BIOS Disassembly Ninjutsu Uncovered (Uncovered series)

BIOS Disassembly Ninjutsu Uncovered (Uncovered series)

Language: English

Pages: 450

ISBN: 1931769605

Format: PDF / Kindle (mobi) / ePub

Explaining security vulnerabilities, possible exploitation scenarios, and prevention in a systematic manner, this guide to BIOS exploitation describes the reverse-engineering techniques used to gather information from BIOS and expansion ROMs. SMBIOS/DMI exploitation techniques—including BIOS rootkits and computer defense—and the exploitation of embedded x86 BIOS are also covered.

A Practical Guide to SysML: The Systems Modeling Language

Haptics: Generating and Perceiving Tangible Sensations: International Conference, EuroHaptics 2010, Amsterdam, July 2010, Proceedings Part 2











..--------or-, ~~,.aC------------------------.----------.- frOD I r ._ ....... : h"l -J:oJer shculd define an environment. _ ••. E: • 'Tar. It·~ Ih:.. eo! X:: x: :. tIL. I nlin~ .I. ~ t ( "1 51.a,· nt. ,J:;;. "il., e~ ~. ~ . :t'"'."t, va); va end ',1.1 ; rec:urr, ill . The msg function is useful as a debugging aid while developing the IDA Pro plugin. To do so, you can log plugin-rclated messages in the IDA Pro message pane with this function. Experienced CIC++ programmers.

X86 kiosks has raised interest in BIOS reverse engineering and modification. In the coming years, these techniques will become even more important as state·of·the·art bus protocols delegate a lot of their initialization task to firmware, i.e., the BIOS. Thus, by understanding the techniques, you can dig into the relevant firmware codes and understand the implementation of those protocols within the BIOS binary. The main purpose of the BIOS is to initialize the system into an execution envi·.

Push EOOO:5703 EOOO:5703 FOOO:5706 push cs offset continue offset sub 1000 4006 jmp far ptr EOOO : 570B EOOO : 570B ------------------------------------------------------------- push - - loc 1000 9 EOOO:570B t.:oflLlnue: F.OOO: 570R call suh EOOO 0048 ~000 :570;; call sub ;;000 U050 EOOO : 5711 retn EOOO: 5711 ,ub_EOOO_56FF ~1".Ip . .. .. .. .. 10UO : 000~ 1000 : 0009 1000 : 000C 1000 : 0000 1000 : 000E 1000:000F 1000 : 0011 1000:0014 1000 : 0017 1000 : 001A 1000:001C 1000 :.

To find some routine within the system 1lI0S or wish to know more about the overall Award BIOS version 6.00PG code, follow the POST jump table execution to find the intended target. It's only necessary if you don't know the "binary signature" of the target routine in advance. If the hinary signaturt! is known, you can directly scan the target binary to find the routine. I delve more into tllis issue in the BIOS modification chapter. 5.2. AMI BIOS In this section, I dissect a sample AMI BIOS.

Must be noted that motherboa rd and add-in cards are not the only ones that possess firmware. HDDs and CD-ROM drives also possess firmware. The firmware is used to control the physical devices within those drives and to communicate with the rest of the system. However, those kinds of firmware arc not considered in this book. They are mentioned here just to ensure that you arc aware of their existence. I Ev:mtcd in place means executed from the ROM chip in the expansion card. 14 • Part I: The.

Download sample