ProjectOSX

Welcome Guest!

Returning User? Login here.

Want membership privileges? Register here.

 
Start a new topic Add Reply
> The End Of Hacking?, What $$$ did for us...
THe KiNG
post Apr 14 2012, 11:36 PM
Post #1
Hi,

Sorry for bad news but I have to write this to notice you something:

I read some time ago this Windows 8's locked bootloaders: much ado about nothing, or the end of the world as we know it?

Was though, nah, this will not happen soon, well guess what, it does, and even worst!
Lemme explain, at that time I though well in best cases vendors will allow us to disable that check, after all how many use Windows 7 now?
Most companies still use Windows XP or worst cases Vista.

But vendors are not us, and after they saw that amount of hacking we do on UEFI they fight back, the result, at least on board I tested(ASUS z77) any change made to BIOS will result in BIOS flash fail with security check!

Tried leaked AMIBCP, MMTool or Andy's tool, even a small mod will fail with security check.

OK, we may bypass that at some point, but at least for me, this does not look good, and may be THe END.

You have been warned...
dmazar
post Apr 15 2012, 07:45 AM
Post #2
There are two things here: 1) protecting/signing bios to allow to flash only signed one and 2) protecting boot environment by allowing loading only drivers/loaders that are properly signed, right?

So, you are saying that moded BIOS can not be flashed any more (1). And the article says that "x86 Windows 8 systems must also allow secure boot to be turned off completely, so that no certificate verification is performed at all." (2).

Meaning, no BIOS mods, but software "mods" will be possible?
HW: Asus P8P67-M, Intel Core i5-2300, 4GB, XFX HD-567X-ZHH3 SW: SL, L, ML: Clover UEFI boot
THe KiNG
post Apr 15 2012, 08:12 AM
Post #3
QUOTE (dmazar @ Apr 15 2012, 10:45 AM) *
Meaning, no BIOS mods, but software "mods" will be possible?

Yes, I didn't tried other ways to flash it yet, just built in tool.
-Inserted UEFI Shell with AMI MMTool/Andy, replaced logo with AMI ChangeLogo, security check fail
-Enabled a hidden menu/option with AMIBCP, security check fail

So for me is clear that now BIOS is signed, and if we don't find a way to bypass that we are back on the age where we beg vendors to enable or fix something...
And this is the first step, next is what is described in that article.
GhaleonX
post Apr 15 2012, 07:28 PM
Post #4
The article seems to suggest that this is only a concern on ARM right now, and goes on to say that x86, whether BIOS/EFI/UEFI/etc, will still allow 'custom' mode where you basically run your hardware as you see fit. I don't think desktops and professional workstations will be ARM'd anytime soon (if ever)
THe KiNG
post Apr 16 2012, 04:55 PM
Post #5
QUOTE (dmazar @ Apr 15 2012, 10:45 AM) *
There are two things here: 1) protecting/signing bios to allow to flash only signed one and 2) protecting boot environment by allowing loading only drivers/loaders that are properly signed, right?



QUOTE (GhaleonX @ Apr 15 2012, 10:28 PM) *
The article seems to suggest that this is only a concern on ARM right now, and goes on to say that x86, whether BIOS/EFI/UEFI/etc, will still allow 'custom' mode where you basically run your hardware as you see fit. I don't think desktops and professional workstations will be ARM'd anytime soon (if ever)


dmazar did understand my bad English, after all is not my native tongue...
Yes what they did now was to protect/sign the UEFI BIOS to allow to flash only signed one.
What they will do is to protect boot environment by allowing loading only drivers/loaders that are properly signed.
And NO, this will not be a concern for ARM only, as I know 'Vendors' they will not include the option to disable secure boot unless they will be forced...

When the second step will be accomplished we can say goodbye to the 'hacking' as we know it now...
Hagar
post Apr 16 2012, 06:17 PM
Post #6
Threr are indeed 2 things here: Microsoft's desire to stop windows piracy, and their desire to stop "other OS'es" (linux, basically) It has already been shown that microsft has great infuence over hardware vendors and has used this in the past to make bios'es "linux-unfriendly" which led, in some part, to acpi table patching as we know it today. We must also rem,ember that the most common form of windows "crack" in use today is a SLIC-injecting bootloder that emulates an OEM licence. by requiring a signed UEFI environment for "certification" at both the hardware and boot environment level, they can achieve both things at once, without affecting the "average windows user" in any noticeable degree..

it's ironic to think that this started as an open standard to allow greater possibilities with newer hardware than was afforded by the ancient BIOS, and like so many other things these days, it is being subverted to prevent openness and competition in the name of copyright.
This Time We're Doing it RIGHT


THe KiNG
post Aug 31 2012, 12:06 AM
Post #7
Not so big deal anymore, we have flashrom working!
Slice
post Jul 14 2013, 10:51 AM
Post #8
Bad alarm.
Attached File  130714103707.png ( 194.79K ) Number of downloads: 67


I have booted with this into 10.8.4 by Clover UEFI boot.
i3-2120 GA-H61M-S1 UEFI, Radeon HD6670-UEFI, ALC887(VoodooHDA 2.8.7), OS⌘10.9.5, OS⌘ 10.7.5 Clover HWSensors3 Realtek LAN v3.1.2
apianti
post Jul 15 2013, 03:02 PM
Post #9
This is definitely a misunderstanding, only ARM firmwares are locked down because ARM devices are proprietary and mobile and they don't want to compromise the information on it since you aren't allowed control of the native operating environment. It's a way to prevent cracking of the firmware for jail breaking and to prevent hackers from installing root kits that stream everything you do back to the hacker. Since you can buy x86/x64 parts separately and you can't be forced to use windows on such a device and pre-installing certificates for every OS would be impossible there fore they must allow the x86 firmware secure boot to be turned off. There would be an enormous antitrust lawsuit against microsoft otherwise as it would be a clear move to gain a majority of market share by forcing consumers to use windows because it's the only OS that has launch certificates.

EDIT: Mine is like slices, you can enable/disable it and it has a few modes of security levels.
EDIT2: Also you could probably inject tables into ACPI still, it's only self checked. I doubt that it checks again when the OS has control or after it's already started booting. The problem would be how to load a signed loader to inject said table.

This post has been edited by apianti: Jul 15 2013, 03:05 PM
Gigabyte GA-Z68XP-UD3P Firmware U1g, Intel Core i5-2500K, Corsair Vengeance 4x4GB (16GB) DDR3 1600, XFX Radeon 6870 2GB,
Western Digital Caviar Black 1TB, LG Rewritable BluRay Disc Burner, D-Link DWA-556 Wireless N Xtreme PCIe

Windows 8.1 Pro, Mac OS X 10.9 Mavericks, Ubuntu 13.10, LinuxMINT 15 Cinnamon, Fedora 19, openSUSE 12.3

Add Reply Start a new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members: