Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
*****************************************************************
For more information about this project please read the following article:
http://blog.cr4.sh/2015/07/building-reliable-smm-backdoor-for-uefi.html
Repository contents:
* SmmBackdoor/ -- source code of UEFI part that runs in System Management Mode.
To build SmmBackdoor project you need to have a Windows machine with Visual Studio
2008 and EDK2 source code (https://github.com/tianocore/edk2).
3. Edit OvmfPkg/OvmfPkgX64.dsc and add the following lines at the end of the
file:
#
# 3-rd party drivers
#
SmmBackdoor/SmmBackdoor.inf {
<LibraryClasses>
DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf
MemoryAllocationLib|
MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAllocationLib.inf
}
6. Save modified flash image to file and write it to the motherboard ROM with
programmer.
Backdoor also has debug output capabilities that allows to see DXE phase debug
messages on the screen and receive runtime phase debug messages over COM port.
Supported commands:
* SmmBackdoor.py --dump-smram - Dump all available SMRAM regions into the files.
smm_call usage:
* smm_call <code> [<arg_1> [<arg_2>]] - Send specified control code and arguments
to SMM backdoor.
* smm_call --privesc - Ask the backdoor to give a root privileges for caller
process and run command shell.
Please note, that this code was tested only with Intel DQ77KB motherboard. You may
try to run it on any other UEFI compatible hardware, but some of the backdoor
features might not work.
Written by:
Dmytro Oleksiuk (aka Cr4sh)
cr4sh0@gmail.com
http://blog.cr4.sh