HARDWARE HACKING VILLAGE - Disabling Intel ME in Firmware

Video thumbnail (Frame 0) Video thumbnail (Frame 1642) Video thumbnail (Frame 2171) Video thumbnail (Frame 3660) Video thumbnail (Frame 5860) Video thumbnail (Frame 8244) Video thumbnail (Frame 12839) Video thumbnail (Frame 13453) Video thumbnail (Frame 15831) Video thumbnail (Frame 17573) Video thumbnail (Frame 18246) Video thumbnail (Frame 19770) Video thumbnail (Frame 21778) Video thumbnail (Frame 22581) Video thumbnail (Frame 23460) Video thumbnail (Frame 25533) Video thumbnail (Frame 26097) Video thumbnail (Frame 26609) Video thumbnail (Frame 27297) Video thumbnail (Frame 28127) Video thumbnail (Frame 29410) Video thumbnail (Frame 30036) Video thumbnail (Frame 31411) Video thumbnail (Frame 32549) Video thumbnail (Frame 33828) Video thumbnail (Frame 34305) Video thumbnail (Frame 36149)
Video in TIB AV-Portal: HARDWARE HACKING VILLAGE - Disabling Intel ME in Firmware

Formal Metadata

Title
HARDWARE HACKING VILLAGE - Disabling Intel ME in Firmware
Title of Series
Author
License
CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
2018
Language
English

Content Metadata

Subject Area
Laptop Intel Data management Process (computing) Touch typing Computer hardware Bit Physical system Firmware
Quark Intel Module (mathematics) Source code 32-bit Field (computer science) Subset Number Microprocessor Computer hardware File system Energy level Software testing Digital rights management Information security Booting Installable File System Module (mathematics) Game controller Source code Electric generator Remote administration Intel Quark System administrator Flow separation Microprocessor Digital rights management Data management Befehlsprozessor Software Computing platform Limit set Software testing Information security Booting
Intel State of matter Code System administrator Source code Set (mathematics) Function (mathematics) Public key certificate Data management Mathematics Malware Semiconductor memory Bus (computing) Local ring Information security Physical system God Vulnerability (computing) Area Public key certificate View (database) Radical (chemistry) Data management Hard disk drive Remote procedure call Information security Bounded variation Physical system Asynchronous Transfer Mode Asynchronous Transfer Mode Server (computing) Proxy server Firewall (computing) Authentication Password Field (computer science) Power (physics) Hauptspeicher Telecommunication Operator (mathematics) Operating system Musical ensemble Proxy server Authentication Operations research Vulnerability (computing) Sine Server (computing) Interface (computing) Code Computer network Exploit (computer security) Software Rootkit Personal digital assistant Function (mathematics) Password Videoconferencing Local ring Buffer overflow
Intel Length Direction (geometry) Multiplication sign Non-standard analysis Electronic signature Computer Different (Kate Ryan album) Computer configuration Befehlsprozessor Single-precision floating-point format Formal verification Core dump Cuboid Huffman coding Data compression Physical system Enterprise architecture Purchasing Intel Computer Non-standard analysis Product (business) Electronic signature Data management Telecommunication System programming Encryption Remote procedure call Information security Physical system Reverse engineering Booting Firmware Purchasing Laptop Server (computing) Module (mathematics) Flash memory Directory service Operating system Reverse engineering Proxy server Booting Firmware Backdoor (computing) Mathematical optimization Form (programming) Authentication Module (mathematics) Vulnerability (computing) Key (cryptography) Code Directory service Software Formal verification Musical ensemble Game theory Wireless LAN Buffer overflow RSA (algorithm)
Intel Pixel Scripting language INTEGRAL Code Multiplication sign Mereology Electronic signature Formal verification Endliche Modelltheorie Vulnerability (computing) Physical system Data integrity Scripting language Graphics tablet Intel Beam compass Open source Non-standard analysis Bit Mereology Control flow Electronic signature Data management Hexagon Googol Bridging (networking) Endliche Modelltheorie Information security Asynchronous Transfer Mode Reverse engineering Booting Firmware Asynchronous Transfer Mode Game controller Functional (mathematics) Module (mathematics) Open source Connectivity (graph theory) Goodness of fit Googol Computer hardware Booting Firmware Computing platform Module (mathematics) Quantum state Coma Berenices Cartesian coordinate system Sign (mathematics) Computer hardware Function (mathematics) Computing platform Formal verification
Module (mathematics) Inheritance (object-oriented programming) Connectivity (graph theory) Source code Device driver Process capability index Menu (computing) Whiteboard Computer hardware Core dump Logic Videoconferencing Energy level Computer worm Configuration space Data conversion Multiplication Address space Linear map Physical system Personal identification number Module (mathematics) Source code Touchscreen Building Core dump Local area network Binary file Device driver Limit (category theory) Inclusion map Type theory Latent heat Data management Logic Computer hardware Analog-to-digital converter Function (mathematics) Configuration space Videoconferencing Physical system Computer worm Booting Address space
Ocean current Meta element Intel Scripting language Open source Code Flash memory Letterpress printing Set (mathematics) Mereology Read-only memory Semiconductor memory Core dump Videoconferencing Process (computing) Data structure Website Firmware Booting Physical system Data type Area Scripting language Source code Decimal Binary code Code Binary file Data management Process (computing) Motherboard Computer hardware Website Videoconferencing Physical system Data structure Reading (process) Reverse engineering Booting Firmware
Slide rule Intel Scripting language Module (mathematics) Link (knot theory) Code Programmable read-only memory Computer-generated imagery Virtual machine Mereology Videoconferencing Maize Firmware Scripting language Game controller Binary code Code Bit Number Data management Computing platform Website Videoconferencing Booting Address space
Computer virus Computer file Source code Flash memory Nonvolatile BIOS memory Set (mathematics) Process capability index Menu (computing) Revision control Data model Motherboard Different (Kate Ryan album) Core dump Computer hardware Computer worm Configuration space Endliche Modelltheorie Booting Address space Physical system Personal identification number Source code Default (computer science) Distribution (mathematics) Building Flash memory Point (geometry) Binary code Process capability index Binary file Data management Computer configuration Motherboard Personal digital assistant Computer hardware Infinite conjugacy class property Revision control Website Configuration space Formal verification Computer worm Address space
Personal identification number Data model Medical imaging Motherboard System on a chip Multiplication sign Channel capacity Family Product (business) Family
Point (geometry) Functional (mathematics) Personal identification number Range (statistics) Function (mathematics) Product (business) 2 (number) Power (physics) Writing Latent heat Internetworking Diagram Configuration space Emoticon Maize output Personal identification number Voltmeter Range (statistics) Latent heat System on a chip Function (mathematics) Emoticon output Right angle Diagram
Personal identification number Bridging (networking) Bridging (networking) Emoticon Maize Surjective function
Noise (electronics) Digital electronics Building Voltmeter Function (mathematics) Digital electronics Data transmission Thermal fluctuations Logic System on a chip Thermal fluctuations Logic Energy level output Diagram Right angle Energy level Data conversion Diagram Reading (process)
Personal identification number Laptop Source code Digital electronics Source code Flash memory Electric power transmission Flow separation Digital electronics Power (physics) Connected space Hash function System on a chip Function (mathematics) Hash function Software testing Right angle Emoticon Bounded variation Reading (process) Laptop
Touchscreen Touchscreen Error message Infinite conjugacy class property Error message Booting Laptop Booting
Point (geometry) Touchscreen Game controller Computer file Software developer Flash memory Set (mathematics) Device driver Process capability index 2 (number) Graphical user interface Core dump Videoconferencing Flag Maize Booting Address space Physical system Serial port Email Touchscreen Flash memory Software developer Weight Electronic mailing list Electric power transmission Connected space Kernel (computing) Error message Function (mathematics) Configuration space Flag
Service (economics) Information Feedback Touch typing Feedback Website Information Information security
thank you all for coming out I'm glad to see a good turnout how many of you are really really want to get into a management engine off your system all right motivated crowd that's what I want to see so let me give you a little bit about my motivation I don't know about the rest of you but I'm very paranoid about my own personal system and the kind of person that spends like a week fine tuning the SELinux policies and I first found out about the management engine I don't know six eight years ago and it just planted this little seed of doubt in my mind you know as I'm there working away securing the OS layer and wondering like well what about this back door at the hardware layer that I can't touch and I can't get rid of so I all the research and finally when there was a way to disable the management engine I jumped on it right away I bricked my laptop twice not once but twice in the process and I decided I wanted to put together a talk to help all of you to streamline it so you don't have to make the same mistakes that I did
so my name is Brian Milliron I'm a freelance penetration tester my company is EC our security I've been doing penetration testing for about eight years primarily in the energy generation field prior to that I spent about ten years as a security engineer and network architect so and when information about
the Intel Envy first started coming out they called it a chip within a chip because it's a completely autonomous subsystem it is not actually inside the CPU as they first thought it's located on the PCH hub it is completely closed source it includes a number of modules one of which is the AMT for remote administration it works just like ILO for completely Hardware level remote administration it runs the MINIX three OS it is included in all the Intel chipsets since 2008 and some of the limited set a subset of chipsets earlier than that going back to 2006 it runs on an intel quark 32-bit microprocessor it has its own separate file system which is stored in spi flash some of the other modules included in the management engine are boot guard TPM a DRM module and quite a few others so
some of the capabilities for the management engine it's active even in the power off s3 state as long as the main power is connected it can be activated it has its own its own complete separate Network and tcp/ip stack which is completely independent of the operating system it communicates out-of-band and the OS cannot see or modify those packets at all you might think well I have a network appliance I have I have si si si se i M I have got you know Wireshark running on a separate system but does that system does that network appliance also have an Intel ME chip in it the emmy has full read/write access to all areas of the system main memory it has full access to the system bus it operates in SMM or protected system management mode so the OS cannot see or interfere with any of its operations this is basically a god mode it can read and write to anything on the system if it receives a magic packet over the network interface the AMT can be activated remotely to power on the system change settings in the OS change bios settings view video output do anything that a user could do sitting at the local terminal because it's intended for a remote management you
might hope that a subsystem with this much power over your your system would be very well locked down in hardened insecurity and it's unfortunately not the case all the way back in 2009 invisible things lab developed a rootkit which lives inside the management engine in the system management mode which can hide from the operating system any malware preventive software that you have on the operating system it was completely persistent could survive being you know the hard drive being wiped back in 2010 Basilio's Varys developed a certificate based authentication bypass to remotely enable deploy and provision AMT even if it was disabled in the BIOS previously and then here recently just last year 2017 the silent bob is silent vulnerability remotely exploitable authentication bypass you just send a null field to the you to the password to the AMT and you get full remote management capabilities the empty must be enabled however for this to work this does affect not only pcs as infects servers firewalls HSM security appliances anything on your network that has an Intel chip is vulnerable to this again also in 2017 a buffer overflow leading to remote code execution so unfortunately this thing is full of holes this is just what we've discovered so far it's closed source and it's very difficult to audit and
unfortunately Intel makes it very difficult to get rid of we all wish that there was just a simple check box and the BIOS but you could just say turn it off I'm not using this I'm not even an enterprise user but they want to make it as difficult as possible the demand for engine firmware is located in a region of the SPI flash memory that is inaccessible to the BIOS and the OS the core modules are RSA signed if the signature verification fails it will fail to boot they're also using lzma and Huffman compression as a form of optimization they're using a hidden directory to make it very difficult for reverse engineers to figure out what this thing is actually doing additionally there's an extra I am the verification module which runs every 30 minutes to check to see that that RSA signature and so if you overwrite it on boot then 30 minutes later it's going check and find out that the RSA signature check fails and it's going to shut your system down so Intel has gone to great lengths to make it very difficult to disable this so there has been some people that have speculated that maybe this is an intentional backdoor NSA has a history these kind of things I think it's useful to play a little game of what if so if I was the NSA and I was designing a backdoor that I wanted to be loaded on every server and network appliance in the world what would I want I would want it to be completely independent of the main operating system I'd want it to be something that you cannot shut down that can't be powered on anytime even if this system is turned off I'd want it to be not just stealthy but completely invisible to anything on the OS I'd want to have full access to everything on the system and I'd want it to have out-of-band communications for data exfiltration until Emme does all of that what else would I want if I was the NSA and I want to have this backdoor on every system I'd want to have plausible deniability I wouldn't want any evidence pointing to the NSA I would want to have a single rogue engineer who is going to overlook a buffer overflow who's going to overlook a remote authentication bypass that way there's nothing tying it back to us so what are some capabilities for intelligence gathering that such a backdoor might have it could scrape Ram to pull encryption keys directly out of RAM it can be used to exploit eight exfiltrate data off of air-gap system by enabling the wireless module even if the wireless was disabled in the BIOS and not configured it could be re-enabled and used to exfiltrate data that way it could also be used to infect a USB Drive that was plugged in and then that USB Drive is carried to a different air gap system to infect that system and create a two directional communications channel back out to the the wider world [Music]
so how do we disable the intel management engine the easy way you can actually buy systems that are pre-configured with the management engine disabled purism laptops system76 systems that's an option when you make your purchase you can have it disabled for you Dell if you're a government customer again some of their systems you can ask for the management engine to be disabled at a time of purchase okay this is
DEFCON you want to do it yourself you want to hack it yourself so a little bit of history Igor's Kachinsky is a reverse engineer with hex rays he's kind of the one that started all of this by he reversed engineered a large portion of the management engine and for the first time the rest of the world was able to see what is this thing actually doing 2016 trim Oh Hudson discovered that he can actually overwrite part of the management engine without invalidating the signature checks it turns out Intel was not properly implementing the integrity verification in the firmware checksums Nikola koruna followed up on this research and created a script that would it delete most of the management engine components you actually can delete all of the management engine modules except the ROM and the buff module 2017 positive technology's discovered an additional way there's an undocumented mode called H ap or high assurance platform that was put in at the request of the NSA which disables the management engine after boot so it it boots up it does its signature check and then it disables itself it's kind of funny the NSA thinks the management engine is a security vulnerability who would have bigger using both techniques together you can disable to end the management engine after boot up and then overwrite it so that it cannot be reactivated however since the management engine is built into the BIOS you're going to need a new new bios with the disabled management engine built into it
so how many of you know about coreboot view good so it is an open source bios UEFI firmware it is supported by google and a lot of the Google engineers contribute code it has very bare-bones functionality it initializes hardware and passes control to the OS that's it it does support secure boot using the V boot module and however it does have limited hardware support most Chromebooks it will work on because Google wants it to work on their hardware some of the other supported hardware is mostly older models Intel Ivy Bridge and Sandy Bridge or the AMD Athlon it works on some older MacBooks thinkpads and elite books as well now you might be thinking you know I don't want to be stuck with older hardware but I've found for my purposes that a four or five year old elite book or think pad is actually does the job and if you really have some high performance applications that you need to use this on the intel pixel has some very very high-level specs so it should you should be able to find a system that's gonna be able to suit your needs okay how much is it gonna cost you
should be able to build this for under 100 if you just have a regular 8 pin chip all you need is a Raspberry Pi and an SOI C 8 pin pomona clip if you have one of the 1.8 local chips you're going to need a few extra components here you need a logic level converter a breadboard a capacitor and a linear power supply but it still is pretty cheap so the first thing you would want
to do is prepare the court blue ROM you're going to build from source check out all the sub modules and you're going to need to download and build a payload you can either use C bias for legacy bias or Tiano core for the UEFI depending on what you want and it uses a menu config and it is specific to each type of hardware that's one of the reasons that there's limited hardware support and you're going to need to include all the proprietary binary blobs for that specific mainboard so you're going to need your video driver your land and management engine as well as a few other things it is very important to make sure that you have the correct pci address for the video bios or you're gonna end up with a blank screen when you try to reboot this is something that happened to me you always want to use the address that's listed in LS PCI on the running system so binary blobs I know we all
hate them but until they're all reverse-engineer to open-source we have to live with them I found this person to be the most confusing part of the process because the documentation on the corporate website is kind of limited in this area so they say you need these binary blobs they don't go into a lot of detail as to where do you get them from I want to what you're gonna need you need the flash descriptor the video BIOS the cleaned Intel management engine PCH reference code and the memory reference code and depending on your mainboard you might also need it Intel firmware Support Package so where do you get this stuff you're gonna get it out of the existing BIOS you're gonna want to go to the manufacturers website download the latest bios and you're gonna extract it from that binary you can get it from the system itself just by doing a read on the BIOS chip however there's always a possibility that you get a bad read and you would end up with some corrupted code core boot comes with some helper script the extract blobs that Sh is supposed to do all of the extraction for you however it didn't work for me it's a little out of date hasn't been maintained in a while they also include some some tools the CB FS tool and the IDF tool which are going to do it and I'm going to show you how to do this manually so this command here the CB FS tool my bias print is going to show you what's what's in your current BIOS and it'll look like this this is kind of a
typical bio structure tells you the OP set and the binaries that are located to each offset
so here are some commands that you will use to extract the binary blobs I've got all the commands here for the the reference code the machine reference code the video bias you don't need to worry about taking pictures of this the slides welcome on my website for you so
now that you've got all the binary blobs extracted from the firmware now comes the good part actually disabling the management engine so Nicola corner has the Emme cleaner script hung his github got the link for you right there you just run that script pointed at the existing manufacturers bios receiveed pointed at the the management engine binary that you extracted in the previous step and it's going to basically overwrite everything that can be overwritten and it will also set the half disabled a bit for you once you
have the the cleaned management engine binary you're ready to build the final core boot rom do a final check of your config file make sure that the coreboot knows the the path for all of the binary blobs including the management engine and the C BIOS payload verify again that your PC your PCI address for your VGA is correct and make sure that your mainboard model and vendor are correct core boot is going to pre-populate a lot of default values based on that there's hundreds of different settings in the menu and all of the defaults are good as long as you get the mainboard model and vendor correct although you can tweak it as needed as well and then what you got all that go ahead and build it and next you're gonna want to set up the flash ROM on your Raspberry Pi you you do want to check the flash ROM site to make sure that your hardware supported they do support most of the major vendors so you should be ok and all of the major distributions also have it built into their package management system so you don't have to build it from source unless you have a very new chip and you have to build from source in that case to get the latest and greatest version you're also going to want to raspy config to enable the SPI and next you're
gonna want to find out physically where is the virus chip on your main board most likely it's going to be eight pins it will look a lot like this it'll be located near the CMOS battery and the two biggest manufacturers are gigabyte and win bond and they will have a large G or a large W on the chip that will help you identify it here's another
image of a BIOS chip on the main board you can see there's not really very many eight pin chips you might have a couple one of them is going to be your BIOS probably if you're confused you can just google the model number that's on the chip itself and that will tell you if it's a BIOS chip or not and which model it is once you've identified it then
once you locate it they need to identify it you need to figure out exactly which model number this you can get the specs the model number will be printed on the chip I've got an example here for what the model number actually indicates for this wind bond chip another 25 times what family it is the X tells you it's dual SPI the 8e tells you it's an 8 megabyte chip and the Vai Z tells you it's an SOI C 8 pin 208 milk F once you
have the the model number you're going to need to look up on the internet the datasheet for that specific bios chip you're going to need the pin out and you're going to need the voltage at the very least so the voltage is either going to be a 3.3 volt or it's gonna be a 1.8 volt however on this datasheet it's not going to say three point three or eight at one point eight it's going to give you a range it'll say something like two point seven to three point six volts that's because voltages are very rarely exact now this is an example of a pin out diagram notice the little dot next to the one so pin one it's gonna be
marked physically on the chip you'll see there like a little indentation on the chip that'll be pin one right there some of the manufacturers label depends differently some of them call pin 2's Oh some of them call pin to do some of them call pin 5s I saw them call it di or s IO or D IO the clock maybe called s clock the write-protect may be called AC C if you read the datasheet it's going to tell you what the function is for each pin and that should tell you which is which CS is gonna be chip select do whose data output WP is write-protect GND is ground d io or di is data input C LK is clock hold as hold VC C is for power here's a pin out
showing you which pins for the Raspberry Pi is going to go to which pins on your SOI C Pomona clip you'll notice that three of the pins on the Pamona clip are actually going to go to a single pin on the Raspberry Pi so you're going to need to splice three wires together or you're going to need to use a breadboard to make a bridge between them this is an
example of what it looks like all hooked up now if you do have a 1.8 volts if
that's called a low voltage chip you're going to need to make a step-down circuit otherwise you'll fry your bias chip if you connect it directly to the 3.3 volt output on the Raspberry Pi I have here a diagram a wiring diagram for how to connect the Raspberry Pi through the logic level converter and the power supply and the Pomona clip you are going to want to have probably a 10 nano farad capacitor in between the output on the logic level converter and the input on the Pamona clip this is going to remove some voltage fluctuations that could could create noise in your data signal and it could cause you to get a bad read or a bad right this is an example of a
completed step-down circuit here let's see I've got the logic level converter mounted on a breadboard and that thing at the top is the power supply
now what to do if your bias chip is actually one of those super rare 16 pin chips well you're still only going to be using eight of the pins and they're all going to be the same as on a regular a pin chip however you're gonna have eight pins that are extra and you're going to want to either just leave them floating loose or you can connect them to ground or to the power pin and which of those three it is is going to depend on the documentation so read the documentation that should tell you okay so I just you
got everything wired up you're gonna need to test the connection before you physically connect the Pamona clip to the bias chip make sure the power is disconnected from the laptop power supply disconnected that battery disconnected the Raspberry Pi it stuff should be the only source of power unless you're using a step-down circuit with a separate power supply and here is the command to read the bias from flash ROM I recommend that you do a read three times and do a hash checksum of each of the reads to make sure they are all the same to make sure that you're actually getting a good read if you if any of there's any variation there the hashes don't come back the same you're gonna want to disconnect and reconnect the clip you're gonna want to check all your connections and make sure though they're firm you got to have a good electrical connection before you do any right here
once you get three sequential reads that are all good then you're ready to write I here's the command to do a write you're going to write your your previously prepared coreboot ROM into the bias chip and if there's not any errors everything works out well you're going to see the C bias splash boot screen it's going to look like this
so what happens if it doesn't work just
because the screen is blank does it mean that you brick the system it could be that you have entered incorrectly the the pci address for the video rom so the video is outputting to the wrong address if you wait a few seconds coreboot will pass on the control to the the linux kernel or whatever you're using and the linux kernel has its own vga driver that will take over at that point if it is truly brick you're gonna need to reflash it you can either try and reflash your core boot rom or you can reflash your original ROM and get it back to specs and just double-check everything check all the settings in your config file check that all your wiring connections are solid use a multimeter to make sure that this everything is connected well if flash ROM cannot detect your chip you can specify manually using the EM flag however usually that means there's a poor electrical connection it should be able to automatically detect your chip if it's supported the flash rom developers can be reached or support questions on the flash rom channel on freenode net and the core boot support mailing list is here and here are some a lot of
really useful resources that I found useful when I was researching this and there we have it here's my contact
info if you want to get in touch with me you have some comments or feedback or you want to work together collaborate on some research with me or if you want to hire me here's my website I've got all the information about the services I provide on the website
Feedback