Index of tools/tools_defcon_BIOS

Parent directory


    [ Jonathan Brossard --  endrazine@gmail.com ]

This archive contains the companion source code of our article :



"Bypassing pre-boot authentication passwords by instrumenting the BIOS
     keyboard buffer
(practical low level attacks against x86 pre-boot authentication software)"





- - --[ Disclamer :

This archive contains source code to experiment with your computer at low
level. Indeed, this is risky and you should not do it. Neither me or my
employer can be held responsible for the wrong usage you may do of this
code.


- - --[ Checksums :

MD5 checksumFile
--------------------------------  --------------------------------------
0b275123c45682d46f0ef397c1d48cef  ./sploit-os/sploitos.S
ed5470cc4461648bafcf32b4e62f2576  ./msdos-exploits/shellcode.BIOS.S
56c5de6f4c91d5979283daf31d7ea126  ./userland-unix/generic.unix.sploit.c
b65d5511be2a5701606730da06c750ed  ./ksploit-proc/Kbuild
32113f4f369d1231dd15aaaf9fac408c  ./ksploit-proc/src/ksploit.c
b333ba3698218ed3bbe9917601790239  ./ksploit-proc/src/Makefile
f9ced51ab7d8b18c94a2783cd979a9a6  ./ksploit-proc/Makefile
1f1da381c75ef8005e5d890162d0229f  ./invisible-man/invisible_man_MBR.S
f501579620cb2c68dc4d400da60d2fb6  ./invisible-man/invisible_man.c
b65d5511be2a5701606730da06c750ed  ./kpatch/Kbuild
0124940d954448d6047424cc1e46def3  ./kpatch/src/kpatch.c
8761611d8855f47c002f72ce13c5033c  ./kpatch/src/Makefile
f9ced51ab7d8b18c94a2783cd979a9a6  ./kpatch/Makefile
f8532004fc33ba05bccdf759a8f79558  ./bootloader-fix/zero_BDA.S
--------------------------------  --------------------------------------


- - --[ Compiling :

The asm snippets are aimed to be compiled using nasm.

The c snippets should compile fine using gcc >= 4.1.2  .

You will need your kernel sources/headers to compile
kernel modules.


- - --[ Content :

./sploit-os

This directory contains the source code for a simple USB bootable
OS that will display the content of the BIOS keyboard buffer.
It is mainly usefull to verify if a given BIOS password is vulnerable.

./msdos-exploits

This directory contains a generic exploitation shellcode using only
BIOS interruptions, to be run in real or virtual modes. It can
for instance be used under (any) Microsoft Windows if compiled as
an MS-DOS COM file.

./userland-unix

This directory contains a generis userland exploit to retrieve the
content of the BIOS keyboard buffer. It has been tested under
GNU/Linux, Solaris, OpenBSD and FreeBSD.

./ksploit-proc

This directory contains the LKM sources for a Linux kernel based
exploit against pre-boot authentication softwares not flushing the
BIOS keyboard buffer.

./invisible-man

This directory contains the sources for "Invisible Man", a rogue
bootloader to perform "bootloader in the middle" attacks.

./kpatch

This directory contains the sources for a partial kernel fix against
BIOS keyboard buffer plain text password leakage under GNU/Linux in
the form of a Linux Kernel Module.

./bootloader-fix/

This directory contains a suggested 16b assembly routine to zero out
the parts of the BIOS Data Area relevant to keyboard handling. It can
be used to initialize or flush the BDA in a bootloader and fix the two
potential vulnerabilities detailed in the article.