36C3 - Intel Management Engine deep dive
https://media.ccc.de/v/36c3-10694-intel_management_engine_deep_dive
Understanding the ME at the OS and hardware level
Reverse engineering a system on a chip from sparse documentation and binaries, developing an emulator from it and gathering the knowledge needed to develop a replacement for one of the more controversial binary blobs in the modern PC.
The Intel Management Engine, a secondary computer system embedded
in modern chipsets, has long been considered a security risk
because of its black-box nature and high privileges within the
system. The last few years have seen increasing amounts of
research into the ME and several vulnerabilities have been found.
Although limited details were published about these vulnerabilities,
reproducing exploits has been hard because of the limited information
available on the platform.
The ME firmware is the root of trust for the fTPM, Intel Boot Guard
and several other platform security features, controlling it allows
overriding manufacturer firmware signing, and allows implementing
many background management features.
I have spent most of past year reverse engineering the OS, hardware
and links to the host (main CPU) system. This research has led me
to create custom tools for manipulating firmware images, to write
an emulator for running ME firmware modules under controlled
circumstances and allowed me to replicate an unpublished exploit to
gain code execution.
In this talk I will share the knowledge I have gathered so far, document
my methods and also explain how to go about a similar project.
I also plan to discuss the possibility of an open source replacement
firmware for the Management Engine.
The information in this talk covers ME version 11.x, which is found in 6th and 7th generation chipsets (Skylake/Kabylake era), most of the hardware related information is also relevant for newer chipsets.
Peter Bosch
https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10694.html
Видео 36C3 - Intel Management Engine deep dive канала media.ccc.de
Understanding the ME at the OS and hardware level
Reverse engineering a system on a chip from sparse documentation and binaries, developing an emulator from it and gathering the knowledge needed to develop a replacement for one of the more controversial binary blobs in the modern PC.
The Intel Management Engine, a secondary computer system embedded
in modern chipsets, has long been considered a security risk
because of its black-box nature and high privileges within the
system. The last few years have seen increasing amounts of
research into the ME and several vulnerabilities have been found.
Although limited details were published about these vulnerabilities,
reproducing exploits has been hard because of the limited information
available on the platform.
The ME firmware is the root of trust for the fTPM, Intel Boot Guard
and several other platform security features, controlling it allows
overriding manufacturer firmware signing, and allows implementing
many background management features.
I have spent most of past year reverse engineering the OS, hardware
and links to the host (main CPU) system. This research has led me
to create custom tools for manipulating firmware images, to write
an emulator for running ME firmware modules under controlled
circumstances and allowed me to replicate an unpublished exploit to
gain code execution.
In this talk I will share the knowledge I have gathered so far, document
my methods and also explain how to go about a similar project.
I also plan to discuss the possibility of an open source replacement
firmware for the Management Engine.
The information in this talk covers ME version 11.x, which is found in 6th and 7th generation chipsets (Skylake/Kabylake era), most of the hardware related information is also relevant for newer chipsets.
Peter Bosch
https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10694.html
Видео 36C3 - Intel Management Engine deep dive канала media.ccc.de
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
Sysdig Technical Deep Dive: From Wireshark to SysdigFirmware security, why it matters and how you can have itDEF CON 26 HARDWARE HACKING VILLAGE - Brian Milliron - Disabling Intel ME in FirmwareSoftware Defined Emissions (33c3)36C3 - Boeing 737MAX: Automated CrashesThe Ultimate Game Boy Talk (33c3)36C3 - From Managerial Feudalism to the Revolt of the Caring Classes35C3 - The Ghost in the MachineFast Inverse Square Root — A Quake III AlgorithmSpyware at The Hardware Level - Intel ME & AMD PSP36C3 ChaosWest: Look at ME! - Intel ME Investigation36C3 - Hacker JeopardyPerchè il PC si spegne ogni 30 minuti? - Intel Management Engine FailExplaining PCIe SlotsModern Science's Most Incredible Inventors | Tesla's Children | Spark36C3 - Thrust is not an Option: How to get to Mars really slowDIY: Disabling Intel ME 'Backdoor' on your Computer“Un-patchable” New Intel CPU Flaw!Things you can make from old, dead laptopsHow to Hack a Turned-Off Computer, or Running Unsigned Code in Intel Management Engine