Rairii

Rairii, 1 year ago to infosec

I just spent a day or so figuring this out, and CVE-2022-41099 is... really stupid...

I decided to call this "push button decrypt".

basically when you boot to WinRE tied to an OS install, keys for the os volume are derived (this is done by having a sha256 hash of a wim in the bitlocker metadata)

anyway, WinRE does not require bitlocker recovery key when choosing to "reset my PC" and "remove everything".

When choosing "just remove my files", winre starts to decrypt the bitlocker volume at ~98%.

Hard resetting (hard power off / power on) here will reboot back into WinRE and show an error.

Clicking OK on the error will cause a reboot back to the OS, and starts windows setup which shows an "upgrade" screen.

...where Shift+F10 works to get a shell, you can then pause the decryption, remove all key protectors, then dump plaintext VMK, decrypt the FVEK with that, and use that FVEK to decrypt a disk image you made earlier.

This is the second time that Shift+F10 in setup to get a shell broke bitlocker.

The fix removes "reset my PC" -> "remove everything" from the list of options that are allowed to start with the osvolume unlocked and without entering a recovery key. (leaving only one in place: startup repair)

Because this is an issue with code running in winre usermode, this affects legacy integrity validation as well as secure boot integrity validation.

#infosec #CVE_2022_41099 #BitLocker

Rairii, 7 months ago to random

put the tag file in the ISO, now it's loaded the kernel (although not successfully, I need to modify the block device reading functions to patch PEs on load)

and it's asking for a HAL

Rairii, 7 months ago to random

evil wii

Rairii, 1 year ago to infosec

so, it's been almost a month since the patch released (exactly a month would be friday)

Introducing bitpixie (CVE-2023-21563), a 17 year old bug (introduced in 5231.2 from october 2005 at the latest) leading to bitlocker (with TPM) bypass and key dumping

When booting from network via PXE, there's a special type of boot entry allowed called "PXE soft reboot".

This just loads the given PE from the remote PXE server, and does BS->LoadImage and BS->StartImage on it.

...except when BS->StartImage is called, derived BitLocker keys are still in memory!

When Secure Boot is disabled, you can just load any payload you want, of course.

When Secure Boot is enabled, things are slightly more complicated.

Luckily, there's a way for a physically present user to bypass Secure Boot: if you go into advanced options menu and choose "disable driver signature enforcement", win8+ winload will load a selfsigned mcupdate*.dll, and call its entrypoint before ExitBootServices.

When loading bootmgfw again, winload won't know of the older BitLocker keytable, and will enable access to the advanced boot options menu.

You need to set up enough of a Windows image so winload can reach the code path to load and execute mcupdate*.dll.

I used windows 8.1 RTM (9600.16384) for this, the files required from its boot.wim are:

Windows\apppatch\drvmain.sdb
Windows\Boot directory
Windows\fonts\vgaoem.fon
Windows\Inf directory
and in Windows\system32:
Boot, config, drivers directories
apisetschema.dll
bootvid.dll
ci.dll
C_*.NLS
C_G18030.DLL
C_IS2022.DLL
hal.dll
HalExtIntcLpioDMA.dll
kd.dll
kdcom.dll
kdstub.dll
l_intl.nls
ntoskrnl.exe
PSHED.DLL

(and of course, your payload as mcupdate_AuthenticAMD.dll and mcupdate_GenuineIntel.dll)

This is a total of 136MB of data uncompressed, and a 42MB WIM. It can probably be smaller than that :)

To dump bitlocker keytables, your payload must scan physical memory pages looking for a valid keytable.

But what about getting the bitlocker keys derived in the first place?

When loading a boot application, BitLocker keys are derived very early. If loading the boot applicaiton PE from disk fails, integrity validation is not performed and derived keys remain in memory.

That way, in a BCD coming from PXE server, the default boot option can have a device of the BitLocker-encrypted OS partition, a path of "" (valid, but will always fail), and a recovery sequence pointing to the pxesoftreboot entry.

Then, for Secure Boot being enabled, you can swap the BCDs on the PXE server after the first one gets loaded. You can slow the boot down by pressing down arrow during bootmgr initialisation to cause the boot menu to show up.

Then just PXE boot from this, using the vulnerable bootmgfw from the system you are attacking :)

If Secure Boot is used for integrity validation (the default when Secure Boot is enabled), a downgrade attack can be performed here, and any vulnerable bootmgfw can be used.

Make sure your systems are patched, and using legacy integrity validation configured to use PCRs 0, 2, 4, 7 and 11. "Secure Boot integrity validation" is not secure!

#infosec #BitLocker #CVE_2023_21563 #Windows

Rairii, 6 months ago to random

1 System Processor [77 MB Memory]

Rairii, 5 months ago to random

we all know NT really stands for NinTendo

Rairii, 10 months ago to random

This string was found by https://wetdry.world/@w - I have confirmed its presence in the Threads APK from apkcombo, "Threads, an Instagram app_289.0.0.68.109_apkcombo.com.apk", sha256 83a1f270aa2447f4e7310072b4d3217f9af8a03b7679b7760db03ff0bbf8e432, valid signature by "C=US, ST=California, L=Menlo Park, O=Meta Platforms Inc., OU=Meta Mobile, CN=Meta Platforms Inc." (rsa-4096 + sha-256, cert expires in 2053)

at offset 0xB7AE in assets/strings/en_GB.frsc

"Soon, you'll be able to follow and interact with people on other fediverse platforms, such as Mastodon. They can also find people on Threads using full usernames, such as <b>@%1$s</b>."

cc @FediPact

Rairii, 10 months ago to random

gba hardware clone arrived

Rairii, 9 months ago to random

bored, so i'm going to bindiff all the late pokemon yellow protos from OriginalSouce.zip that everyone forgot about

Rairii, 11 months ago to random

hey look, an actually useful orange-site comment, about HP ink cartridge hardware hacking

"Put a resistor, about 1kohm, in the power line to the security chip on the cartridge.

Now, whenever the printer tries to read data from the chip, it works. Whenever it tries to record data to the chip (for example, marking the cartridge as empty), that uses more power, and the memory chip doesn't respond.

Amazingly, the whole setup just works and prints forever, saying the cartridges are always full... "

https://news.ycombinator.com/item?id=36104300

Rairii, 4 months ago to random

downloaded a bunch of old world mac ROM dumps

the powermac G3 (v3) is the earliest to have an MS ARC-style COFF loader in its open firmware implementation

they were released nine months after MS announced they were abandoning PowerPC NT

edit because i got confused with the models. the blue and white G3 is of course the first new world powermac

Rairii, 7 months ago to random

so a while ago i mentioned that pia v3.10.2 isn't vulnerable to that RCE

i was incorrect, it IS vulnerable

i ported the poc to pokemon ultra moon

but with pokemon ultra sun/ultra moon quick link there's RNG involved for if the game sets up a UDS network or tries to connect to an existing one

...which means it's the perfect "are you feeling lucky" speedrun exploit, right?

(get the bad roll and it sets up a UDS network and waits 10 seconds for a connection, RNG used is seeded right before rolling, by svcGetSystemTick...)

after getting it twice in a row i went to record the crash with pc=41414140 and haven't been able to get it since lol

Rairii, 5 months ago to random

note to self: NT does not like savestates

Rairii, 3 months ago to random

decided to throw securebootai.dll (from latest germanium build) into IDA, was not disappointed

there's a list of systems where db/dbx updates aren't attempted, that being:

• any (amd64) apple system (those with secure boot just hardcodes db/dbx, without the ability to update it, right?)
• fujitsu FJNBB38
• a big list of HP systems: 83D5, 83DA, 83DD, 83E7, 83E8, 83E9, 8401, 8460, 8461, 8462, 8463, 8464, 8584, 8589, 8617, 8618, 8619, 8620, 869B, 86A3, 86A5, 86A8, 870B, 870C, 870F, 8710, 8711, 8712, 8713, 8714, 8715, 8717, 8718, 8719, 871A, 871B, 871C, 8723, 8724, 8725, 872B, 872C, 872D, 872E, 8736, 874D, 874E, 874F, 8750, 8751, 8752, 8753, 8754, 8755, 8760, 876D, 8779, 877D, 8780, 8783, 87EC, 880F, 8810, 882C, 882D, 8830, 8835, 8836, 885C, 887E
• and any HP system where its custom protection against performing db/dbx updates is enabled

also:

the file doesn't exist right now, but there's code (behind a registry(?) flag) to apply "dbxupdate2024.bin", and debug strings imply that would revoke the PCA 2011 cert entirely!(GetSecureBootUpdateFilePathPCA2011RevokeDBX)

i expected that to be done, but only on new systems, fun (given that it's behind a flag it may well happen only on new systems)

Rairii, 1 year ago to random

HOLY FUCKING SHIT

WHISTLER BUILD 2210.MAIN (CHK) FOR AXP64

https://virtuallyfun.com/2023/05/15/windows-2000-64-bit-for-alpha-axp/

Rairii, 4 months ago to random

yet winmsd is working on real hardware!

Picture of a TV screen, showing the System tab of winmsd. The system information is unknown, other than one processor with description "Broadway"
The Memory tab of winmsd, showing 15576 KB free of 79872 KB total, 2368 KB kernel memory, and a half-used 16MB pagefile.
The environment variables tab of winmsd, showing the processor PVR: 0x87200 split up into high word PROCESSOR_LEVEL and low word PROCESSOR_REVISION; a PROCESSOR_IDENTIFIER of Broadway; and a PROCESSOR_ARCHITECTURE of PPC.

Rairii, 10 months ago to FediPact

https://www.threads.net/t/CuRtcYTNY3J

lol

"We're committed to building support for ActivityPub, the protocol behind Mastodon, into this app. We weren't able to finish it for launch given a number of complications that come along with a decentralized network, but it's coming.

If you're wondering why this matters, here's a reason: you may one day end up leaving Threads, or, hopefully not, end up de-platformed. If that ever happens, you should be able to take your audience with you to another server. Being open can enable that."

promises are one thing. reality, when FB is involved is something different

#FediPact #BlockMeta #DefederateMeta

Rairii, 9 months ago to random

i just bought a second hand 2GB microSD card and it has data on it

ok, i'm imaging this

it came out of an android phone

on a related note: how good was the crypto for whatsapp database backups in ~2014?

Rairii, 11 months ago to random

> username followed by bunch of numbers at mastodon dot social

i dunno, feels sus to me

Rairii, 1 year ago to random

>looking at the dbx update csv list

DID THEY SERIOUSLY TRY TO REVOKE BOOT APPLICATIONS FOR ARMV7

ARMV7 NT ISN'T EVEN GETTING ANY UPDATES ANY MORE LOL

Rairii, 4 months ago to random

hmm

Rairii, 7 months ago to random

three different powerpc cross-compilers open in IDA at once

• big endian powermac VC++4 backend
• little endian powerpc VC++6 backend (for Windows CE)
• big endian powerpc VC++2010 backend (for Xbox 360)

and i can tell the ppc codegen stuff in each is basically the same

a nice thing is the VC++6 wince stuff comes with a cross-assembler that emits machine-value 0x1f0 COFF objects

that cross-assembler is basically the same assembler used for compiling NT, except afaict a native assembler was used there

it's called pasm.exe, and calls itself the following:
IBM PowerPC assembler release 1.0
Copyright (c) 1995-1997 IBM Corporation

one of the interesting things about that assembler is it has directives to change endianness (and that's actually used in NT PPC multi-processor HAL code, as the other CPUs would come up in big endian mode)

so in theory you could patch the machine value and use that to assemble for xbox360?

in fact the xbox360 VC++2010 link.exe does work with a COFF emitted from pasm.exe (when patching the machine value to 0x1F2 manually)

Rairii, 7 months ago to random

just did a practise run, and i definitely lost time by being unfamiliar, and more time just due to wild encounter RNG, but still sub-40 minute IGT at the end

Rairii, 10 months ago to random

if i had a nickel for every anti-cheat vendor whom implemented functionality in their driver to elevate the calling usermode process to PP/PPL, i would have two nickels. which isn't a lot, but it's weird that it happened twice

kernel-mode anticheat is malware.

Rairii, 5 months ago to random

one stupid bug fix in iossdmc.sys later (wrong length variable causing heap overflow) and: