{"id":22769885,"url":"https://github.com/ffri/orom-backdoor-research","last_synced_at":"2025-07-02T13:06:54.971Z","repository":{"id":252159492,"uuid":"836576787","full_name":"FFRI/orom-backdoor-research","owner":"FFRI","description":"PoC code and tools for Black Hat USA 2024","archived":false,"fork":false,"pushed_at":"2024-08-01T08:01:09.000Z","size":4349,"stargazers_count":21,"open_issues_count":0,"forks_count":2,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-04-13T06:12:05.554Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/FFRI.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-08-01T06:26:20.000Z","updated_at":"2025-03-21T07:38:21.000Z","dependencies_parsed_at":"2024-08-08T03:14:09.142Z","dependency_job_id":"5d56698a-afd6-4e10-918e-f7dbd7aecf5e","html_url":"https://github.com/FFRI/orom-backdoor-research","commit_stats":null,"previous_names":["ffri/orom-backdoor-research"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/FFRI/orom-backdoor-research","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FFRI%2Forom-backdoor-research","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FFRI%2Forom-backdoor-research/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FFRI%2Forom-backdoor-research/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FFRI%2Forom-backdoor-research/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/FFRI","download_url":"https://codeload.github.com/FFRI/orom-backdoor-research/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FFRI%2Forom-backdoor-research/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":263145841,"owners_count":23420678,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-12-11T15:16:28.440Z","updated_at":"2025-07-02T13:06:54.948Z","avatar_url":"https://github.com/FFRI.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"# OROM Backdoor Research\nWhile there are few studies inserting malicious code into UEFI Option ROMs (OROMs), none of them have focused soley on OROMs.\nIn our presentation at [Black Hat USA 2024](https://blackhat.com/us-24/briefings/schedule/#youve-already-been-hacked-what-if-there-is-a-backdoor-in-your-uefi-orom-39579), we organized the benefits and infection scenarios of placing a backdoor in UEFI OROM. This repository contains the PoC code of UEFI OROM backdoors (stripped for security purpose, full source given on demand) and some simple tools that I used in my research.\n\nThis repository contains the following contents (details are in the README.md inside each folder).\n* orom-builder: A simple tool to convert OROM image from DXE module\n* orom-flasher: A sample BusPirate script to write file to the SPI flash chip (OROM)\n* orom-backdoors: Source codes of 3 PoC OROM backdoors (stripped)\n* EtwConsumer: A simple ETW consumer for tracing only specified process\n\n## Author\nKazuki Matsuo. © FFRI Security, Inc. 2024\n\n## License\nApache version 2.0","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fffri%2Forom-backdoor-research","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fffri%2Forom-backdoor-research","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fffri%2Forom-backdoor-research/lists"}