رمزگشایی نینجاهای بیوس (سری رمزگشایی)
BIOS Disassembly Ninjutsu Uncovered (Uncovered series)
معرفی کتاب «رمزگشایی نینجاهای بیوس (سری رمزگشایی)» (با عنوان لاتین BIOS Disassembly Ninjutsu Uncovered (Uncovered series)) نوشتهٔ Darmawan Mappatutu Salihun، منتشرشده توسط نشر A-List Publishing در سال 2006. این کتاب در فرمت pdf، زبان انگلیسی ارائه شده است.
Explaining security vulnerabilities, possible exploitation scenarios, and prevention in a systematic manner, this guide to BIOS exploitation describes the reverse-engineering techniques used to gather information from BIOS and expansion ROMs. SMBIOS/DMI exploitation techniques—including BIOS rootkits and computer defense—and the exploitation of embedded x86 BIOS are also covered. Front Cover ......Page 1 Back Cover ......Page 2 Front Matter ......Page 3 Table of Contents ......Page 7 Preface ......Page 16 The Audience......Page 17 The Organization......Page 18 Typographical Conventions......Page 19 Part I: The Basics ......Page 20 Preview......Page 22 Motherboard BIOS......Page 23 Expansion ROM......Page 27 Other Firmware within the PC......Page 28 System-Wide Addressing......Page 29 PCI Bus Protocol ......Page 31 Proprietary Interchipset Protocol Technology......Page 38 PCI Express Bus Protocol......Page 40 HyperTransport Bus Protocol ......Page 42 Preview......Page 44 Binary Scanning......Page 45 Introducing IDA Pro......Page 46 IDA Pro Scripting and Key Bindings......Page 53 IDA Pro Plugin (Optional)......Page 62 Preview......Page 76 BIOS-Related Software Development with Pure Assembler......Page 77 BIOS-Related Software Development with GCC ......Page 82 Part II: Motherboard BIOS Reverse Engineering ......Page 92 Preview......Page 94 System Address Mapping and BIOS Chip Addressing......Page 95 Obscure Hardware Ports ......Page 111 Relocatable Hardware Ports ......Page 114 BIOS Binary Structure ......Page 116 call Instruction Peculiarity ......Page 117 retn Instruction Peculiarity......Page 118 Cache-as-RAM ......Page 123 BIOS Disassembling with IDA Pro......Page 127 Preview......Page 130 Award BIOS File Structure ......Page 131 Award Boot-Block Reverse Engineering......Page 136 Boot-Block Helper Routine......Page 137 Chipset Early Initialization Routine......Page 138 Jump to CMOS Values and Memory Initialization......Page 139 BBSS Search and Early Memory Test Routines......Page 140 Boot Block Is Copied and Executed in RAM......Page 141 System BIOS Decompression and its Entry Point......Page 143 POST Jump Table Execution......Page 157 Decompression Block Relocation and awardext.rom Decompression......Page 158 Extension Components Decompression......Page 161 Exotic Intersegment Procedure Call......Page 164 AMI BIOS......Page 175 AMI BIOS File Structure......Page 176 AMI BIOS Tools......Page 177 Boot-Block Jump Table......Page 178 Decompression Block Relocation......Page 180 Decompression Engine Initialization......Page 183 BIOS Binary Relocation into RAM......Page 185 POST Preparation......Page 192 AMI System BIOS Reverse Engineering......Page 197 Preview......Page 202 Tools of the Trade......Page 203 Code Injection......Page 208 Locating the POST jump Table......Page 210 Assembling the Injected Code......Page 212 Extracting the Genuine System BIOS......Page 215 Looking for Padding Bytes......Page 216 Modifying the POST Jump Table......Page 217 Flashing the Modified BIOS Binary......Page 219 Other Modifications......Page 220 Part III: Expansion ROM ......Page 224 Preview......Page 226 "Abusing" PnP BIOS for Expansion ROM Development......Page 227 PCI Expansion XROMBAR ......Page 228 PCI Expansion ROM ......Page 229 PCI Expansion ROM Contents......Page 230 PCI Expansion ROM Header Format......Page 231 PCI Data Structure Format......Page 232 PC-Compatible Expansion ROMs......Page 233 POST Code Extensions......Page 234 INIT Function Extensions ......Page 235 PCI PnP Expansion ROM Structure ......Page 236 PCI Expansion ROM Peculiarities......Page 237 Hardware Testbed ......Page 239 Expansion ROM Source Code......Page 240 Core PCI PnP Expansion ROM Source Code......Page 241 Building the Sample ......Page 242 Testing the Sample......Page 244 Potential Bug and Its Workaround ......Page 245 Preview......Page 248 Binary Architecture......Page 249 Disassembling Realtek 8139 Expansion ROM......Page 251 Disassembling Gigabyte GV-NX76T256D-RH GeForce 7600 GT Expansion ROM ......Page 256 A Note on Expansion ROM Code-Injection Possibility ......Page 259 Part IV: BIOS Ninjutsu ......Page 260 Preview......Page 262 General Access Method......Page 263 Accessing Motherboard BIOS Contents in Linux ......Page 264 Introduction to flash_n_burn......Page 266 Internals of flash_n_burn ......Page 270 Accessing Motherboard BIOS Contents in Windows ......Page 276 Kernel-Mode Device Driver of bios_probe ......Page 278 The Main Application......Page 293 The PCI Library......Page 307 Accessing PCI Expansion ROM Contents in Linux ......Page 312 The RTL8139 Address-Ma pping Method......Page 316 Implementing the Methods in Source Code......Page 320 Testing the Software......Page 331 Preview......Page 336 DMI and SMBIOS ......Page 337 Remote Server Management Code Implementation......Page 349 Preview......Page 356 Password Protection......Page 357 Invalidating the CMOS Checksum......Page 358 Reading the BIOS Password from BDA ......Page 363 BIOS Component Integrity Checks......Page 372 Award BIOS Component Integrity Checks ......Page 373 AMI BIOS Component Integrity Checks......Page 376 Remote Server Management Security Measures......Page 378 Hardware-Based Security Measures ......Page 379 Preview......Page 390 Looking Back through BIOS Exploitation History......Page 391 Hijacking the System BIOS......Page 406 Hijacking Award BIOS 4.51PG Interrupt Handlers ......Page 410 Hijacking Award BIOS 6.00PG Interrupt Handlers ......Page 420 Extending the Technique to a BIOS from Other Vendors......Page 428 PCI Expansion ROM Rootkit Development Scenario ......Page 429 PCI Expansion ROM Detour Patching ......Page 431 Multi-Image PCI Expansion ROM ......Page 433 PCI Expansion ROM Peculiarity in Network Cards ......Page 435 Preview......Page 436 Hardware-Based Security Measures ......Page 437 Virtual Machine Defense......Page 441 WBEM Security in Relation to the BIOS Rootkit ......Page 442 Defense against PCI Expansion ROM Rootkit Attacks ......Page 444 Miscellaneous BIOS-Related Defense Methods ......Page 445 Recognizing a Compromised Motherboard BIOS ......Page 455 Recognizing a Compromised PCI Expansion ROM ......Page 457 Healing Compromised Systems......Page 458 Part V: Other Applications of BIOS Technology ......Page 460 Preview......Page 462 Embedded x86 BIOS Architecture ......Page 463 TV Set-Top Box......Page 466 Network Appliance ......Page 481 Kiosk ......Page 486 Embedded x86 BIOS Exploitation ......Page 488 Preview......Page 490 Unified Extensible Firmware Interface ......Page 491 BIOS Vendors Road Map ......Page 496 Ubiquitous Computing and Development in BIOS ......Page 501 Future of BIOS-Related Security Threats......Page 502 The CD-ROM Description ......Page 504 A......Page 506 C......Page 507 F......Page 508 I ......Page 509 P......Page 510 R......Page 511 W......Page 512 Z......Page 513
دانلود کتاب رمزگشایی نینجاهای بیوس (سری رمزگشایی)