Improving UEFI Binary Analysis within Ghidra

[Music] all right so today I'm going to talk about improving uh ufi binary analysis within gidra so I'm an offensive security researcher within Intel uh Corporation I work in the data center group right now um I'm on the red team um I've been in Intel for about 6 and a half years um and I first went there to do for more firm more security so this has been kind of a natural progression even though I've I've joined a product group I'm still you know kind of do a lot of their U firm more analysis um also I want to put out a disclaimer that this the talk and the work represented within um is not a

product of Intel and you know should should only be treated as research purposes you know Intel does not endorse it or anything like that so as we start um let's let's lay out the landscape a little bit so um most of you probably know or maybe you don't um ufi is the the short little piece of or it's actually a specification to um initialize your your um Hardware as it comes up and then hand it off to the operating system so some of the the key phases are are on the um right side of the diagram in the preinitialization phase that's where um your system's actually starting to power up um that's when your me memory is actually

established um as it'll transition you'll you'll hit the driver execution that's where it's kind of setting up starting to to configure The Firm configure your device Etc um this is also when you're management mode um so if you have um if you've heard of smm that that's when it'll start setting it up towards the end of Dixie um into the boot device service stage it will actually um start programming um security bits and it will stop um accepting um settings for some things it's it's where it'll apply the locks and it's where it'll lock down your management mode and then as you um go to boot boot boot device select um you'll you'll select your operating system it'll begin

tearing down your your um ufi memory structures and handing off to the operating system so when it actually hands off everything you still have management mode and there's still um a ufi table called runtime Services was just accessible so why why Target for more um even though it's a small small piece of when you start up um the computer um you know there's there's requirements on speed and efficiency um it's going to set u basically the underlying security of your system so if you get into um if you can attack you know the firmware you can potentially brick it you can give yourself persistence um within the device you can give yourself special operating privileges um and then what is binary

analysis so binary analysis is when you're going to take the uh Machine level instructions so this post compilation and you're going to apply the specifications um for um what what you're looking to analyze and there's usually some repetitive steps so so there's an end like there may be an entry point for the function to where you start um decompiling and you can figure out the rest of the function functions within the program um if you can do this in a repeatable fashion or you know you want to look at it that's that's where um we we might want to look into automating so why would we want to automate it for consistency for time saving um two big things um for the

we'll talk about the build process in a in the next few slides but the build process for ufi is not necessarily um straightforward um so even if you know what you're looking at you may not actually know what you're looking at and if you if you you know the the binary that you're actually you know the binary can actually tell a better picture than actually looking at the source code at times or at least give you better pointers of where to look in the source code or what you should look for um so it can reduce time significantly if you can automate you know some of the steps to it so some of the ecosystem complexities

so the source code usually um uh so there's a edk um there's a tore GitHub project or organization with um edk edk platforms so those are public um those are open and those those kind of go you know to what what the companies are are okay there are a lot of specifications then you'll come to the manufacturers so they'll have their own version of things which can override some of the libraries within um and then you'll go out to um vendors and vendors will put some value ads so they'll have their own libraries but you know the whole structure can can look the same um so what are we actually looking at when we're doing the binary analysis

um you can look at the whole for more volume which is a combination of everything or you can look at the specific um EFI files or tur executable files so the EFI file really matches a portable executable so as long as you can um essentially most of the binar analysis um programs right now you know if you say it's a PE it can go through and do its normal thing um P executable is a little bit different because they modified the header so not everything will recognize that by default um this was done for uh really size constraints because your your whole firmware volume is supposed to be you know 16 megabyte uh chunk um and then yeah so the The Flash Vault

so you have the EFI and the te files they're all placed together um within a fir more volume and then the fir more volume there can be one or more that that are combined into a flash device image and if we if we step into kind of how the the source is built real quick so each one can have their own set of libraries and and everything but the U the configuration files are going to be within um the the left hand side uh in green the INF the dec the DSC and the FDF and then there's a a tools file which kind of tells you which build which build chain you want to use so

whether it's GCC whether it's um Microsoft compiler um Etc it'll go into a pro autogen process which will then create your make files and everything um and then if you look at the the top right in green there's source code um so it takes the the header files that actually runs make like most people are probably used used to and that's where it's going to create the te and the the um EFI files and if perhaps you know it's not public code or whatever you can also say I want to put in my own binary files um so all that goes into a process called image gen which then creates the U flash volumes and and combines them into a

flash

image so if you if you want to do ufi analysis right now um there's there's some there's various Solutions out there um two of the two of the top ones that come up are our firmware hunt and EFI Explorer if you're looking um so firmware Hunt is more for um like static signatures so they're they're known problems out there um EFI Explorer is a ID Pro um based solution so um your mileage varies on you know getting licensing and everything for that um there is some gidra solutions out there right now um one's called EFI seek um it's it actually does a pretty good job um it's written in Java um so they actually use the the G of plug-in

functionality to do it um and it recognizes the EFI files not the te files and then uh I I put up some other notable Solutions um I believe or I I haven't really looked into the binary ninja but I've seen that they've recently put out a few plugins that that work um so why would we want to expand on gidra um well it's it's open source so I I don't have to pay for it anymore um I do have to trust where it came from right so um for those but that that's up to you you know whether you want to or not um so but it it does you know within the apis you can

use um a jython interface um which is python or you can use Java you know uh there straight off so if you use the python you get you get to write it as a script and you call it as a script if you use Java that you essentially have to make the develop or make somebody compile the plugin and do a bunch of extra work um and that that was one of the downfalls we we saw with the EFI seek solution so as I was making modifications and trying to share my code with others um I couldn't just share the plugin because the plugins unique per version of gedra um when I shared the code they may or may not have

been able to compile it so there was there were just a bunch of problems there um so I found that moving it to python was a lot easier um so I I also found like it wasn't able to recognize some local variables it didn't do a few things that we wanted it to um it didn't have the te support so um and it didn't allow us to really automate like I like I wanted to because I wanted to look at the individual EFI nte files it was more made for the guey mode rather than the Headless mode so when when you kind of take take a step back and look at you know what are what are some of the steps involved

within the the ufi itself and then within the framework how can we how can we build a better solution so if I said I wanted to look at the EFI and te files I'm going to have to decompress them you know so I take the the for more the for more image crate or decompress into for more volumes and then um the individual e nte files well there's there's known programs that already do that so G gter shouldn't have to worry about that and certain things don't actually follow specification so if you take the off-the-shelf things that already do that I I can win there um within gidra so there's all the setup itself but then

uh for ufi that you know there's there's guids and then there's the the structures the header files and the structures themselves so that can vary so like I said there's there's the public version but then there's also you know manufacturer code and vendor code so if I want to add any of that stuff special it's not really easy within the the current um way of doing doing things so how can I you know kind of make that better um and then as far as analysis it's it's kind of straightforward in terms of you know you you can identify the the guids once you once you know the entry point um uh you can kind of proliferate the U the

various uh so the system table has the runtime services and the boot service table um you can use those to kind of profile the rest of the of the defile and then if you keep track of the artifacts that you found you can now do some analysis on it as well and Analysis a little different than looking at um signatures like from our hunt but looking at you know places of places that may be interesting to to um highlight you know as a researcher and then um finally if I've looked at something already is there a quick and easy way when I get the the next version the update you know the developers compiled something new or you

know new firmware update comes out can I just do a quick diff to know where they change things um so we'll kind of talk about a few of these things that we've we've done so for the EFI and te files we found that uh chips and uh ufi tool are two of the the main um open source Solutions so if we can call them to have them do that um they do a really good job but sometimes they're different the results are different so we can we can actually add some comparisons into it and we can give feedback to those projects as well um we take the results we can put it in a file so it's easy for G you know

it's easy to then point to that folder and say these are the files I want to analyze um I do want to note that if you are if you happen to have um the source code and you can compile with debugging symbols um having the artifacts the gids the haer files and and everything um within G um doesn't really matter as much because it already comes within the PD pdb files so you can you can skip this stuffff so in addition to the normal installation eer setup um you have the guids so Tio tanoc core adk um they have a bunch the dec files that I pointed out earlier those those guids are are all

within the thing so if I can parse that I can create a good list um also some of the tools that we referenced earlier have their own good good list which are from vendors so if I can take that and combine it into a larger set I have a more accurate or more Goods to look for and then um with the GD GDB files I can parse I can actually parse the source feed the huder files back in and K it most times um will go through and say yes I can add the structure sometimes there's there's some um problems within the header files that you have to actually go manually fix but that allows

us to take not only open source but then any new project or any closed Source things that I have you know how however I got them um and I can pull those in as well so if it recognizes the good within it you can actually apply the the structures correctly instead of just having an unn good you know I know this type of thing but I don't know you know what what it's for so we tried to create a a script that allows you to easily do that where you can just point it to the the source code reos you want and it'll it'll kind of do all that for you or within reason so for the analysis piece EFI

seek actually did um did a pretty good job with everything um it's its basic flow was was really good so we kept most of that um Cas said other than porting it from java to python but then we we added some um some some new functionality to it because we were using python so um one of the one of the one of my team members said you know I have the SMI handlers for for those of you that that um are more in depth with the um knowledge of edk um he said why do I why do I never get the uh the the correct SMI number I always have to go back and look at it look it up so you know

wouldn't it be nice to take and as for processing you know that's part of one of the function calls can I gather that information and just you know put it in the code yes um can I look for various so once once it's done processing can I look better can I look for call outs better well if I keep track of where the protocols um are coming from so if they are GBS I can now say these are this is the uh SMI Handler function these are the functions that it goes calls I I can then look to see you know does do any of the references to my protocols um go back um or get

referenced Within These functions opposed to just saying I'm going to look for GBS or I'm going to look for you know so I can I can make it a little more specific in this case um going back to the uh the SMI Handler um there's a one of the function arguments is a compx which is called a combo in most cases where you're allowed to reference memory outside so it acts as a mailbox so if you do a check on that com buffer and then you dreference the memory again so you know there's a potential time I use time and check so if I can if I can utilize um G to to look for you know that that specific

case I can now say hey go go Target this or go look go look into this and then with getting set variables um just knowing some of some of how it works so with a get variable am I checking the return um with a set variable um what is it actually setting and and you know can I can I um gather any information from that and then we also added some multiprocessing so for the Headless capability so you're not just running one um copy at once you're running multiple copies um so here's just an example of the guey it's probably really hard to read especially in the back but you can see that it labeled the well I don't know if

you can see it very well but the Handler actually got labeled I believe with hex like 23 opposed to hex iOS the zero so you can see it actually labeled the Handler number um so You' know which SMI to reference if you're you know going to test it further or if you wanted to test it further um on the machine um here's an example of the the headless mode so as I said we created it so you can essentially dump all the efte files went into a folder as it's doing the Headless mode we create a log file for each one um and then a Json file so I'll go over some of the log contents but

it's basically the artifacts that we're talking about um because I used the python logger you can now ship it out to you know whatever type of um uh logging interface that you want to you don't have to use the standard out um you can ship it to a database you can do whatever um so some of the loged contents um looking at the gos again the protocols and then it it just kind of shows you know some of the various things we talked about potential call outs um and notify events um times the com buffer was they referenced here's some examples of the get and set variable um which ones were actually refer and then

um to do the um kind of the regression testing we took a snapshot of you know ask Gater what its function hatches are for the functions and then go through um and you can compare them and you can say which functions actually you know were in both analysis pieces and you can get the list and you can also take um and say which hash which hashes were unique within them and you get the list so um uh if if anybody's interested um we put it up on GitHub so it's under uh the DC red team ufi surveyor um and then yeah thank thank you to you know the previous work previous people that have done work

within the ufi space and and some of my colleagues [Music]

here hey there thanks for the talk um I was inspired to go see if I could do step one or maybe the pre-step to Step One of um I've got my laptop here I'm like Hey how do I get my ufi uh firmware volume yeah so um on on a lot of the vendor websites you can go and you can you can actually get the uh the update image so it's the Flash update oh but can I get the one from my actual laptop you can get the one from your so depend yeah yes and no um so it depends on how what it actually is but um you uh so as I mentioned chips SEC has a a spy

dump and there's some other programs that have a spy dump so that'll actually dump the Spy um from your system also if you're able to open it up and you can put the like um uh you can actually pull it off the Spy so it it it depends how um I guess creative you want to be or or how much you need it but yeah so I cuz I tried a disu listing and I see an EFI partition and I mount it but it's full of empty folders that's not the right thing uh no that's probably going to or that's probably going to be a little different yes okay yeah thanks many years ago the wikileak Wikileaks

had an article saying that uh they I think worked with citizen lab and they had found a back door in the U I standard in the source code do you know if they've patched that and do you know if anyone has actually released the proof that was back doored because they didn't in the article they didn't give the proof they just mentioned that in a long list of things they had been backdooring um I'm not sure which specific one you're you're referencing but if if you knew more specific I could potentially tell you um also I know that so not not pitching anything but um eclips is in the vendor um sponsor area you may go talk to them they they may

give you a better answer as [Music] well