Login or Register to Ask a Question and Join Our Community


Cybersecurity

Ouch!

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Ouch!
# 1  
Old 07-06-2016
Ouch!
Not sure if this is the correct forum but a 0 day exploit of UEFI...

My aimful life: Exploring and exploiting Lenovo firmware secrets
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT MOJAVE

eficheck

EFICHECK(8)						    BSD System Manager's Manual 					       EFICHECK(8)

NAME

     eficheck -- check the integrity of the x86 flash chip firmware.

SYNOPSIS

     eficheck --integrity-check [-h EFI-hash-input-file] [-b EFI-binary-input-file]
     eficheck --show-hashes [-h EFI-hash-input-file] [-b EFI-binary-input-file]
     eficheck --generate-hashes [-h EFI-hash-output-file] [-p output-path]
     eficheck --save [-b EFI-binary-output-file]
     eficheck --cleanup [-b EFI-binary-input-and-output-file>]
     eficheck --version
     eficheck --help

DESCRIPTION

     eficheck is a tool to check the x86 flash chip firmware.

     The following commands can be used with eficheck:

     --integrity-check hashes portion of the firmware and compares against known-good hashes

     --generate-hashes outputs hashes for a given firmware to be used as known-good hashes

     --show-hashes shows the hashes for the sub-sections of the firmware which are measured

     --save saves the full flash chip contents to a binary file. Requires root privileges.

     --cleanup zeros any privacy-sensitive data (such as nvram), enabling the file to be shared for analysis.

     --version print out eficheck version number.

     --help display a short help.

EXAMPLES

	    'eficheck --save -b firmware.bin'

		Save this system's EFI firmware as firmware.bin

	    'eficheck --cleanup -b firmware.bin'

		Overwrite the EFI variables portion of the firmware.bin, in place

	    'eficheck --generate-hashes'

		Analyze the current system's installed EFI firmware, and store the hashes into hash file(s) in current folder

		File name(s) will be selected according to image's EFI version(s)

	    'eficheck --generate-hashes -b firmware.bin'

		Analyze the firmware.bin, and store the hashes into hash file(s) in current folder. Filename will be based on the detected
     firmware version.

	    'eficheck --generate-hashes -p /usr/local/allowlists'

		Analyze the current system's installed EFI firmware, and store the hashes into hash file(s) in /usr/local/allowlists folder

	    'eficheck --integrity-check'

		Attempt to automatically determine which firmware you are running, and integrity check against the appropriate file, and report
     any differences

	    'eficheck --integrity-check -h /usr/libexec/firmwarecheckers/eficheck/EFIAllowListShipping.bun-
     dle/allowlists/IM171.88Z.0105.B08.1604111319.0.ealf'

		Compare the current system's EFI firmware against the Apple-provided expected measurements for an "iMac17,1" at firmware revision
     B08, and report any differences

	    'eficheck --integrity-check -h hash.ealf -b firmware.bin'

		Compare the given hash file against against the given firmware image and report any differences

	    'eficheck --show-hashes'

		Print the hashes for the current system's installed EFI firmware to stdout

	    'eficheck --show-hashes -b firmware.bin'

		Print the hashes for the given firmware.bin to stdout

	    'eficheck --show-hashes -h IM171.88Z.0105.B08.1604111319.0.ealf'

		Print the hashes for the given allowlist to stdout

								   May 25, 2017