FreshRSS

๐Ÿ”’
โŒ Secure Planet Training Courses Updated For 2019 - Click Here
โ˜ท
โ–ณ ๐Ÿ”ƒ
There are new available articles, click to refresh the page.
Before yesterdayYour RSS feeds

Platbox - UEFI And SMM Assessment Tool

By: Zion3R


UEFI and SMM Assessment Tool

Features

Platbox is a tool that helps assessing the security of the platform:

  • Dumps the platform registers that are interesting security-wise
    • Flash Locks
    • MMIO and Remapping Locks
    • SMM Base and Locks
    • MSRs
  • RW access to the PCI configuration space of devices.
  • RW to physical memory and virtual memory.
  • Allows allocating physical memory and map memory to usermode.
  • Read and Write MSRs.
  • Dump SPI Flash content (BIOS) into a file.
  • Basic dumb SMI Fuzzer.
  • Dump S3 Bootscript (from SMM-Lockbox) into a file.
  • Dump EFI Memory Map (Linux only for now).
  • List UEFI variables.
  • Supports Linux and Windows.
  • Supports Intel and AMD.

Example of 'chipset' command output for an AMD platform

Project Structure

The project is divided as follows:

  • PlatboxDrv: kernel drivers used for Linux and Windows.
  • PlatboxLib: the usermode component that loads the kernel driver and provides access to all the previously listed features.
  • PlatboxCli: a console client that uses the library.
  • Pocs: an example of a program using features from the libary.

Compilation Steps

Windows

Release Build 
cmake -G "Visual Studio 17 2022" -A x64 -S .. -B "build64" 
cmake --build build64/ --target platbox_cli --config Release


Millions of Android Devices Still Don't Have Patches for Mali GPU Flaws

By: Ravie Lakshmanan
A set of five medium-severity security flaws in Arm's Mali GPU driver has continued to remain unpatched on Android devices for months, despite fixes released by the chipmaker. Google Project Zero, which discovered and reported the bugs, said Arm addressed the shortcomings in July and August 2022. "These fixes have not yet made it downstream to affected Android devices (including Pixel, Samsung,
โŒ