Re: Windows Platform Binary Table (WPBT) - BIOS PE backdoor

From: simon@mungewell.org
To: bugtraq@securityfocus.com
Cc:
Subject: Re: Windows Platform Binary Table (WPBT) - BIOS PE backdoor
Date:


In reading the WPBT document from MS I think I see another problem; namely that the WPBT table can contain a 'command line' which is not signed (only checksum of table).

So on the assumption that you can insert the table into ACPI list that the BIOS present to OS (maybe with a flashed PCI perpheral), you could use a 'borrowed' signed app and control it with the command line.

I'd be interested in analysing the WPBT table or Lenovo's autochk/wpbbin exes.
Simon.





Copyright © 1995-2019 LinuxRocket.net. All rights reserved.