Bugtraq mailing list archives
Re: Windows Platform Binary Table (WPBT) - BIOS PE backdoor
From: simon () mungewell org
Date: Thu, 13 Aug 2015 21:41:53 GMT
In reading the WPBT document from MS I think I see another problem; namely that the WPBT table can contain a 'command line' which is not signed (only checksum of table). So on the assumption that you can insert the table into ACPI list that the BIOS present to OS (maybe with a flashed PCI perpheral), you could use a 'borrowed' signed app and control it with the command line. I'd be interested in analysing the WPBT table or Lenovo's autochk/wpbbin exes. Simon.
Current thread:
- Windows Platform Binary Table (WPBT) - BIOS PE backdoor Kevin Beaumont (Aug 12)
- RE: Windows Platform Binary Table (WPBT) - BIOS PE backdoor Limanovski, Dimitri (Aug 13)
- Re: Windows Platform Binary Table (WPBT) - BIOS PE backdoor Kevin Beaumont (Aug 16)
- Re: Windows Platform Binary Table (WPBT) - BIOS PE backdoor Jerome Athias (Aug 13)
- Re: Windows Platform Binary Table (WPBT) - BIOS PE backdoor Kevin Beaumont (Aug 16)
- Re: Windows Platform Binary Table (WPBT) - BIOS PE backdoor Stefan Kanthak (Aug 13)
- Re: Windows Platform Binary Table (WPBT) - BIOS PE backdoor Kevin Beaumont (Aug 16)
- Re: Windows Platform Binary Table (WPBT) - BIOS PE backdoor Pedro Ribeiro (Aug 17)
- <Possible follow-ups>
- Re: Windows Platform Binary Table (WPBT) - BIOS PE backdoor simon (Aug 17)
- RE: Windows Platform Binary Table (WPBT) - BIOS PE backdoor Limanovski, Dimitri (Aug 13)