alex

@al3xtjames

firmware stuff/osx86/reversing/??? • aka theracermaster • • he/him

~
Vrijeme pridruživanja: listopad 2011.

Tweetovi

Blokirali ste korisnika/cu @al3xtjames

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @al3xtjames

  1. Prikvačeni tweet
    1. srp 2016.
    Odgovor korisniku/ci

    Yep, found SmmRuntimeManagementCallback() function in HP dv7 4087cl (from ~2010, HM55) with Insyde EFI

    Ovo je potencijalno osjetljiv multimedijski sadržaj. Saznajte više
    Poništi
  2. proslijedio/la je Tweet
    27. ruj 2019.

    EPIC JAILBREAK: Introducing checkm8 (read "checkmate"), a permanent unpatchable bootrom exploit for hundreds of millions of iOS devices. Most generations of iPhones and iPads are vulnerable: from iPhone 4S (A5 chip) to iPhone 8 and iPhone X (A11 chip).

    Prikaži ovu nit
    Poništi
  3. proslijedio/la je Tweet
    10. ruj 2019.

    STOP using single-purpose instructions MOV is Turing complete XOR is Turing complete SUB is Turing complete (CMP)XCHG is Turing complete JMP ADC is Turing complete

    Poništi
  4. proslijedio/la je Tweet
    24. srp 2019.

    [GSoC] Ghidra firmware utilities, week 9

    Poništi
  5. proslijedio/la je Tweet
    24. ruj 2018.

    CVE-2018-12169: Platform sample code firmware included with Haswell, Broadwell, Skylake, Kaby Lake, Coffee Lake and Cannon Lake processors contains a logic error allowing a physical attacker to bypass BootGuard firmware authentication.

    Prikaži ovu nit
    Poništi
  6. 24. tra 2018.

    [1] 3996 segmentation fault grep uh

    Poništi
  7. proslijedio/la je Tweet
    5. sij 2018.

    looks like some people actually care about AMD's PSP: BTW, ME also has an fTPM and is also mostly based on the spec's pseudocode... cc

    Poništi
  8. proslijedio/la je Tweet

    Attacking by & at 1. Requires malformed file on SPI flash (needs physical access or bug in BIOS) 2. Bug in early-loaded module, so ME "disabling" by HAP is not a cure 3. Culprit is classic(!) stack overflow 4. Full code exec in ME Congrats!

    Poništi
  9. 4. pro 2017.

    Hmm, why are AppleBCMWLAN*.kext included in 10.13? Aren’t these for iOS devices?

    Poništi
  10. proslijedio/la je Tweet
    27. stu 2017.

    Saying you don’t need internet access to succeed in 2017 in the US is kind of like saying you can do anything in life regardless of your economic status growing up...

    Prikaži ovu nit
    Poništi
  11. proslijedio/la je Tweet
    20. stu 2017.

    Just a humble reminder to everyone freaking out by INTEL-SA-00086 aka total ME takeover: ME is a core of fTPM 2.0, BootGuard, SGX, PAVP, ICC, DAL and who knows what else on modern Intel platforms, so you you want to freak out - do it harder! ;)

    Poništi
  12. proslijedio/la je Tweet
    20. stu 2017.

    Thoughts on the latest Intel ME vulnerabilities: based on public information, we have no real idea how serious this is yet. It could be fairly harmless, it could be a giant deal.

    Prikaži ovu nit
    Poništi
  13. proslijedio/la je Tweet
    20. stu 2017.

    the Apocalypse begins: Multiple buffer overflows in Intel CSME including with remote vector

    Poništi
  14. proslijedio/la je Tweet
    20. stu 2017.

    Fix for our vulnerability has been published!!! CVE-2017-5705 thank you!

    Poništi
  15. proslijedio/la je Tweet
    20. stu 2017.
    Poništi
  16. proslijedio/la je Tweet

    There's a LOT of new things happening with Apple EFI in the upcoming BridgeOS 2 thought to ship with the iMac Pro it looks like. New EFI update kext, MacEFI* libs, and seemingly use of eSPI which I *believe* is new. Aforementioned binaries are AArch64, incidentally.

    Poništi
  17. proslijedio/la je Tweet

    And MacEFI in this new world is definitely shipping in img4 format, and decoded and verified at various steps.

    Poništi
  18. 11. stu 2017.

    DCI works fine on Kaby Lake XPS 15 (with UEFI variable edits, of course)

    Poništi
  19. proslijedio/la je Tweet
    10. stu 2017.
    Odgovor korisniku/ci

    CSME 11.8.50.3425 seems to fix CVE-2017-9765, CVE-2017-13077, CVE-2017-13078, CVE-2017-13080, CVE-2017-5705, CVE-2017-5708, CVE-2017-5711, CVE-2017-5712 & CVE-2017-5729. So WPA2 and CSE ME 11, TXE 3 & SPS 4 vulnerability (disclosure probably on Nov 20th)

    Poništi
  20. proslijedio/la je Tweet
    8. stu 2017.

    Game over! We (I and ) have obtained fully functional JTAG for Intel CSME via USB DCI.

    Poništi
  21. proslijedio/la je Tweet
    5. lis 2017.

    We're glad to share another Intel Boot Guard bypassing technique

    Tweet je nedostupan.
    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·