Results 1 to 15 of 15

Thread: AMI UEFI BIOS source code leaked

  1. #1
    HWiNFO Author
    Join Date
    Apr 2006
    Location
    /dev/null
    Posts
    801

    AMI UEFI BIOS source code leaked

    An FTP server in Taiwan that could be publicly accessed, leaked the source code of AMI Aptio UEFI BIOS, including AMI's unique UEFI signing test key. The utterly irresponsible act of holding such sensitive data on public FTPs is suspected to be committed by motherboard vendor Jetway. In doing so, the company may have compromised security of every motherboard (across vendors) running AMI Aptio UEFI BIOS. Most socket LGA1155 and FM2 motherboards, and some socket AM3+ motherboards run AMI Aptio.

    Among the leaked bits of software include the source code of AMI BIOS, Aptio, and AMI's UEFI test signing key, which is used by all its clients to sign their BIOS updates. Signing ensures that BIOS updating software verifies the update is genuine, and coming from the motherboard manufacturer. With this key out, malware developers can develop malicious BIOS updates, hack motherboard vendors' customer support websites, and replace legitimate BIOS updates with their malicious ones. Control over the system BIOS could then give hackers access to most ring-0 OS functions.

    "By leaking this key and the firmware source, it is possible (and simple) for others to create malicious UEFI updates that will be validated & installed for the vendor's products that use this firmware. If the vendor used this same key for other products - the impact could be even worse," writes Adam Caudill, who along with Brandon Wilson, discovered the open FTP server. "This kind of leak is a dream come true for advanced corporate espionage or intelligence operations. The ability to create a nearly undetectable, permanent hole in a system's security is an ideal scenario for covert information collection," he added.

    - To clarify, the ‘vendor’ I refer to is a customer of AMI; it is this customer’s public FTP server that exposed this information.
    - Per AMI, the signing key included in the ‘Ivy Bridge’ archive is a default test key; AMI instructs customers to change the key before building for a production environment. It’s not currently known if the customer was following recommended practices.
    - The ‘Ivy Bridge’ code was unmodified, meaning that the customer had not made any alterations to this specific copy.

    Source: Adam Caudill's Blog
    Leaked by: Jetway
    Contains source code for: Luna Pier, Cedar Trail, Sandy Bridge, Ivy Bridge platforms
    Includes proprietary Intel Restricted Secret + SLA stuff
    A lot of people won't be happy...
    Last edited by Mumak; 04-07-2013 at 02:33 AM.

  2. #2
    Xtreme Addict
    Join Date
    Sep 2010
    Location
    US, MI
    Posts
    1,680
    I found the ftp but it's now pass protected.
    Supposedly there's another ftp of jetway's that still has it and isn't protected, I don't know.
    I found a torrent.
    Getting it now.
    AND thanks very very much for sharing this info with us .

    http://www.torrenthound.com/torrent/...f34f64b44180c3

  3. #3
    Xtreme Member
    Join Date
    Jan 2005
    Location
    Switzerland
    Posts
    254
    <dreammode> hack our bioses and give us access to all these disabled cores</dreammode>
    Comp 1 : NCASE M1, Asus Z170I PRO Gaming, Intel i7-6700K, G.Skill 2x4Gb 3466MHz, Samsung 950 Pro (512), Samsung 840 Pro (256), WD Red (5TB), Asus nVidia GTX 980 4Gb, Silverstone SX600-G, LG 34UM95
    Comp 2 : Commodore Amiga 4000D, Cyberstorm MK2 68060 50Mhz 128Mb, Cybervision 64 4Mb, FastATA MK-VI, Indivision AGA MK2cr
    Comp 3 : Commodore Amiga 600, Vampire 600 V2 128Mb, Indivision ECS, 32Gb CF

  4. #4
    I am Xtreme
    Join Date
    Dec 2008
    Location
    France
    Posts
    9,060
    Very cool, I wonder what modders can come up with!
    Quote Originally Posted by TuKo View Post
    <dreammode> hack our bioses and give us access to all these disabled cores</dreammode>
    Haha, don't think it's up to BIOS
    Donate to XS forums
    Quote Originally Posted by jayhall0315 View Post
    If you are really extreme, you never let informed facts or the scientific method hold you back from your journey to the wrong answer.

  5. #5
    Xtreme Addict
    Join Date
    Sep 2010
    Location
    US, MI
    Posts
    1,680
    It would be cool if you could unlock intel's via the bios...
    Who knows, the src would have to be looked through to find out.

    I quickly glanced through some of the files.
    There's some asm post code in there, oddly there's a feature for using a custom boot logo file from a usb stick.
    Or maybe not I don't know yet.

    Anyways the post code I saw, it might be possible to start de-compiling the code and writing it out in fresh asm files to be compiled with fasm.
    I hope there's code in this thing to tell me what sort of compression they use on there modules, I couldn't figure that out before.
    While award uses lzh compression, the ami's I have no clue what they use.

    In linux, it says my iommu and virtual stuff isn't setup right in the bios.
    I tried xen but it crashes on startup, but then again the error I get others get too so :\.
    That's something I might need to fix if it turns out that xen won't work after my 1st prob is fixed.

    There's probably plenty to play with if this stuff can be sorted through.
    The award bios src code, I've got 2 diff leaks of, was extremely helpful back in the day.
    I'm pretty happy to finally get my hands on the src for ami.
    Though to be honest, I'm not really in the mood to mod this old bios, I'de rather play with the efi where's there's already stuff to boot exe's and external efi roms.

    I'm still waiting on intel though for the freaking chips to come out and new boards .
    Which reminds me, back when intel had nvidia chipsets still, they also still had there own romsip code.
    I may have to track one of those bios'es down to find it again, then scan for it in the ami modules in a newer board.

    I'm gonna scan through it tonight, I've got the leaked files.
    I just wish there were more, like amds ver's, maybe it's in there somewhere...
    But anyways they all look like intel bios setups that were leaked.

    I'de better learn smbus code, if I really want to get back into modding bios'es, I'll need it for storage, need to access the cmos chip directly, those things are at least 64k in size, way larger then 256 bytes of cmos code and the 8 or so cmos profiles you can save in there.

  6. #6
    Registered User Utroz's Avatar
    Join Date
    Nov 2002
    Location
    Maine
    Posts
    68
    Nice!!! Now let the custom bios production commence....
    File Server


    Super Old system
    [SIGPIC][/SIGPIC]
    http://valid.x86-secret.com/show_oc.php?id=371866

  7. #7
    HWiNFO Author
    Join Date
    Apr 2006
    Location
    /dev/null
    Posts
    801
    Don't expect too much from this leak. I haven't yet checked the entire package, but it seems to be a reference AMI package (though a nice one ).
    Particular mobo BIOSes need special customizations.

  8. #8
    Xtreme Mentor
    Join Date
    Jul 2008
    Location
    Shimla , India
    Posts
    2,631
    Ohh crap this is very serious stuff people already need to do a billion security related things in regards to access and all it does is increase overhead

    Work computers full of bloatware well Intel bloatware and the IT security manager thinks he is the freaking Godfather.....
    Coming Soon

  9. #9
    Xtreme Enthusiast
    Join Date
    Mar 2005
    Posts
    644
    Quote Originally Posted by NEOAethyr View Post
    It would be cool if you could unlock intel's via the bios...
    Who knows, the src would have to be looked through to find out.
    Chances are that if this is possible, it is done thorough microcode. And microcode is a beast on its own.


    Quote Originally Posted by NEOAethyr View Post
    In linux, it says my iommu and virtual stuff isn't setup right in the bios.
    I tried xen but it crashes on startup, but then again the error I get others get too so :\.
    That's something I might need to fix if it turns out that xen won't work after my 1st prob is fixed.
    Check this Thread. I sended AMD a E-Mail support ticket regarding IOMMU virtualizacion support on Fusion platform 3 weeks ago and still didn't got a reply about this, only an automatic reply 24 hours after I sended it saying it was sended to a higher support level.


    I suppose that open source BIOSes projects like CoreBoot would get the most out of it, as not every manufacturer provides them with documentation about some parts. If they need anything that is in this source code, instead of reverse engineering binaries, they can peek in the original stuff.

  10. #10
    Banned
    Join Date
    Oct 2012
    Posts
    578
    This could cause a lot of problems and is very bad of Jetway.

    Check this Thread. I sended AMD a E-Mail support ticket regarding IOMMU virtualizacion support on Fusion platform 3 weeks ago and still didn't got a reply about this, only an automatic reply 24 hours after I sended it saying it was sended to a higher support level.
    It appears to me that AMD farms out their Tech Support so you may need to follow-up again to get it kicked to in-house where someone with a clue can respond.
    Last edited by AMDforME; 04-07-2013 at 01:18 PM.

  11. #11
    Xtreme Member
    Join Date
    Jun 2003
    Location
    Italy
    Posts
    351
    I imagine Norton Bios Security will be available soon
    3570K @ 4.5Ghz | Gigabyte GA-Z77-D3H | 7970 Ghz 1100/6000 | 256GB Samsung 830 SSD (Win 7) | 256GB Samsung 840 Pro SSD (OSX 10.8.3) | 16GB Vengeance 1600 | 24'' Dell U2412M | Corsair Carbide 300R

  12. #12
    Xtreme Enthusiast
    Join Date
    Nov 2006
    Posts
    799
    Exactly, let's hope their mistake is a boon for the modder community.

  13. #13
    Xtreme Member
    Join Date
    Apr 2010
    Location
    Portugal
    Posts
    107
    Am I the only one who thinks this is a terrible mistake . its on amateur level to have a public not protected ftp with such sensitive data , and will have bad repercussions ?
    Don't take life too seriously.....no-one's getting out alive.

  14. #14
    Xtreme Addict
    Join Date
    May 2008
    Posts
    1,192
    I think this is going to have some serious repercussions. I am imagining virus'es of unprecedented levels. OK maybe not, maybe we will just see viruses like we used to see, ones that over spin your hard drive and destroy it. I am sure there are equally nasty things to do to an SSD, or peripheral cards.
    Quote Originally Posted by alacheesu View Post
    If you were consistently able to put two pieces of lego together when you were a kid, you should have no trouble replacing the pump top.

  15. #15
    Xtreme Mentor
    Join Date
    Apr 2003
    Location
    Ankara Turkey
    Posts
    2,631
    nice i always wanted to see a up to date bios source code


    When i'm being paid i always do my job through.

Bookmarks

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •