware, which made me suspicious – and indeed got ASUS to take notice and look into it themselves – but it looks like it was a problem with parsing the file, Teddy’s looking into it. The core of this implementation leverages two open-source tools: uefi_firmware by Teddy himself, and UEFITool by Nikolaj Schlej. The video will be available at some point, it talks in details about osquery (which I’d like to package for Gentoo), but also has a lower-key announcement of something I found very interesting: VirusTotal is now (mostly) capable of scanning firmware images of various motherboard manufacturers. ![]() ![]() Teddy Reed talked about firmware security, in particular based on pre-boot EFI services. Thanks for everything.ĮDIT: So after studying the firmware volume structure you are correct.Again posting about the Enigma conference. ![]() Noticed though you left the ‘Size’ property on Treemodel not finished though and I successfully was able to finish that part up such that you can tell how big each module is by accessing its size property. In matter of fact in one case after adding three ffs files I ended up with more free space than I had before! So fwiw I have QT framework setup and having fun experimenting making modifications here or there. Finding that its not black and while or cut in stone. So basically I’m trying to modify the utility to estimate how much compressing of non essential files based on free space on the volume. I have made note that their parent volume has for example eb5000 bytes which is like 15421440 decimal bytes and looped through each one and summed up all their bytes to equal 15415558 bytes which is like 5882 bytes free which leaves no room to add a 20k module you would think but what your telling me is your code grows the size of the parent volume to make room for the inclusion of the added files? Therefor why does MmTool not allow adding extra modules that UEFItool or commandline utilities based on your code allow? For example there are like 200 some firmware ffs files within the main volume. Thanks been studying that code and trying to get a better understanding. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |