Announcement

Collapse
No announcement yet.

Remove_SMM... UEFI.

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Remove_SMM... UEFI.

    Hello ... If anyone knows what software,and how to extract it,SMM from UEFI,I want to experiment,on a Thinkpad_T460s with MAX25L12873F,Please tell me if you know.
    Please Help me...


    Thanks.

    #2
    Re: Remove_SMM... UEFI.

    i am interested in what you find with that model.
    go to https://www.coreboot.org
    look in the wiki - they link to lots of tools for extracting and modifying content.

    Comment


      #3
      Re: Remove_SMM... UEFI.

      Originally posted by v11 View Post
      Hello ... If anyone knows what software,and how to extract it,SMM from UEFI,I want to experiment,on a Thinkpad_T460s with MAX25L12873F,Please tell me if you know.
      Please Help me...


      Thanks.
      System Management Mode basics

      SMM is a special execution mode of IA-32 architecture that was introduced with i386, chapter 34 of Intel 64 and IA-32 Architectures Software Developer's Manual is the main information source about it's design and usage:

      SMM is a special-purpose operating mode provided for handling system-wide functions like power management, system hardware control, or proprietary OEM-designed code. It is intended for use only by system firmware, not by applications software or general-purpose systems software. The main benefit of SMM is that it offers a distinct and easily isolated processor environment that operates transparently to the operating system or executive and software applications.

      Some time ago SMM was used by BIOS developers mostly for power management and legacy devices emulation, for example, PS/2 support (port 60h/64h) for USB keyboard and mouse. Nowadays it's also widely used for firmware and platform security purposes.

      Why SMM is interesting for hackers?

      In UEFI specification SMM plays very important role for implementing of platform security mechanisms that protects firmware image stored inside flash chip on motherboard from unauthorised modifications by malicious software.
      SMM is excellent place to hide OS independent and invisible malware. This execution mode has extreme power over all of the other software that runs on CPU, even OS kernel or VT-x hypervisor.
      http://blog.cr4.sh/2015/07/building-...-for-uefi.html
      SMM executable code and data lives inside SMRAM and when SMRAM is locked — it can't be accessed by code of operating system or user mode software. System firmware (legacy BIOS or UEFI) copies SMM code into SMRAM and locks it during platform initialization.

      Processor is switching to SMM only trough System Management Interrupt (SMI), it saving current execution context into SMRAM and start executing SMI handler that can exit from SMM and resume execution from saved context using RSM instruction.

      Comment


        #4
        Re: Remove_SMM... UEFI.

        Originally posted by stj View Post
        i am interested in what you find with that model.
        go to https://www.coreboot.org
        look in the wiki - they link to lots of tools for extracting and modifying content.
        In Coreboot, not found a file for this model T460s,
        I am interested,to cancel this SMM,
        not to ask for the password UEFI (bios).

        Thx.

        Comment


          #5
          Re: Remove_SMM... UEFI.

          look harder, there are links to stuff like me-cleaner

          Comment


            #6
            Re: Remove_SMM... UEFI.

            what do you aim to acomplish? password removal or something else?

            do you have expirience in reverse engineering or have you ever coded code that can be injected in bios to be executed?

            im very interested in project... done some minor bios modding before, unlocking menus and stuff...
            but i have very limited knowledge :-/
            Im Back... sort of...

            Comment


              #7
              Re: Remove_SMM... UEFI.

              Originally posted by ala_borbe View Post
              what do you aim to acomplish? password removal or something else?

              do you have expirience in reverse engineering or have you ever coded code that can be injected in bios to be executed?

              im very interested in project... done some minor bios modding before, unlocking menus and stuff...
              but i have very limited knowledge :-/

              To bypass the password,
              who is in MEC1633l.and I have minor knowledge,but with your help,I'll handle it.
              What software, to use to make a patch,other than ...UefiTool ?
              thanks.

              Comment


                #8
                Re: Remove_SMM... UEFI.

                Originally posted by stj View Post
                look harder, there are links to stuff like me-cleaner


                please give me a link for a patch for T460s 20FA ,Mx25L12873f ?

                Please Help....
                I do not find, and I've looked a lot.

                thank you.

                Comment


                  #9
                  Re: Remove_SMM... UEFI.

                  there is no patch - the tool is to clean the data from extracted modules.
                  you extract them with uefi-tool - clean them, then put them back in.

                  Comment


                    #10
                    Re: Remove_SMM... UEFI.

                    Originally posted by stj View Post
                    there is no patch - the tool is to clean the data from extracted modules.
                    you extract them with uefi-tool - clean them, then put them back in.
                    Thank you , friend...

                    br

                    Comment


                      #11
                      Re: Remove_SMM... UEFI.

                      MEC1633l needs to be programmed with clean firmware by SVOD or RT802H

                      on allservice.ro thay developed a module (DXE Driver) that is inserted on org bios, it reads some data and displays code that after you send to them and pay thay make you a key to unlock pemanently

                      https://www.allservice.ro/forum/viewtopic.php?t=3044


                      maybe something can be done by loading dump in IDA PRO and disabling checks but i dont have time for that (nor do i have laptop to test it on)
                      Im Back... sort of...

                      Comment


                        #12
                        Re: Remove_SMM... UEFI.

                        Originally posted by ala_borbe View Post
                        MEC1633l needs to be programmed with clean firmware by SVOD or RT802H

                        on allservice.ro thay developed a module (DXE Driver) that is inserted on org bios, it reads some data and displays code that after you send to them and pay thay make you a key to unlock pemanently

                        https://www.allservice.ro/forum/viewtopic.php?t=3044


                        maybe something can be done by loading dump in IDA PRO and disabling checks but i dont have time for that (nor do i have laptop to test it on)

                        I found MMTool and UEFITool but still do not know what to delete from the file ..
                        it does not cost much to make the boys know ...
                        I want to learn to do it myself.I'm sorry i do not know english well.

                        THX.

                        Comment


                          #13
                          Re: Remove_SMM... UEFI.

                          I want to ask you :what is it Ozmosis ?


                          How to make Ozmosis ROM via UEFITool ?

                          thanks.

                          Comment


                            #14
                            Re: Remove_SMM... UEFI.

                            Does anyone can upload the DXE Driver here so I can have a look and try to make it work for any Lenovo please.
                            Last edited by raileanu; 12-15-2018, 05:12 AM.

                            Comment


                              #15
                              Re: Remove_SMM... UEFI.

                              Hello. Did you manage to get a link for downloading the dxe driver or any already patched bios?

                              Comment


                                #16
                                Re: Remove_SMM... UEFI.

                                thank you

                                Comment


                                  #17
                                  Re: Remove_SMM... UEFI.

                                  There are two methods in hacking the DXE module, but please note this is untested.
                                  1. Modify the key check so it accepts any code.
                                    If you're willing to try the modified version use the file attached, and again it is untested.
                                  2. Using a key generator.
                                    From the image above, the key for machine id 2492411559 should be 7316483. Anyone with other machine id can reply here to test the key generator. Please note, the key generator also still untested.
                                  Attached Files

                                  Comment


                                    #18
                                    Re: Remove_SMM... UEFI.

                                    Hi

                                    This key generator share. Testing

                                    hardware id: 3425684
                                    key: 8625856

                                    hardware id:7668394
                                    key:6224236


                                    hardware id:9777692
                                    key:7729864

                                    hardware id:2217972
                                    key:3089784

                                    hardware id:2292158
                                    Key:1264964

                                    hardware id:832201
                                    Key:0224961

                                    hardware id:8096698
                                    Key:3216204

                                    HW ID: 125318167
                                    Key: 292467

                                    Comment


                                      #19
                                      Re: Remove_SMM... UEFI.

                                      hi

                                      I am asking for the generator to be available so that I can test it

                                      Comment


                                        #20
                                        Re: Remove_SMM... UEFI.

                                        Originally posted by dani981 View Post
                                        Hi

                                        This key generator share. Testing

                                        hardware id: 3425684
                                        key: 8625856

                                        hardware id:7668394
                                        key:6224236


                                        hardware id:9777692
                                        key:7729864

                                        hardware id:2217972
                                        key:3089784

                                        hardware id:2292158
                                        Key:1264964

                                        hardware id:832201
                                        Key:0224961

                                        hardware id:8096698
                                        Key:3216204

                                        HW ID: 125318167
                                        Key: 292467
                                        Yes all hwid and key is 1st patch algorithm 2 more have algorithm

                                        Comment

                                        Working...
                                        X