Reversing UEFI by execution

Presented at 32C3 (2015), Dec. 29, 2015, 8:30 p.m. (30 minutes)

This talk will be an overview of how to reverse-engineer Unified Extensible Firmware Interface (UEFI) firmware, the replacement for BIOS. Various useful tools will be discussed, including those written by the presenter and those written by others. One of the highlights will be a tool that enables running parts of the firmware in userspace on a standard Operating System. The Unified Extensible Firmware Interface (UEFI) is a programming environment quite different from regular Operating Systems models, and as such reverse engineering UEFI software is quite different from reversing standard software. This talk will consits of three parts. First, an overview of UEFI and what makes it different will be presented. Then, existing and new tools that aid in reversing UEFI are discussed, including a demonstration of the <i>efiperun</i> tool that enables running UEFI modules in userspace. The talk will conclude with the recounting of a succesful reverse engineering project to uncover the Lenovo hard drive password hashing algorithm. Jethro Beekman is a security researcher and Ph.D. student at the University of California, Berkeley. He has a broad range of interests in technology, ranging from electronics to cryptography. Recent work has focused on various topics such as side-channels, remote attestation, Heartbleed and the Rust programming language.

Presenters:

Links:

Similar Presentations: