Prodefence – Cyber security

Cyber security solutions

Malware analysis tools 

chipsec v1.4.0 releases: Platform Security Assessment Framework

Anastasis Vasileiadis

CHIPSEC is a framework for analyzing the security of PC platforms including hardware, system firmware (BIOS/UEFI), and platform components. It includes a security test suite, tools for accessing various low-level interfaces, and forensic capabilities. It can be run on Windows, Linux, Mac OS X and UEFI shell. Instructions for installing and using CHIPSEC can be found in the manual.

NOTE: This software is for security testing purposes. Use at your own risk. Read WARNING.txt before using.

The first version of CHIPSEC was released in March 2014: Announcement at CanSecWest 2014

The recent presentation on how to use CHIPSEC to find vulnerabilities in firmware, hypervisors and hardware configuration, explore low-level system assets and even detect firmware implants: Exploring Your System Deeper

Csw2017 bazhaniuk exploring_yoursystemdeeper_updated from CanSecWest

What is Platform Security?
Hardware Implementation and Configuration
• Available Security Features
• Correct Configuration of HW Components
• Testing/Demonstration of HW Security Mechanisms
Firmware Implementation and Configuration
• Access Controls on Firmware Interfaces
• Correct Settings of Lock Bits
• Testing/Demonstration of FW Security Mechanisms

Feature:
+ System Management Mode
* CPU SMM Cache Poisoning / SMM Range Registers (SMRR)
* SMM memory (SMRAM) Lock
+ BIOS Write Protection
+ Direct HW Access for Manual Testing
+ Forensics
* Live system firmware analysis
* Offline system firmware analysis

Changelog v1.4.0

New or Updated Modules:

  • utilcmd.cpu_cmd – Updated to utilize argparse
  • modules.common.spd_wd – updated to work within python3

New or Updated Functionality:

  • python3 is supported – merged in python3-rc branch
  • PCI enumeration will be silent by default when the –debug flag is enabled
  • c6xx supported platforms

Fixes:

  • Exception handling when pci_enumeration fails
  • Removed debug print from Windows helper IOCTL calls
  • Use of is when comparing None type
  • Division within modules compliant with python3
  • Windows driver hypercall type
  • Filehelper updated to work with python3

Additional Information:

  • python2.7 is still supported
  • Any modules under the modules.tools directory have not yet been fully validated to work with python3
  • When filing an issue with python3 if possible also include the results of running the same command with python2

Install

Clone chipsec Git repository and install it as a package:
git clone https://github.com/chipsec/chipsec
python setup.py install
sudo chipsec_main
To use CHIPSEC in place without installing it:
python setup.py build_ext -i
sudo python chipsec_main.py

Clone chipsec Git repository and install it as a package:
# git clone https://github.com/chipsec/chipsec
# python setup.py install
# sudo chipsec_main
To use CHIPSEC in place without installing it:
# python setup.py build_ext -i
# sudo python chipsec_main.py

NOTE: Please read chipsec-manual.pdf For Detail installation and Configuration.

Tutorial

Copyright (C) 2018 chipsecintel

Source: https://github.com/chipsec/

Anastasis Vasileiadis

PC Technical || Penetration Tester || Ethical Hacker || Cyber Security Expert || Cyber Security Analyst || Information Security Researcher || Malware analyst || Malware Investigator || Reverse Engineering

SC ProDefence SRL - Cyber Security Services