SlideShare a Scribd company logo

Bootkits: Past, Present & Future - Virus Bulletin

ESET, profile picture
ESET

The document discusses the evolution of bootkits, comparing legacy BIOS and UEFI boot environments, and detailing various malwares that exploit these technologies. It highlights bootkit implementation strategies, attacks against secure boot, and forensic tools like hiddenfsreader. Furthermore, it addresses concerns around secure boot and the evolving threat landscape, illustrating techniques used by modern bootkits and the vulnerabilities associated with firmware and BIOS protections.

Technology
1 of 44
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
Bootkits: Past, Present & Future Alexander Matrosov @matrosov Eugene Rodionov @vxradius David Harley @DavidHarleyBlog
Agenda  Modern Bootkits History  Legacy BIOS vs. UEFI Boot Environment & Proof of Concept vs. In the Wild  Legacy BIOS Bootkit Classification  UEFI Bootkits  Bootkit Implementation Strategies  Attacks against Secure Boot  Forensic Software  HiddenFsReader  CHIPSEC
Modern Bootkit History 20072007 20082008 20092009 20102010 20112011 20122012 2013201320052005 20142014 eEye BootRoot Mebroot Vbootkit Mebratix Mebrootv2 Olmarik(TDL4) Olmasco(TDL4-based) Vbootkit x64 Vbootkit x64 Rovnix Evil Core Stoned Bootkit Mebromi DeepBoot Stoned Bootkit x64 Gapz VGA Bootkit Dream Boot OldBoot(AndroidBootkit) Microsoft x64 platform gains popularity Secure Boot implemented in Windows 8 In the Wild Proof of Concept
Legacy BIOS vs. UEFI  No more MBR and VBR/IPL code  Different hard drive partitioning scheme: GPT (GUID Partition Table)  Secure Boot technology is implemented in Windows 8 BIOS BIOS boot code bootmgr Load kernel and boot start drivers winload.efi MBR (Master Boot Record) VBR/IPL (Volume Boot Record/ Initial Program Loader) Load kernel and boot start drivers winload.efi UEFI boot loader (bootmgfw.efi) UEFI boot code UEFI
The Target of Modern Bootkits (MBR/VBR)
Classification of MBR/VBR Bootkits Bootkits MBR VBR/IPL MBR Code modification Partition Table modification IPL Code modification BIOS Parameter Block modification TDL4 Olmasco Rovnix Gapz
IPL Code Modification: Rovnix  Win64/Rovnix overwrites bootstrap code of the active partition MBR VBR Bootstrap Code File System Data VBR Malicious Code File System Data Bootstrap Code MBR NTFS bootstrap code (15 sectors) Before Infecting After Infecting Malicious Unsigned Driver Compressed Data “Hasta La Vista, Bootkit: Exploiting the VBR” http://www.welivesecurity.com/2011/08/23/hasta-la-vista-bootkit-exploiting-the-vbr/
Gapz VBR Bootkit Main features:  Relies on Microsoft Windows VBR layout  The infections result in modifying only 4 bytes of VBR  The patched bytes might differ on various installations jmp BIOS Parameter Block (BPB) VBR code Text Strings 0x55 0xAA 0x000 0x003 0x054 0x19C 0x1FE 0x200 transfer control “Mind the Gapz: The most complex bootkit ever analyzed?” http://www.welivesecurity.com/wp-content/uploads/2013/04/gapz-bootkit-whitepaper.pdf
Gapz BPB Layout struct BIOS_PARAMETER_BLOCK { WORD BytesPerSector; BYTE SecPerCluster; WORD ReservedSectors; BYTE Reserved[5]; BYTE MediaDescriptorID; WORD Reserved2; WORD SectorsPerTrack; WORD NumberOfHeads; DWORD HiddenSectors; DWORD Reserved3[2]; LONGLONG TotalSectors; LONGLONG StartingCluster; LONGLONG MFTMirrStartingCluster; DWORD ClustersPerMFTRecord; DWORD ClustersPerIndexBuffer; LONGLONG VolumeSerialNumber; DWORD Reserved4; };
Gapz MBR NTFS File SystemIPLVBR NTFS Volume 0x200 0x1E00 Number of “Hidden Sectors” MBR NTFS File SystemIPL Infected VBR NTFS Volume 0x200 0x1E00 Hard Drive Modified value of number of “Hidden Sectors” Bootkit before infection after infection
Modern Bootkits ComparisonFunctionality Gapz Olmarik (TDL4) Rovnix (Cidox) Goblin (XPAJ) Olmasco (MaxSS) MBR modification      VBR modification      Hidden file system type FAT32 custom FAT16 modification custom (TDL4 based) custom Crypto implementation AES-256, RC4, MD5, SHA1, ECC XOR/RC4 Custom (XOR+ROL)  RC6 modification Compression algorithm   aPlib aPlib  Custom TCP/IP network stack implementation     
HiddenFsReader as a Forensic Tool (MBR/VBR)
HiddenFsReader as a Forensic Tool (MBR/VBR)
Bootkits: Past, Present & Future - Virus Bulletin
In The Beginning… In 1998-99 CIH (Chernobyl) virus written by a student of Taipei Tatung Institute of Technology in Taiwan infected ~60 million PCs CIH (Chernobyl) erased BIOS ‘ROM’ boot block and boot sectors on a hard drive causing ~1B US dollars in damage
• Mebromi malware includes BIOS infector & MBR bootkit components • Patches BIOS ROM binary injecting malicious ISA Option ROM with legitimate BIOS image mod utility • Triggers SW SMI 0x29/0x2F to erase SPI flash then write patched BIOS binary Signed BIOS Updates Are Rare • No concept of Secure or Verified Boot • Wonder why TDL4 and likes flourished? No Signature Checks of OS boot loaders (MBR/VBR)
UEFI BIOS Firmware SEC Pre-EFI Init (PEI) Driver Exec Env (DXE) Boot Dev Select (BDS) Runtime / OS S-CRTM; Init caches/MTRRs; Cache-as-RAM (NEM); Recovery; TPM Init S-CRTM: Measure DXE/BDS Early CPU/PCH Init Memory (DIMMs, DRAM) Init, SMM Init Continue initialization of platform & devices Enum FV, dispatch drivers (network, I/O, service..) Produce Boot and Runtime Services Boot Manager (Select Boot Device) EFI Shell/Apps; OS Boot Loader(s) ExitBootServices. Minimal UEFI services (Variable) ACPI, UEFI SystemTable, SMBIOS table CPU Reset
UEFI Bootkits Hardware I/O Memory Network Graphics UEFI DXE Core / Dispatcher UEFI OS Loaders System Firmware (SEC/PEI) DXE Driver UEFI Boot Loader Bootx64.efi Bootmgfw.efi DXE Driver UEFI OROM UEFI OROM OS Kernel / Drivers HDD Malware
Hardware I/O Memory Network Graphics UEFI DXE Core / Dispatcher UEFI OS Loaders System Firmware (SEC/PEI) UEFI Boot Loader Bootx64.efi Bootmgfw.efi OS Kernel / Drivers Malware DXE Driver DXE Driver UEFI OROM UEFI OROM HDD UEFI Bootkits
Replacing Windows Boot Manager EFI System Partition (ESP) on Fixed Drive ESPEFIMicrosoftBootbootmgfw.efi UEFI technology: say hello to the Windows 8 bootkit! by ITSEC Replacing Fallback Boot Loader ESPEFIBootbootx64.efi UEFI and Dreamboot by Sébastien Kaczmarek, QUARKSLAB Adding New Boot Loader (bootkit.efi) Modified BootOrder / Boot#### EFI variables UEFI Bootkits
Hardware I/O Memory Network Graphics UEFI DXE Core / Dispatcher UEFI OS Loaders System Firmware (SEC/PEI) UEFI Boot Loader Bootx64.efi Bootmgfw.efi OS Kernel / Drivers Malware DXE Driver DXE Driver UEFI OROM UEFI OROM HDD UEFI Bootkits
Adding/Replacing DXE Driver Stored on Fixed Drive Not embedded in Firmware Volume (FV) in ROM Modified DriverOrder + Driver#### EFI variables UEFI Bootkits
Hardware I/O Memory Network Graphics UEFI DXE Core / Dispatcher UEFI OS Loaders System Firmware (SEC/PEI) UEFI Boot Loader Bootx64.efi Bootmgfw.efi OS Kernel / Drivers Malware DXE Driver DXE Driver UEFI OROM UEFI OROM HDD UEFI Bootkits
Patching UEFI “Option ROM” UEFI DXE Driver in Add-On Card (Network, Storage..) Non-Embedded in FV in ROM Mac EFI Rootkits by @snare, Black Hat USA 2012 UEFI Bootkits
Replacing OS Loaders (winload.efi, winresume.efi) Patching GUID Partition Table (GPT) UEFI Bootkits
Hardware I/O Memory Network Graphics UEFI DXE Core / Dispatcher UEFI OS Loaders System Firmware (SEC/PEI) UEFI Boot Loader Bootx64.efi Bootmgfw.efi OS Kernel / Drivers Malware DXE Driver DXE Driver UEFI OROM UEFI OROM HDD UEFI Bootkits
What about Secure Boot?
Hardware I/O Memory Network Graphics UEFI DXE Core / Dispatcher UEFI OS Loaders (winload.efi, winresume.efi) System Firmware (SEC/PEI) UEFI OROM UEFI Boot Loader Bootx64.efi Bootmgfw.efi Signed BIOS Update UEFI OROM UEFI App UEFI App DXE Driver DXE Driver OS Kernel / Early Launch Anti-Malware (ELAM) UEFI Secure Boot OS Driver OS Driver Windows 8.1 Secure Boot Secure Boot on MS Windows 8.1
Hardware I/O Memory Network Graphics UEFI DXE Core / Dispatcher UEFI OS Loaders System Firmware (SEC/PEI) DXE Driver UEFI Boot Loader Bootx64.efi Bootmgfw.efi Signed BIOS Update DXE Driver OS Kernel OS Driver OS Exploit Modify Secure Boot FW or config in ROM Secure Boot bypass possible?
First Public Windows 8 Secure Boot Bypass (Aug 2013) A Tale Of One Software Bypass Of Windows 8 Secure Boot
Bootkits: Past, Present & Future - Virus Bulletin
BIOS Attack Surface System FW/BIOS SPI Flash Protection BIOS Update SMRAM Protection Hardware Config. SMI Handlers Secure Boot BIOS Settings (NVRAM, Variables) … Summary of Attacks Against BIOS and Secure Boot
Bootkits: Past, Present & Future - Virus Bulletin
From Analytics, and Scalability, and UEFI Exploitation by Teddy Reed Patch attempts to enable BIOS write protection (sets BIOS_CONTROL[BLE]). Picked up by Subzero
CHIPSEC Platform Security Assessment Framework https://github.com/chipsec/chipsec @CHIPSEC
CHIPSEC: Platform Security Assessment Framework
CHIPSEC: Platform Security Assessment Framework chipsec_main.py runs modules (see modules dir below) chipsec_util.py runs manual utilities (see utilcmd dir below) /chipsec /cfg platform specific configuration /hal all the HW stuff you can interact with /helper support for OS/environments /modules modules (tests/tools/PoCs) go here /utilcmd utility commands for chipsec_util
Known Threats and CHIPSEC modules Issue CHIPSEC Module References SMRAM Locking common.smm CanSecWest 2006 BIOS Keyboard Buffer Sanitization common.bios_kbrd_buffer DEFCON 16 2008 SMRR Configuration common.smrr ITL 2009 CanSecWest 2009 BIOS Protection common.bios_wp BlackHat USA 2009 CanSecWest 2013 Black Hat 2013 NoSuchCon 2013 Flashrom SPI Controller Locking common.spi_lock Flashrom Copernicus BIOS Interface Locking common.bios_ts PoC 2007 Access Control for Secure Boot Keys common.secureboot.keys UEFI 2.4 Spec Access Control for Secure Boot Variables common.secureboot.variables UEFI 2.4 Spec
BIOS/Firmware Forensics Live system firmware analysis chipsec_util spi info chipsec_util spi dump rom.bin chipsec_util spi read 0x700000 0x100000 bios.bin chipsec_util uefi var-list chipsec_util uefi var-read db D719B2CB-3D3A-4596-A3BC-DAD00E67656F db.bin Offline system firmware analysis chipsec_util uefi keys PK.bin chipsec_util uefi nvram vss bios.bin chipsec_util uefi decode rom.bin chipsec_util decode rom.bin
How to dump BIOS firmware directly from chip?
How to dump BIOS firmware directly from chip?
DEMO TIME
Bootkits: Past, Present & Future - Virus Bulletin
Thank you for your attention! Eugene Rodionov @vxradius Alexander Matrosov @matrosov David Harley @DavidHarleyBlog

More Related Content

PDF
Defeating x64: The Evolution of the TDL Rootkit
Alex Matrosov
 
PDF
Advanced Evasion Techniques by Win32/Gapz
Alex Matrosov
 
PDF
3 reasons your business can't ignore Two-Factor Authentication
Fortytwo
 
PPTX
Windows kernel basic exploit
Kyoungseok Yang
 
PDF
What is malware
Malcolm York
 
PDF
Wireless security
Aurobindo Nayak
 
PDF
05.2 virtio introduction
zenixls2
 
PPTX
MALWARE AND ITS TYPES
daniyalqureshi712
 
Defeating x64: The Evolution of the TDL Rootkit
Alex Matrosov
 
Advanced Evasion Techniques by Win32/Gapz
Alex Matrosov
 
3 reasons your business can't ignore Two-Factor Authentication
Fortytwo
 
Windows kernel basic exploit
Kyoungseok Yang
 
What is malware
Malcolm York
 
Wireless security
Aurobindo Nayak
 
05.2 virtio introduction
zenixls2
 
MALWARE AND ITS TYPES
daniyalqureshi712
 

Similar to Bootkits: Past, Present & Future - Virus Bulletin (20)

PDF
Bootkits: past, present & future
Alex Matrosov
 
PPTX
Defeating x64: Modern Trends of Kernel-Mode Rootkits
Alex Matrosov
 
PDF
DEF CON 27 - MICHAEL LEIBOWITZ and TOPHER TIMZEN - edr is coming hide yo sht
Felipe Prado
 
PDF
Csw2017 bazhaniuk exploring_yoursystemdeeper_updated
CanSecWest
 
PPTX
UEFI Firmware Rootkits: Myths and Reality
Sally Feller
 
PPT
Slimline Open Firmware
Heiko Joerg Schick
 
PPTX
BlueHat v17 || Betraying the BIOS: Where the Guardians of the BIOS are Failing
BlueHat Security Conference
 
PDF
Embedded Linux BSP Training (Intro)
RuggedBoardGroup
 
PDF
Boot process: BIOS vs UEFI
Alea Soluciones, S.L.
 
PDF
Needle In An Encrypted Haystack: Forensics in a hardened environment (with Fu...
Nicolas Collery
 
PDF
BIOS and Secure Boot Attacks Uncovered
Alex Matrosov
 
PPTX
Upgrade Ubuntu 18.04 Security with Secureboot
Jonathan MICHEL-VILLAZ
 
PDF
Let Me Pick Your Brain - Remote Forensics in Hardened Environments
Nicolas Collery
 
PDF
Linux kernel booting
Ramin Farajpour Cami
 
PDF
Booting UEFI-aware OS on coreboot enabled platform - "In God's Name, Why?"
Piotr Król
 
PPTX
Bootloaders (U-Boot)
Omkar Rane
 
PPTX
U-Boot Porting on New Hardware
RuggedBoardGroup
 
PDF
[Hackito2012] Hardware backdooring is practical
Moabi.com
 
PPTX
WinFE: The (Almost) Perfect Triage Tool
Brent Muir
 
PDF
Grub2 Booting Process
Mike Wang
 
Bootkits: past, present & future
Alex Matrosov
 
Defeating x64: Modern Trends of Kernel-Mode Rootkits
Alex Matrosov
 
DEF CON 27 - MICHAEL LEIBOWITZ and TOPHER TIMZEN - edr is coming hide yo sht
Felipe Prado
 
Csw2017 bazhaniuk exploring_yoursystemdeeper_updated
CanSecWest
 
UEFI Firmware Rootkits: Myths and Reality
Sally Feller
 
Slimline Open Firmware
Heiko Joerg Schick
 
BlueHat v17 || Betraying the BIOS: Where the Guardians of the BIOS are Failing
BlueHat Security Conference
 
Embedded Linux BSP Training (Intro)
RuggedBoardGroup
 
Boot process: BIOS vs UEFI
Alea Soluciones, S.L.
 
Needle In An Encrypted Haystack: Forensics in a hardened environment (with Fu...
Nicolas Collery
 
BIOS and Secure Boot Attacks Uncovered
Alex Matrosov
 
Upgrade Ubuntu 18.04 Security with Secureboot
Jonathan MICHEL-VILLAZ
 
Let Me Pick Your Brain - Remote Forensics in Hardened Environments
Nicolas Collery
 
Linux kernel booting
Ramin Farajpour Cami
 
Booting UEFI-aware OS on coreboot enabled platform - "In God's Name, Why?"
Piotr Król
 
Bootloaders (U-Boot)
Omkar Rane
 
U-Boot Porting on New Hardware
RuggedBoardGroup
 
[Hackito2012] Hardware backdooring is practical
Moabi.com
 
WinFE: The (Almost) Perfect Triage Tool
Brent Muir
 
Grub2 Booting Process
Mike Wang
 
Ad

More from ESET (20)

PDF
ESET Cybersecurity students
ESET
 
PDF
ESET Cybersecurity training
ESET
 
PDF
How to implement a robust information security management system?
ESET
 
PDF
#AntimalwareDay: The ESET Celebration of the Origins of Computer Defense in N...
ESET
 
PDF
Visiting the Bear Den
ESET
 
PDF
AVAR Sydney 2014: Lemming Aid and Kool Aid: Helping the Community to Help Its...
ESET
 
PDF
ESET Quick Guide to the EU General Data Protection Regulation
ESET
 
PDF
Operation Buhtrap - AVAR 2015
ESET
 
PPTX
Advanced Persistent Threats
ESET
 
PDF
Shopping Online
ESET
 
PDF
Banking Online
ESET
 
PPTX
Is Anti-Virus Dead?
ESET
 
PDF
Is Linux/Moose endangered or extinct?
ESET
 
PDF
Unpack your troubles*: .NET packer tricks and countermeasures
ESET
 
PPTX
ESET: #DoMore With Our Comprehensive Range of Business Products
ESET
 
PPTX
ESET: Delivering Benefits to Enterprises
ESET
 
PPTX
ESET: Delivering Benefits to Medium and Large Businesses
ESET
 
PPTX
#DoMore with ESET
ESET
 
PPTX
2014: Mid-Year Threat Review
ESET
 
PDF
Learn more about ESET and our soulutions for mobile platforms
ESET
 
ESET Cybersecurity students
ESET
 
ESET Cybersecurity training
ESET
 
How to implement a robust information security management system?
ESET
 
#AntimalwareDay: The ESET Celebration of the Origins of Computer Defense in N...
ESET
 
Visiting the Bear Den
ESET
 
AVAR Sydney 2014: Lemming Aid and Kool Aid: Helping the Community to Help Its...
ESET
 
ESET Quick Guide to the EU General Data Protection Regulation
ESET
 
Operation Buhtrap - AVAR 2015
ESET
 
Advanced Persistent Threats
ESET
 
Shopping Online
ESET
 
Banking Online
ESET
 
Is Anti-Virus Dead?
ESET
 
Is Linux/Moose endangered or extinct?
ESET
 
Unpack your troubles*: .NET packer tricks and countermeasures
ESET
 
ESET: #DoMore With Our Comprehensive Range of Business Products
ESET
 
ESET: Delivering Benefits to Enterprises
ESET
 
ESET: Delivering Benefits to Medium and Large Businesses
ESET
 
#DoMore with ESET
ESET
 
2014: Mid-Year Threat Review
ESET
 
Learn more about ESET and our soulutions for mobile platforms
ESET
 
Ad

Recently uploaded (20)

PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PDF
GDG Cloud Iasi [PUBLIC] Florian Blaga - Unveiling the Evolution of Cybersecur...
athlonica
 
PDF
madgavkar20181017ppt McKinsey Presentation.pdf
georgschmitzdoerner
 
PDF
Sensors and Actuators in IoT Systems using pdf
jeffinmathew654
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PDF
GamePlan Trading System Review: Professional Trader's Honest Take
SOFTTECHHUB
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PDF
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
PDF
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
GDG Cloud Iasi [PUBLIC] Florian Blaga - Unveiling the Evolution of Cybersecur...
athlonica
 
madgavkar20181017ppt McKinsey Presentation.pdf
georgschmitzdoerner
 
Sensors and Actuators in IoT Systems using pdf
jeffinmathew654
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
GamePlan Trading System Review: Professional Trader's Honest Take
SOFTTECHHUB
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 

Bootkits: Past, Present & Future - Virus Bulletin

  • 1. Bootkits: Past, Present & Future Alexander Matrosov @matrosov Eugene Rodionov @vxradius David Harley @DavidHarleyBlog
  • 2. Agenda  Modern Bootkits History  Legacy BIOS vs. UEFI Boot Environment & Proof of Concept vs. In the Wild  Legacy BIOS Bootkit Classification  UEFI Bootkits  Bootkit Implementation Strategies  Attacks against Secure Boot  Forensic Software  HiddenFsReader  CHIPSEC
  • 3. Modern Bootkit History 20072007 20082008 20092009 20102010 20112011 20122012 2013201320052005 20142014 eEye BootRoot Mebroot Vbootkit Mebratix Mebrootv2 Olmarik(TDL4) Olmasco(TDL4-based) Vbootkit x64 Vbootkit x64 Rovnix Evil Core Stoned Bootkit Mebromi DeepBoot Stoned Bootkit x64 Gapz VGA Bootkit Dream Boot OldBoot(AndroidBootkit) Microsoft x64 platform gains popularity Secure Boot implemented in Windows 8 In the Wild Proof of Concept
  • 4. Legacy BIOS vs. UEFI  No more MBR and VBR/IPL code  Different hard drive partitioning scheme: GPT (GUID Partition Table)  Secure Boot technology is implemented in Windows 8 BIOS BIOS boot code bootmgr Load kernel and boot start drivers winload.efi MBR (Master Boot Record) VBR/IPL (Volume Boot Record/ Initial Program Loader) Load kernel and boot start drivers winload.efi UEFI boot loader (bootmgfw.efi) UEFI boot code UEFI
  • 5. The Target of Modern Bootkits (MBR/VBR)
  • 6. Classification of MBR/VBR Bootkits Bootkits MBR VBR/IPL MBR Code modification Partition Table modification IPL Code modification BIOS Parameter Block modification TDL4 Olmasco Rovnix Gapz
  • 7. IPL Code Modification: Rovnix  Win64/Rovnix overwrites bootstrap code of the active partition MBR VBR Bootstrap Code File System Data VBR Malicious Code File System Data Bootstrap Code MBR NTFS bootstrap code (15 sectors) Before Infecting After Infecting Malicious Unsigned Driver Compressed Data “Hasta La Vista, Bootkit: Exploiting the VBR” http://www.welivesecurity.com/2011/08/23/hasta-la-vista-bootkit-exploiting-the-vbr/
  • 8. Gapz VBR Bootkit Main features:  Relies on Microsoft Windows VBR layout  The infections result in modifying only 4 bytes of VBR  The patched bytes might differ on various installations jmp BIOS Parameter Block (BPB) VBR code Text Strings 0x55 0xAA 0x000 0x003 0x054 0x19C 0x1FE 0x200 transfer control “Mind the Gapz: The most complex bootkit ever analyzed?” http://www.welivesecurity.com/wp-content/uploads/2013/04/gapz-bootkit-whitepaper.pdf
  • 9. Gapz BPB Layout struct BIOS_PARAMETER_BLOCK { WORD BytesPerSector; BYTE SecPerCluster; WORD ReservedSectors; BYTE Reserved[5]; BYTE MediaDescriptorID; WORD Reserved2; WORD SectorsPerTrack; WORD NumberOfHeads; DWORD HiddenSectors; DWORD Reserved3[2]; LONGLONG TotalSectors; LONGLONG StartingCluster; LONGLONG MFTMirrStartingCluster; DWORD ClustersPerMFTRecord; DWORD ClustersPerIndexBuffer; LONGLONG VolumeSerialNumber; DWORD Reserved4; };
  • 10. Gapz MBR NTFS File SystemIPLVBR NTFS Volume 0x200 0x1E00 Number of “Hidden Sectors” MBR NTFS File SystemIPL Infected VBR NTFS Volume 0x200 0x1E00 Hard Drive Modified value of number of “Hidden Sectors” Bootkit before infection after infection
  • 11. Modern Bootkits ComparisonFunctionality Gapz Olmarik (TDL4) Rovnix (Cidox) Goblin (XPAJ) Olmasco (MaxSS) MBR modification      VBR modification      Hidden file system type FAT32 custom FAT16 modification custom (TDL4 based) custom Crypto implementation AES-256, RC4, MD5, SHA1, ECC XOR/RC4 Custom (XOR+ROL)  RC6 modification Compression algorithm   aPlib aPlib  Custom TCP/IP network stack implementation     
  • 12. HiddenFsReader as a Forensic Tool (MBR/VBR)
  • 13. HiddenFsReader as a Forensic Tool (MBR/VBR)
  • 15. In The Beginning… In 1998-99 CIH (Chernobyl) virus written by a student of Taipei Tatung Institute of Technology in Taiwan infected ~60 million PCs CIH (Chernobyl) erased BIOS ‘ROM’ boot block and boot sectors on a hard drive causing ~1B US dollars in damage
  • 16. • Mebromi malware includes BIOS infector & MBR bootkit components • Patches BIOS ROM binary injecting malicious ISA Option ROM with legitimate BIOS image mod utility • Triggers SW SMI 0x29/0x2F to erase SPI flash then write patched BIOS binary Signed BIOS Updates Are Rare • No concept of Secure or Verified Boot • Wonder why TDL4 and likes flourished? No Signature Checks of OS boot loaders (MBR/VBR)
  • 17. UEFI BIOS Firmware SEC Pre-EFI Init (PEI) Driver Exec Env (DXE) Boot Dev Select (BDS) Runtime / OS S-CRTM; Init caches/MTRRs; Cache-as-RAM (NEM); Recovery; TPM Init S-CRTM: Measure DXE/BDS Early CPU/PCH Init Memory (DIMMs, DRAM) Init, SMM Init Continue initialization of platform & devices Enum FV, dispatch drivers (network, I/O, service..) Produce Boot and Runtime Services Boot Manager (Select Boot Device) EFI Shell/Apps; OS Boot Loader(s) ExitBootServices. Minimal UEFI services (Variable) ACPI, UEFI SystemTable, SMBIOS table CPU Reset
  • 18. UEFI Bootkits Hardware I/O Memory Network Graphics UEFI DXE Core / Dispatcher UEFI OS Loaders System Firmware (SEC/PEI) DXE Driver UEFI Boot Loader Bootx64.efi Bootmgfw.efi DXE Driver UEFI OROM UEFI OROM OS Kernel / Drivers HDD Malware
  • 19. Hardware I/O Memory Network Graphics UEFI DXE Core / Dispatcher UEFI OS Loaders System Firmware (SEC/PEI) UEFI Boot Loader Bootx64.efi Bootmgfw.efi OS Kernel / Drivers Malware DXE Driver DXE Driver UEFI OROM UEFI OROM HDD UEFI Bootkits
  • 20. Replacing Windows Boot Manager EFI System Partition (ESP) on Fixed Drive ESPEFIMicrosoftBootbootmgfw.efi UEFI technology: say hello to the Windows 8 bootkit! by ITSEC Replacing Fallback Boot Loader ESPEFIBootbootx64.efi UEFI and Dreamboot by Sébastien Kaczmarek, QUARKSLAB Adding New Boot Loader (bootkit.efi) Modified BootOrder / Boot#### EFI variables UEFI Bootkits
  • 21. Hardware I/O Memory Network Graphics UEFI DXE Core / Dispatcher UEFI OS Loaders System Firmware (SEC/PEI) UEFI Boot Loader Bootx64.efi Bootmgfw.efi OS Kernel / Drivers Malware DXE Driver DXE Driver UEFI OROM UEFI OROM HDD UEFI Bootkits
  • 22. Adding/Replacing DXE Driver Stored on Fixed Drive Not embedded in Firmware Volume (FV) in ROM Modified DriverOrder + Driver#### EFI variables UEFI Bootkits
  • 23. Hardware I/O Memory Network Graphics UEFI DXE Core / Dispatcher UEFI OS Loaders System Firmware (SEC/PEI) UEFI Boot Loader Bootx64.efi Bootmgfw.efi OS Kernel / Drivers Malware DXE Driver DXE Driver UEFI OROM UEFI OROM HDD UEFI Bootkits
  • 24. Patching UEFI “Option ROM” UEFI DXE Driver in Add-On Card (Network, Storage..) Non-Embedded in FV in ROM Mac EFI Rootkits by @snare, Black Hat USA 2012 UEFI Bootkits
  • 25. Replacing OS Loaders (winload.efi, winresume.efi) Patching GUID Partition Table (GPT) UEFI Bootkits
  • 26. Hardware I/O Memory Network Graphics UEFI DXE Core / Dispatcher UEFI OS Loaders System Firmware (SEC/PEI) UEFI Boot Loader Bootx64.efi Bootmgfw.efi OS Kernel / Drivers Malware DXE Driver DXE Driver UEFI OROM UEFI OROM HDD UEFI Bootkits
  • 28. Hardware I/O Memory Network Graphics UEFI DXE Core / Dispatcher UEFI OS Loaders (winload.efi, winresume.efi) System Firmware (SEC/PEI) UEFI OROM UEFI Boot Loader Bootx64.efi Bootmgfw.efi Signed BIOS Update UEFI OROM UEFI App UEFI App DXE Driver DXE Driver OS Kernel / Early Launch Anti-Malware (ELAM) UEFI Secure Boot OS Driver OS Driver Windows 8.1 Secure Boot Secure Boot on MS Windows 8.1
  • 29. Hardware I/O Memory Network Graphics UEFI DXE Core / Dispatcher UEFI OS Loaders System Firmware (SEC/PEI) DXE Driver UEFI Boot Loader Bootx64.efi Bootmgfw.efi Signed BIOS Update DXE Driver OS Kernel OS Driver OS Exploit Modify Secure Boot FW or config in ROM Secure Boot bypass possible?
  • 30. First Public Windows 8 Secure Boot Bypass (Aug 2013) A Tale Of One Software Bypass Of Windows 8 Secure Boot
  • 32. BIOS Attack Surface System FW/BIOS SPI Flash Protection BIOS Update SMRAM Protection Hardware Config. SMI Handlers Secure Boot BIOS Settings (NVRAM, Variables) … Summary of Attacks Against BIOS and Secure Boot
  • 34. From Analytics, and Scalability, and UEFI Exploitation by Teddy Reed Patch attempts to enable BIOS write protection (sets BIOS_CONTROL[BLE]). Picked up by Subzero
  • 36. CHIPSEC: Platform Security Assessment Framework
  • 37. CHIPSEC: Platform Security Assessment Framework chipsec_main.py runs modules (see modules dir below) chipsec_util.py runs manual utilities (see utilcmd dir below) /chipsec /cfg platform specific configuration /hal all the HW stuff you can interact with /helper support for OS/environments /modules modules (tests/tools/PoCs) go here /utilcmd utility commands for chipsec_util
  • 38. Known Threats and CHIPSEC modules Issue CHIPSEC Module References SMRAM Locking common.smm CanSecWest 2006 BIOS Keyboard Buffer Sanitization common.bios_kbrd_buffer DEFCON 16 2008 SMRR Configuration common.smrr ITL 2009 CanSecWest 2009 BIOS Protection common.bios_wp BlackHat USA 2009 CanSecWest 2013 Black Hat 2013 NoSuchCon 2013 Flashrom SPI Controller Locking common.spi_lock Flashrom Copernicus BIOS Interface Locking common.bios_ts PoC 2007 Access Control for Secure Boot Keys common.secureboot.keys UEFI 2.4 Spec Access Control for Secure Boot Variables common.secureboot.variables UEFI 2.4 Spec
  • 39. BIOS/Firmware Forensics Live system firmware analysis chipsec_util spi info chipsec_util spi dump rom.bin chipsec_util spi read 0x700000 0x100000 bios.bin chipsec_util uefi var-list chipsec_util uefi var-read db D719B2CB-3D3A-4596-A3BC-DAD00E67656F db.bin Offline system firmware analysis chipsec_util uefi keys PK.bin chipsec_util uefi nvram vss bios.bin chipsec_util uefi decode rom.bin chipsec_util decode rom.bin
  • 40. How to dump BIOS firmware directly from chip?
  • 41. How to dump BIOS firmware directly from chip?
  • 44. Thank you for your attention! Eugene Rodionov @vxradius Alexander Matrosov @matrosov David Harley @DavidHarleyBlog