Hard Disk Firmware Hacking (2015) - MalwareTech
2021-04-09 04:02:21 Author: www.reddit.com(查看原文) 阅读量:159 收藏

YEARS ago I did some work for a company that involved some hacking kinda work. Only, instead of desoldering chips, we used a PC3000 (https://www.acelaboratory.com/pc3000.udma.php)

This allowed us to read/write, and all of that on right on the drive without doing any heroics. The poster talked about code being overwritten, and I thought he was going in the right direction, but it was a leap he never made. We were working on removing certain SATA commands from the firmware of the drive. (You'd send the commands, and get back a NAK or something similar). We pulled off the firmware from the drive, ran it through IDA pro, and started digging. We didn't find the commands. Odd. After A LOT more digging, we found that in the manufacturing section of the HDD there are firmware files. These files are loaded on demand, and contain small chunks of firmware for the drive. So, the main firmware on the flash just has the code to boot up the drive, and the most commonly accessed commands. The LESS frequently accessed commands were in overlays on the disk itself.

This task was a contract "Is it possible to do this? Here's 6 weeks worth of money to investigate" kinda deals, and we ran out of time before reaching the end, but it was a learning experience!

The post also talks about UEFI and boot stuff. I rewrote the option ROM on an Intel NIC to add a custom SMI handler to the SMM chain. And, on this particular board (some Intel board with JOE at the end of the part #), we were able to trigger that SMI on demand. (The SMM handler did out of band decryption of data. So, if you're single stepping along with a debugger, you'd see code do something that didn't seem to make sense, and then some data would magically decrypt itself.) If you didn't know about SMMs, you'd have NO IDEA what was going on. Ultimately it proved to be too time intensive to be practical, but it was a very cool project to work on.


文章来源: https://www.reddit.com/r/ReverseEngineering/comments/mmyw1q/hard_disk_firmware_hacking_2015_malwaretech/
如有侵权请联系:admin#unsafe.sh