Hello ... If anyone knows what software,and how to extract it,SMM from UEFI,I want to experiment,on a Thinkpad_T460s with MAX25L12873F,Please tell me if you know.
Please Help me...
i am interested in what you find with that model.
go to https://www.coreboot.org
look in the wiki - they link to lots of tools for extracting and modifying content.
Hello ... If anyone knows what software,and how to extract it,SMM from UEFI,I want to experiment,on a Thinkpad_T460s with MAX25L12873F,Please tell me if you know.
Please Help me...
Thanks.
System Management Mode basics
SMM is a special execution mode of IA-32 architecture that was introduced with i386, chapter 34 of Intel 64 and IA-32 Architectures Software Developer's Manual is the main information source about it's design and usage:
SMM is a special-purpose operating mode provided for handling system-wide functions like power management, system hardware control, or proprietary OEM-designed code. It is intended for use only by system firmware, not by applications software or general-purpose systems software. The main benefit of SMM is that it offers a distinct and easily isolated processor environment that operates transparently to the operating system or executive and software applications.
Some time ago SMM was used by BIOS developers mostly for power management and legacy devices emulation, for example, PS/2 support (port 60h/64h) for USB keyboard and mouse. Nowadays it's also widely used for firmware and platform security purposes.
Why SMM is interesting for hackers?
In UEFI specification SMM plays very important role for implementing of platform security mechanisms that protects firmware image stored inside flash chip on motherboard from unauthorised modifications by malicious software.
SMM is excellent place to hide OS independent and invisible malware. This execution mode has extreme power over all of the other software that runs on CPU, even OS kernel or VT-x hypervisor. http://blog.cr4.sh/2015/07/building-...-for-uefi.html
SMM executable code and data lives inside SMRAM and when SMRAM is locked — it can't be accessed by code of operating system or user mode software. System firmware (legacy BIOS or UEFI) copies SMM code into SMRAM and locks it during platform initialization.
Processor is switching to SMM only trough System Management Interrupt (SMI), it saving current execution context into SMRAM and start executing SMI handler that can exit from SMM and resume execution from saved context using RSM instruction.
i am interested in what you find with that model.
go to https://www.coreboot.org
look in the wiki - they link to lots of tools for extracting and modifying content.
In Coreboot, not found a file for this model T460s,
I am interested,to cancel this SMM,
not to ask for the password UEFI (bios).
what do you aim to acomplish? password removal or something else?
do you have expirience in reverse engineering or have you ever coded code that can be injected in bios to be executed?
im very interested in project... done some minor bios modding before, unlocking menus and stuff...
but i have very limited knowledge :-/
To bypass the password,
who is in MEC1633l.and I have minor knowledge,but with your help,I'll handle it.
What software, to use to make a patch,other than ...UefiTool ?
thanks.
MEC1633l needs to be programmed with clean firmware by SVOD or RT802H
on allservice.ro thay developed a module (DXE Driver) that is inserted on org bios, it reads some data and displays code that after you send to them and pay thay make you a key to unlock pemanently
MEC1633l needs to be programmed with clean firmware by SVOD or RT802H
on allservice.ro thay developed a module (DXE Driver) that is inserted on org bios, it reads some data and displays code that after you send to them and pay thay make you a key to unlock pemanently
maybe something can be done by loading dump in IDA PRO and disabling checks but i dont have time for that (nor do i have laptop to test it on)
I found MMTool and UEFITool but still do not know what to delete from the file ..
it does not cost much to make the boys know ...
I want to learn to do it myself.I'm sorry i do not know english well.
There are two methods in hacking the DXE module, but please note this is untested.
Modify the key check so it accepts any code.
If you're willing to try the modified version use the file attached, and again it is untested.
Using a key generator.
From the image above, the key for machine id 2492411559 should be 7316483. Anyone with other machine id can reply here to test the key generator. Please note, the key generator also still untested.
Comment