purism reverse engineering
- Inicie sesión ou rexístrese para enviar comentarios
https://puri.sm/posts/reverse-engineering-the-intel-management-engine-romp-module/
If people here say, that intel's me and amd's psp software is encrypted such that no one can reverse engineer the software, I have no reason to doubt that. Does the article say, that there is some random likelihood an intel mainboard's software can get reverse engineered due to software errors?
Is that what happened about the tp link tl wr841nd router's software?
>If people here say, that intel's me and amd's psp software
>is encrypted such that no one can reverse engineer the
>software, I have no reason to doubt that.
Just to throw a spanner in the works, I don't think it *technically* is. The software is most definitely encrypted- and we can't get around that- but I'm pretty certain that it's possible to crack the encryption and *read* the machine code, which lets us reverse engineer it. What we can't do is sign it with Intel's key- and, because the ME checks the signatures, that means the reverse engineered code can't be used. However, as in the post you linked to, reading the code is all you need to find exploits.
>Does the article say, that there is some random likelihood
>an intel mainboard's software can get reverse engineered
>due to software errors?
As I've written above, the reverse engineering is already possible. What the article says is that, *if* the coding error found is duplicated in the the right spot, then (provided Intel doesn't move too fast...) we can bypass the need to sign the reverse engineered code, making it possible to install one's own software. There may be some other hurdles to jump, but that would be a massive step towards liberating the ME.
The ME isn't encrypted to my knowledge, just signed. So it's possible to see it. That doesn't let you run it, though.
I read about this and I cannot get it right. About pgp keys, the key on the computer is a public key, which has not been made public? The public key you cannot remove? If you could or if you had the public key, with some probability you would be able to reverse engineer the intel me software and install the reverse engineered version of the software?
I have seen no indication anywhere that it is PGP. Just that it's strong. I don't know what algorithm they're using.
> the key on the computer is a public key, which has not been made public?
The public key is only capable of verifying the signature. It can't actually sign anything. This is the whole point of signature cryptography. Anyone can verify, but only one person can sign. If you could figure out the private key from the public key, then it wouldn't be good cryptography.
> The public key you cannot remove?
The software that checks for a signature is in a ROM. You cannot change it.
What I wrote about the public key was rubbish. The strength of the intel me verification is the fact, that we cannot do anything about the key because is in a rom? Is it known where the keys are located? I heard of a person who on an apple computer found the system verification software on a fan chip. He was able to disable the software. Then he could install another system on the computer.
Do we know if each intel me computer model has its own verifying keys?
If a computer model would turn out to be a non seller, then the manufacturer and intel, if agreeing about themselves, could make the intel me software and secret key public in order to increase sales to libre software people?
>The strength of the intel me verification is the fact, that
>we cannot do anything about the key because is in a rom?
I think so.
>Is it known where the keys are located?
The public key is on the ROM- which I'm pretty sure is embedded inside the ME and (although I might be wrong) read-only (ROM stands for read-only memory). If it is read-only, then you can't disable it- no matter how hard you try. The private key doesn't come with the computer at all.
>Do we know if each intel me computer model has its own
>verifying keys?
Each Intel ME version has a different keypair, but the keypair is the same for all MEs of the same version- as the good reference https://libreboot.org/faq.html#intel puts it, "This manifest is signed with a strong cryptographic key, which differs between versions of the ME firmware."
>If a computer model would turn out to be a non seller, then
>the manufacturer and intel, if agreeing about themselves,
>could make the intel me software and secret key public in
>order to increase sales to libre software people?
Yes, but no. It's certainly possible- indeed, Intel could do that by themselves, since even the manufacturer doesn't have the private key (they have one for the BIOS, but that's a separate issue). However, by the same token, one computer being a failure is unlikely to persuade Intel. Unless the Intel ME caused massive damage to sales for a significant number of devices with their chipsets, the sheer number of devices brought to market with such chips means the company likely wouldn't be phased if just one didn't sell.
>About pgp keys,
It's not PGP that's used in any real sense. To paraphrase my understanding of https://recon.cx/2014/slides/Recon%202014%20Skochinsky.pdf, each module is hashed, with the hash stored next to it, and then the set of hashes is RSA-signed and stored around the front of the line. The public key, as OnPon4 said, is baked into the ROM- there's no way to change it.
>If you could or if you had the public key, with some
>probability you would be able to reverse engineer the intel
>me software and install the reverse engineered version of
>the software?
If you had the private key, then it would be entirely possible to install the reverse engineered software. However, no computationally feasible way of getting that, besides leaking, is known- and finding any such technique would be absolutely terrible, as it would render most forms of encryption ineffective.
What looks promising is the bug the link you posted suggests might exist. If that bug does exist, then it becomes possible to edit the hashes the ME checks against AFTER they've been checked against the signed ones- essentially, breaking the chain of authentication and letting us run whatever we want.
>finding any such technique would be absolutely terrible, as it would render most forms of encryption ineffective.
You are right, but if any encryption can be broken, it is important it gets discovered and made public.
It is unacceptable. I can understand intel wants their computers to have these features. I do not follow why it is important for intel that we cannot remove them?
In terms of the features themselves, *some* are necessary for the functioning of the computer- they MUST be present, in some form or another, for it to be more than a very expensive doorstop. Of these, at least some have to go onto ROM so that they can be loaded at boot.
The signature verification is to stop nefarious forces from using the nearly omnipotent ME to gain unlimited access to the device. It does solve that problem, presuming Intel isn't one of those forces (they may or may not be), but at the obvious expense of locking the owner of the system out.
As for the rest of the features and the particular choice of 'protection' against crackers (and hackers...), that's pure speculation. Perhaps they just thought the effort to make it possible for the user to crack it wasn't worth the niche market who would use it. Maybe three-letter agencies are involved. Intel themselves may have a secret entrance. Potentially, even, the intention is to save us from ourselves (a kind of unwanted parental guidance). The only thing we do know is that it's unacceptable.
>It does solve that problem, presuming Intel isn't one of those forces (they may or may not be), but at the obvious expense of locking the owner of the system out.
It does not make the computer worse on security, if we get the secrete keys?
>Intel themselves may have a secret entrance.
Shows the importance of having the source code. We cannot tell if there is a back door.
An software update intel tells us to install, could create a back door on the computer?
>It does not make the computer worse on security, if we get
>the secrete keys?
It would likely weaken security in that sense, but there's also the counterbalancing effect of letting the user choose their boot firmware (or write their own, if they can). Even presuming what I've written is correct, it's still a good trade-off: the threat of a multinational company with reasonably direct access to hardware is FAR more worrying than a government/stranger who has to get physical access to, disassemble, and then (almost perfectly) re-assemble a laptop to get the same power.
>Shows the importance of having the source code. We cannot
>tell if there is a back door.
Exactly. It's unfair to accuse companies of embedding backdoors without knowing, but it's just as unfair for the user to not be able to check.
>An software update intel tells us to install, could create
>a back door on the computer?
Yes. In fact, there was a "conspiracy theory" that the saga with the massive bug in the ME was an excuse for an update to block the ME-removal exploit. I'm not going to say I agree with this, but it's entirely plausible that that (or something similar) could happen. It's this kind of power that makes the Intel ME, MS Windows 10 and "web apps" so absolutely disgusting. Other proprietary software may be horrible, but at least it's your choice when/if to let an update in.
>It would likely weaken security
Then from intel's point of view, they have a valid argument for not displaying the secret key? How would displaying the secret key weaken security for the computer owner?
>was an excuse for an update to block the ME-removal exploit.
The me removal option has nothing to do with the secret key? From intel's point of view being able to remove me, weakens the security of the computer? How does it weaken the security of the computer?
I think I've made some quite significant errors in what I said above- I'll try and correct them as I go.
>How would displaying the secret key weaken security for the
>computer owner?
The issue is one of authentication. Currently, any code not signed by Intel won't run on the ME. That stops people with nefarious intentions from taking advantage of the ME's omnipotence. If the secret key were published, however, it wouldn't just be Intel who could change the code.
I hope we can agree that the problems with this security 'safeguard' are not worth the benefits, but those benefits aren't totally non-existent.
>The me removal option has nothing to do with the secret
>key?
Firstly, I was wrong in calling the technique discovered a 'ME removal' option: it only partly removes the ME. Also, the technique itself doesn't rely on the private key. Is all it depends on is the fact that the core parts don't care whether or not the modules removed are there, so it won't crash the device if they're erased.
>From intel's point of view being able to remove me,
>weakens the security of the computer? How does it weaken
>the security of the computer?
The problem here isn't so much security as Intel's power. Although I'm not convinced of the theory I gave, it still is worrying because it's reasonable. If Intel DID want to block something like 'ME neutralization', all they need to do is justify releasing a patch. Nobody can realistically prove it *doesn't* serve the purpose provided, giving plausible deniability whilst protecting their monopoly of control.
They have this power, of course, because they manufacture their chips so that they hold the keys and we don't.
- Inicie sesión ou rexístrese para enviar comentarios