tag:blogger.com,1999:blog-24586388.post6224623698776609952..comments2023-11-24T09:52:43.963+01:00Comments on The Invisible Things Lab's blog: The Sky Is Falling?Joanna Rutkowskahttp://www.blogger.com/profile/07657268181166351141noreply@blogger.comBlogger11125tag:blogger.com,1999:blog-24586388.post-84365821019490093452009-04-24T22:09:00.000+02:002009-04-24T22:09:00.000+02:00@anonymous:
You're correct, the exploit writes on...@anonymous:<br /><br />You're correct, the exploit writes only to the cache, not to the actual DRAM (where the original SMM code is located). And, of course, this is just enough, because we're interested here in obtaining the SMM privileges, and we do get them, because the CPU executes our code from *cache* with SMM privileges.<br /><br />Should we be interested in actually modifying also the SMM handler (e.g. to create an SMM rootkit), we could use the simple trick described by Loic in his presentation [1] based on modifying the SMBASE register (one needs to be "in SMM" to be able to modify this register, of course).<br /><br />[1] http://cansecwest.com/csw09/csw09-duflot.pdfJoanna Rutkowskahttps://www.blogger.com/profile/07657268181166351141noreply@blogger.comtag:blogger.com,1999:blog-24586388.post-53584656710804373692009-04-24T21:55:00.000+02:002009-04-24T21:55:00.000+02:00The article makes for an interesting read. Now the...The article makes for an interesting read. Now there's something that got me thinking and it's driving me crazy.<br /><br />The BIOS should lock the SMRAM region right after loading the code to it. And this is most likely happening, right?<br /><br />Changing MTRR to set the SMRAM region to cacheable write-back should not have an influence on this hardware lock, right?<br /><br />So, supposing these two points are correct and taking is consideration that the exploit works, I have this question: is the cache being poisoned/written to without one actually writing to SMRAM (which might be irrelevant, since the cache will have precedence) OR simply changing the register will allow you to write to it?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-24586388.post-1417629201982501572009-03-25T12:22:00.000+01:002009-03-25T12:22:00.000+01:00:):)Joanna Rutkowskahttps://www.blogger.com/profile/07657268181166351141noreply@blogger.comtag:blogger.com,1999:blog-24586388.post-33924256582619391792009-03-25T10:59:00.000+01:002009-03-25T10:59:00.000+01:00I join the other people and say thank you and all ...I join the other people and say thank you and all the other people working on that. It's one of my many sources of continous learning.<BR/>What amazes me the most is that nobody outside "the matrix" takes the lead and tries to get all the people out ...<BR/>Probably is just not meant to be, and we need to face the destruction of Zion to realize what path to take in the future to avoid coming back to the "paper and pencil" state.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-24586388.post-74816595308137192132009-03-24T17:35:00.000+01:002009-03-24T17:35:00.000+01:00Perfectly, I share your opinion. U like a Richard ...Perfectly, I share your opinion. <BR/>U like a Richard Stallman :)Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-24586388.post-26469399183202009882009-03-23T16:00:00.000+01:002009-03-23T16:00:00.000+01:00Thanks ur job. great jobThanks ur job. great jobAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-24586388.post-59418851052145167572009-03-23T15:27:00.000+01:002009-03-23T15:27:00.000+01:00@anon_asking_about_persistence_in_the_wrong_place:...@anon_asking_about_persistence_in_the_wrong_place:<BR/>Of course it will go away, it's not persistent.Joanna Rutkowskahttps://www.blogger.com/profile/07657268181166351141noreply@blogger.comtag:blogger.com,1999:blog-24586388.post-54954061241277927912009-03-23T15:08:00.001+01:002009-03-23T15:08:00.001+01:00thanks for your work! good job!thanks for your work! good job!Zachariah K. Chenhttps://www.blogger.com/profile/09492368083205912483noreply@blogger.comtag:blogger.com,1999:blog-24586388.post-11543625679408225592009-03-23T11:31:00.000+01:002009-03-23T11:31:00.000+01:00The bottom line, somebody (hardware/OS) should pay...The bottom line, somebody (hardware/OS) should pay much more attention into protecting the system's memory and not just features, speed, performance etc. Current hardware and operating systems are both expendable which makes complete security is nothing but a wishful thinking.....Maybe on other architectures.. not sure!!!!Othman Esoulhttps://www.blogger.com/profile/04216236009164917793noreply@blogger.comtag:blogger.com,1999:blog-24586388.post-89036403371677537412009-03-22T02:45:00.000+01:002009-03-22T02:45:00.000+01:00Will or will not the injected code go away after a...Will or will not the injected code go away after a reboot?<BR/><BR/>Thank you.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-24586388.post-67106066550925178052009-03-20T18:57:00.000+01:002009-03-20T18:57:00.000+01:00Great sense of humor, and spot on. Thanks for your...Great sense of humor, and spot on. Thanks for your work.Anonymousnoreply@blogger.com