back

Reversing UEFI by execution

If you suspend your transcription on amara.org, please add a timestamp below to indicate how far you progressed! This will help others to resume your work!

Please do not press “publish” on amara.org to save your progress, use “save draft” instead. Only press “publish” when you're done with quality control.

Video duration
00:24:52
Language
English
Abstract
This talk will be an overview of how to reverse-engineer Unified Extensible Firmware Interface (UEFI) firmware, the replacement for BIOS. Various useful tools will be discussed, including those written by the presenter and those written by others. One of the highlights will be a tool that enables running parts of the firmware in userspace on a standard Operating System.

The Unified Extensible Firmware Interface (UEFI) is a programming environment quite different from regular Operating Systems models, and as such reverse engineering UEFI software is quite different from reversing standard software.

This talk will consits of three parts. First, an overview of UEFI and what makes it different will be presented. Then, existing and new tools that aid in reversing UEFI are discussed, including a demonstration of the <i>efiperun</i> tool that enables running UEFI modules in userspace. The talk will conclude with the recounting of a succesful reverse engineering project to uncover the Lenovo hard drive password hashing algorithm.

Jethro Beekman is a security researcher and Ph.D. student at the University of California, Berkeley. He has a broad range of interests in technology, ranging from electronics to cryptography. Recent work has focused on various topics such as side-channels, remote attestation, Heartbleed and the Rust programming language.

Talk ID
7245
Event:
32c3
Day
3
Room
Hall 2
Start
8:30 p.m.
Duration
00:30:00
Track
Security
Type of
lecture
Speaker
Jethro Beekman
Talk Slug & media link
32c3-7245-reversing_uefi_by_execution

Talk & Speaker speed statistics

Very rough underestimation:
132.1 wpm
746.9 spm
134.0 wpm
768.6 spm
100.0% Checking done100.0%
0.0% Syncing done0.0%
0.0% Transcribing done0.0%
0.0% Nothing done yet0.0%
  

Work on this video on Amara!

Talk & Speaker speed statistics with word clouds

Whole talk:
132.1 wpm
746.9 spm
modulepasswordmodulesuefifunctionprotocolsystemlenovoefiefiperunfirmwarenumberhashstandardbunchservicemodeinterfacetalkfunctionshardwareapplausecalleddrivebytescharacterscallreverse-engineeringallowscpcorebootbiosbootata64toolsadvantagecodesinstallfigurecodelaptopthingsoutputserialcallsquestionpromptstartcase
Jethro Beekman:
134.0 wpm
768.6 spm
modulepasswordmodulesfunctionprotocollenovoefiperunfirmwaresystemuefistandardhashbunchefinumberserviceinterfacecharactersbytescalledcallfunctionsreverse-engineeringallowscpthingshardware64driveoutputcallscaseinstallpromptcodesapplausereverse-engineeredtalktoolsssdlaptopstart32workwrittenmainbootguidlinuxmemory