https://github.com/ffri/orom-backdoor-research

PoC code and tools for Black Hat USA 2024
https://github.com/ffri/orom-backdoor-research

Last synced: about 2 months ago
JSON representation

PoC code and tools for Black Hat USA 2024

• Host: GitHub
• URL: https://github.com/ffri/orom-backdoor-research
• Owner: FFRI
• License: apache-2.0
• Created: 2024-08-01T06:26:20.000Z (10 months ago)
• Default Branch: master
• Last Pushed: 2024-08-01T08:01:09.000Z (10 months ago)
• Last Synced: 2025-03-26T22:45:35.279Z (2 months ago)
• Language: C
• Size: 4.15 MB
• Stars: 21
• Watchers: 1
• Forks: 2
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE.txt

Awesome Lists containing this project

README

        
# OROM Backdoor Research

While there are few studies inserting malicious code into UEFI Option ROMs (OROMs), none of them have focused soley on OROMs.

In our presentation at [Black Hat USA 2024](https://blackhat.com/us-24/briefings/schedule/#youve-already-been-hacked-what-if-there-is-a-backdoor-in-your-uefi-orom-39579), we organized the benefits and infection scenarios of placing a backdoor in UEFI OROM. This repository contains the PoC code of UEFI OROM backdoors (stripped for security purpose, full source given on demand) and some simple tools that I used in my research.

This repository contains the following contents (details are in the README.md inside each folder).

* orom-builder: A simple tool to convert OROM image from DXE module

* orom-flasher: A sample BusPirate script to write file to the SPI flash chip (OROM)

* orom-backdoors: Source codes of 3 PoC OROM backdoors (stripped)

* EtwConsumer: A simple ETW consumer for tracing only specified process

## Author

Kazuki Matsuo. © FFRI Security, Inc. 2024

## License

Apache version 2.0