Translate

Image of Android Wireless Application Development
Image of XSLT 2.0 and XPath 2.0 Programmer's Reference (Programmer to Programmer)
Image of Beginning Google Maps API 3
Image of Modern Operating Systems (3rd Edition)

UEFI Utility to Read TPM 1.2 PCRs

In this post, I provide the source code for a UEFI shell utility to print out all the Platform Configuration Registers (PCRs) for a TPM 1.2 (Trusted Platform Module, version 1.2) and briefly discuss SRTM versus DRTM.

RNG Protocol Error in Lenovo ThinkPad Firmware

This post discusses the UEFI 2.4 Random Number Generator protocol and Lenovo’s current implementation of the protocol and suggests there is an error in their implementation.

Lenovo ThinkPwn POC Ported to UDK2015

This blog contains the source code for my UDK2015 port of the ThinkPwn Oday proof of concept demonstration.

On-disk File Timestamps

The Single Unix Specification, Base Definitions (XBD), Section 4.8 entitled “File Times Update” states “An implementation may update timestamps that are marked for update immediately, or it may update such timestamps periodically.” This means that, for example, that file read and write operations are free to set the appropriate flags in the in-memory structures and do the actual updating of the on-disk filesystem structures at a later time. Assuming periodically means from time to time, it implies that a POSIX-compliant operating system is free to update it’s on-disk structures when it is convenient for the operating system to do so.

Address Space Layout Randomization in Linux

Address Space Layout Randomization (ASLR) was first implemented in Linux in 2001 and formally included in Linux kernel 2.6.12 in 2005. Microsoft followed soon afterwards and implemented ASLR in Vista in 2007. ASLR randomizes process memory address space in order to prevent an attacker from finding the addresses of functions or ROP (Return Oriented Programming) gadgets required to successfully complete an exploit. The effectiveness of ASLR is limited by the amount of available entropy which varies from platform to platform depending on the implementation. For ASLR to be useful, all segments of a processes memory space must be randomized. If