@Rairii@haqueers.com
@Rairii@haqueers.com avatar

Rairii

@Rairii@haqueers.com

Reversing (malware and otherwise); appsec and websec; embedded security; exploit dev; software preservationist; knows how not to use cryptography.

Currently finding bugs in Windows bootloaders.

You may also know me from capcom.sys.

#nobot

This profile is from a federated server and may be incomplete. Browse more on the original instance.

Rairii, to random
@Rairii@haqueers.com avatar

due to the admin of this server being out of contact for a few months, and the various mastodon security issues, i'm about to move servers.

see you on the akkoma side :)

Rairii, to random
@Rairii@haqueers.com avatar

i just found by a google search some old internal apple documentation about the OF ROM of the blue&white powermac G3

...it defines "MacOS-X" as: UNIX-based MacOS; think of it as "Mac OS NT".

it also mentions putting the macio MMIO physical address at 0x80800000 "to boot NT just in case" haha

it also mentions that OF's little endian mode "actually works in OF"

looking at the disassembly of the B&W's init code i have, it actually should work!

basically, when little-endian is set, after setting MSR[LE] it will set bit 5 (LE_MODE bit, turns on little endian) to PICR1, by using CONFIG_ADDR/CONFIG_DATA writes, and only uses every second instruction to do that (with each other instruction being a nop mainly) because of how MSR_LE works

in fact it seems the bootrom of every ppc mac after this has the exact same code, even those that use a different memory controller, no WONDER little-endian? is notorious for bricking lol

Rairii,
@Rairii@haqueers.com avatar

i think an error in that documentation is why the COFF with PE optional header loader stuck around, though:

it's described in the documentation as a PEF loader, the PPC classic mac os executable format!

ipg, to random
@ipg@wetdry.world avatar

at protocol is better than activitypub in a lot of important ways

Rairii,
@Rairii@haqueers.com avatar

@ipg it's also worse in other important ways

nano, to random
@nano@fedi.nano.lgbt avatar

HAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHA

RE: https://fedi.nano.lgbt/objects/62df3fad-2831-40d8-bfe2-6e98b4a6bf12

Rairii,
@Rairii@haqueers.com avatar

@nano people remote reporting server admins is one of the funniest parts of fedi imo

SwiftOnSecurity, to random

If your vendor has security issues and your executives care they can like… demand a meeting. Which is so executive-coded it works.
We did this to a vendor recently and got a groveling layout of internal strategy.
To be Executive you gotta act Executive. Executive decisions. Bam.

Rairii,
@Rairii@haqueers.com avatar

@SwiftOnSecurity so in this emergency meeting, who was sus

yassie_j, to random
@yassie_j@labyrinth.zone avatar

On this day, ten years ago (2014) I wrote:

Here's the deal: Apple sucks. Samsung sucks. Google sucks. Nokia sucks. Microsoft sucks. All of them fucking suck. Just buy a damn phone/tablet and shut up about it.

My opinion still hasn't changed it seems.

Rairii,
@Rairii@haqueers.com avatar

@yassie_j who doesn't

Rairii, to random
@Rairii@haqueers.com avatar

decided to throw securebootai.dll (from latest germanium build) into IDA, was not disappointed

there's a list of systems where db/dbx updates aren't attempted, that being:

  • any (amd64) apple system (those with secure boot just hardcodes db/dbx, without the ability to update it, right?)
  • fujitsu FJNBB38
  • a big list of HP systems: 83D5, 83DA, 83DD, 83E7, 83E8, 83E9, 8401, 8460, 8461, 8462, 8463, 8464, 8584, 8589, 8617, 8618, 8619, 8620, 869B, 86A3, 86A5, 86A8, 870B, 870C, 870F, 8710, 8711, 8712, 8713, 8714, 8715, 8717, 8718, 8719, 871A, 871B, 871C, 8723, 8724, 8725, 872B, 872C, 872D, 872E, 8736, 874D, 874E, 874F, 8750, 8751, 8752, 8753, 8754, 8755, 8760, 876D, 8779, 877D, 8780, 8783, 87EC, 880F, 8810, 882C, 882D, 8830, 8835, 8836, 885C, 887E
  • and any HP system where its custom protection against performing db/dbx updates is enabled

also:

the file doesn't exist right now, but there's code (behind a registry(?) flag) to apply "dbxupdate2024.bin", and debug strings imply that would revoke the PCA 2011 cert entirely!(GetSecureBootUpdateFilePathPCA2011RevokeDBX)

i expected that to be done, but only on new systems, fun (given that it's behind a flag it may well happen only on new systems)

Rairii,
@Rairii@haqueers.com avatar

@wolf480pl it's what all production windows binaries are (currently) signed by

Rairii,
@Rairii@haqueers.com avatar

@wolf480pl they've created a new set of certs

Rairii,
@Rairii@haqueers.com avatar

@wolf480pl well yes, that's what dbx is, to prevent old vulnerable binaries from running

Rairii,
@Rairii@haqueers.com avatar

@wolf480pl lack of dbx space and the creation of new certs made me expect this would happen, at least for new systems

Rairii,
@Rairii@haqueers.com avatar

@wolf480pl don't know yet.

Rairii,
@Rairii@haqueers.com avatar

@wolf480pl IF older systems get the cert revoked it should be able to be reverted in the uefi firmware setup, which has an option to revert db/dbx back to the default (in the uefi firmware)

da_667, to random

I don't even understand why the fuck windows update even has error codes when every single fucking one of them always has the same advice from microsoft: Delete SoftwareDistribution, run the troublshooter which never works, run dism /cleanupimage /restorehealth or use the windows 11 installer tool to do a clean install. Don't even bother giving me the error code.

Then you go to the event viewer for windows update logs and its like "the update failed to download" and you ponder the pros of lobotomy via soup spoon.

Rairii,
@Rairii@haqueers.com avatar

@da_667 you're searching in the wrong place

first you pass it to certutil /error
then you start throwing windows binaries into your favourite reversing tool

nano, to random
@nano@fedi.nano.lgbt avatar

throwback to when i was like 7 and trying to make my own font by literally drawing the letters in mspaint in the same way the windows xp font viewer did and then naming the file with a .ttf extension and being confused when it didnt work

Rairii,
@Rairii@haqueers.com avatar

@nano jackdaws love my big sphinx of quartz

yassie_j, to random
@yassie_j@labyrinth.zone avatar

Hockey? What kind of Misskey fork is that?

Rairii,
@Rairii@haqueers.com avatar

@yassie_j one where instead of getting muted you get sin binned

yassie_j, to random
@yassie_j@labyrinth.zone avatar

Yubikey? Is that a new Missk–

Rairii,
@Rairii@haqueers.com avatar

@yassie_j unironically thought this when i saw a post cw'd "hockey" once

yassie_j, to random
@yassie_j@labyrinth.zone avatar

I hope I am not everyone’s #1 source for British political news lol

Rairii,
@Rairii@haqueers.com avatar

@yassie_j this is the news at yas

Rairii, to random
@Rairii@haqueers.com avatar

ok, this is going to be interesting

i obviously need to be able to map physmem at 0x80000000

but OF puts keylargo and the usb controllers there

Rairii,
@Rairii@haqueers.com avatar

<some experimentation later>

unmapping 0x80000000 to 0x80010000 works, but obviously breaks any accesses to hardware that happens to be there

which includes the IDE controller

BUT, for booting NT I only really care about 0x80004000 - and binaries load far above there anyway (so I can map physmem starting at 0x80082000 and mark physmem before that as firmware temporary etc and use the other mapping for needing to touch low memory before NT kernel init)

unmapping 0x80004000 to 0x80010000 works, that should be more than enough space for the ARC system table etc

and everything i care about still works, i don't know what MMIO is there but i wouldn't be surprised if it's just address mirrors there

thememesniper, to random

y'know i'm convinced the microsoft surface's red "secure boot off" banner is just there to annoy people using operating systems other than windows. by the time you see the banner it's already too late to turn the computer off before it starts executing the 👻 non microsoft-signed code!!! oooo! 👻 (unless your battery is so degraded or just gone making unplugging it shut down)

Rairii,
@Rairii@haqueers.com avatar

@chfour @thememesniper @ipg oh? you wanted to know about bitlocker and the TPM?

infodump incoming!

so a TPM unseal requires the used TPM state (the PCRs used to seal the key) to be exactly the same as when the key was sealed. if it's not then the TPM will just return error.

when secure boot is disabled, bitlocker on the OS device uses PCRs 0,2,4,11, that's the UEFI firmware itself; option ROMs; the loaded bootloader; and a PCR that gets a cap event extended when bootmgr hands off to the next stage so only bootmgr can unseal the VMK from the TPM

when secure boot is enabled, it uses PCRs 7, 11. PCR 7 is the state of secure boot, the data measured to it includes whether secure boot is enabled at all; if any hardware debuggers were enabled (some systems forgot to do this); the content of dbx (the denylist of certs and hashes); and the values from db (the allowlist of certs and hashes) that were used to allow the binaries that have executed. and PCR 11 is the same as before.

additionally, when secure boot is disabled, the bitlocker metadata on disk contains hashes of allowed second stage bootloaders, and the known boot manager configuration, so if any of that gets changed, the key gets unsealed initially but then wiped from memory by bootmgr later when those hashes are checked. (none of this is done when secure boot is enabled! and there are known bugs in older bootloaders that can be used to dump bitlocker keys!)

...so really if you're using TPM-only bitlocker, you have to do some manual registry configuration to get it to always use the more secure "legacy" integrity validation, alongside setting it to use a combination of both sets of PCRs: 0, 2, 4, 7, 11. alongside making sure your system is updated.

and even then you're still vulnerable to hardware attacks (sniffing the LPC bus, glitching AMD PSP for the non-pluton fTPM implementation, just enabling the hardware debugger on some systems because they forgot to measure an event to the TPM when that's enabled)

there's a reason MS specifically says "use TPM+PIN at least", not that it helps anyone using home edition where TPM-only and recovery key are the only allowed key protectors.

also, automatic bitlocker is a thing, which has caused actual data loss on dbx updates in the past. i've been told they've actually fixed that issue since.

also, about secure boot: excuse me while i laugh hard at the state of the windows bootloader

Rairii, to random
@Rairii@haqueers.com avatar

ok

so asking OF to set the framebuffer to 16 or 32bpp works

although it breaks the console because it still uses the old 8bpp framebuffer, I did a framebuffer fill and it worked...

thememesniper, to random

but what if, i were to create my own GenuineTicket.xml and disguise it as a real activation? oh hoho, delightfully devilish seymour

Rairii,
@Rairii@haqueers.com avatar

@thememesniper my private key! the white box crypto vm does nothing!

Rairii, to random
@Rairii@haqueers.com avatar

current status: so the open firmware framebuffer is set to use a colour lookup table

I'M GOING TO NEED TO KNOW WHERE THAT TABLE IS IN MEMORY

Rairii,
@Rairii@haqueers.com avatar

@jernej__s I tried dumping the palette but I think that register is write-only.

I ended up filling the framebuffer and observing the colours appeared to be similar to the VGA ones.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • anitta
  • kavyap
  • DreamBathrooms
  • ngwrru68w68
  • magazineikmin
  • hgfsjryuu7
  • everett
  • thenastyranch
  • Youngstown
  • slotface
  • rosin
  • tacticalgear
  • GTA5RPClips
  • PowerRangers
  • Leos
  • modclub
  • ethstaker
  • khanakhh
  • osvaldo12
  • Durango
  • InstantRegret
  • cisconetworking
  • mdbf
  • normalnudes
  • cubers
  • vwfavf
  • tester
  • provamag3
  • All magazines
    •