Мануал/Книга [OffensiveCon 2024] UEFI and the Task of the Translator: Using Cross-Architecture UEFI Quines as a Framework for UEFI Exploit Development

[weaver]

Description

Walter Benjamin’s 1923 essay “The Task of the Translator” is a foundational text in the field of translation theory and its insights and commentary are evergreen as a framing device for approaching modern UEFI exploit development. This talk uses this essay as a jumping off point and dives into variadic approaches to modern UEFI exploit development.

If you’ve been haunted by the specter of Black Lotus stealing the spotlight as the most popular girl at the UEFI Bootkit party and want to pop some shells in ring -2 to blow off steam but don’t know where to start, then this talk is here to give you a crash course on UEFI reverse engineering and exploit development. This talk will also cover techniques that seasoned UEFI reverse engineers/exploit developers might find useful such as the comparative analysis of a UEFI quine written in 3 different assembly languages and its applications to UEFI cross-silicon exploitation, and ideas for how to make your PoCs spookier (aka not as boring).

The talk is split into two parts: part 1 focuses on the process for writing and then translating a self-replicating UEFI app from x86-64 to two other architectures; part 2 dives into the UEFI exploit development process for weaponizable vulnerabilities. Part 2 will focus on exploit development for SMM callout vulnerabilities and will explore different tools/frameworks/approaches for variations of the same exploit.

slides & materials

GitHub - ic3qu33n/OffensiveCon24-uefi-task-of-the-translator: OffensiveCon 2024 Repo, contains PoCs and materials for talk "UEFI and the Task of the Translator"

OffensiveCon 2024 Repo, contains PoCs and materials for talk "UEFI and the Task of the Translator" - ic3qu33n/OffensiveCon24-uefi-task-of-the-translator

github.com

video
youtube.com/watch?v=UPPdi3HHI5w