LogoFail hack/threat... |
Post Reply |
Author | |
mrbill
Groupie Joined: 07 Jan 2023 Status: Offline Points: 560 |
Post Options
Thanks(0)
Posted: 31 May 2024 at 7:42am |
Good luck. I have the X670E Steel Legend and can't use anything beyond V 1.30AS05 due to system crashes with the newer FW. There's been 5 FW releases since, with one being the FW that fixes the LogoFail vulnerability. I open a support ticket, get a response from Eric with an image with the area highlighted where it says "If the system is working properly, we recommend keeping the current BIOS / firmware." Needless to say, I'm running a vulnerable board and it will be the last ASRock board I ever own.
|
|
ASRock X670E Steel Legend (ABA159EAF581)
AMD Ryzen 9 7900X 32GB (2x16GB) G.Skill F5-5200J4040A16GX2-RS5K WD SN570 2TB MSI NVIDIA GeForce RTX 3080 Ti Win 11 Pro |
|
Skybuck
Groupie Joined: 18 Apr 2023 Status: Offline Points: 955 |
Post Options
Thanks(0)
|
After reading this I am left with some questions:
https://www.binarly.io/blog/finding-logofail-the-dangers-of-image-parsing-during-system-boot First a short summary of what this is: The firmware of many bios/uefi/motherboards contain sloppy C code for loading pictures/logos like JPEG/PNG/BMP. This sloppy C code allows a hacker to place a file/logo on the UEFI (special) system partition which may or may not be loaded by the bios/uefi/firmware of the motherboard. During the image loading the sloppy/buggy C code allows the image data to overwrite other critical software instructions, like protocol related instructions, these are overwritten with "shell code" allowing the hacker to do anything else it wants with the system, for example run curl or cmd.exe and download subsequent software and comprise linux and window systems. Chrome browser already contains a vunerability to allow protocol handlers/urls to execute cmd.exe via command line parsing mistakes of certain other applications maybe utorrent or wimamp, not saying these are vunerable but this is also an old drive by attack. So 1 + 1 + 1 + 1 + 1 + 1 = 6. URL exploit + CMD.exe + batchfile + firmwarehack + blacklotus/similiar could comprise system fast (maybe also +python to enable this hack as in the demo). This system vunerablity was discovered around december 2023 and was only recently disclossed, say 2 months ago or so. I didn't know about it because I was busy with other things, which I find a bit concerning but ok. Today I decided to check the ASRock forum to see if anything is going on with firmware and yup... need firmware available to combat this LogoFail... Example: https://www.asrock.com/mb/AMD/B650E%20Steel%20Legend%20WiFi/index.nl.asp#BIOS "2. Patch UEFI LogoFail vulnerabilities." Most recent firmware seems to be: " 3.01 2024/5/15 15.17MB Update AMD AGESA 1.1.7.0 for Next Generation Ryzen??processors support. " However googling this agesa 1.1.6.0 version mention MSI and Gigabyte motherboard problems especially with build in iGPU of ryzen processors, leading to all kinds of weird things, like restarts, crashes, bsods, black screens, 1.5 gb of iGPU driver downloads. The only thing I haven't really tested yet on this new superpc 2023 for me is the iGPU... My ASRock motherboard Steel Legend Wifi 650B is still on BIOS version 1.28 and working beautifully so far. Only thing I do notice is boot time is sometimes a bit strange, longer than normal and red lights start burning, but I am running default bios/uefi/firmware settings. Anyway I have some questions about the way this motherboard works in relation to this potential attack vector, the link at the top of the posting mentions: NVRam, which seems to be "non-volatile ram" which can store data. The article mentions the hacker could store a module inside of this nvram. 1. Does the ASRock Steel Legend 650B contain NVRam ? If so where is it stored, how can I see what is in it ? Where can I read more information about this technology in relation to motherboards, google/ai copilot did not turn up much yet, best was some older information from 2014... it's now 2024... 2. Would it be possible for the hacker to prevent re-flashing the firmware in the future in case the PC/motherboard/firmware was hacked ? Making it important to flash it now before such an event would occur... 3. Since firmware version 1.28 is working flawlessly for me, is it possible for ASRock to release a special updated firmware version 1.28 which patches this vunerability ? This may offer an alternative in case the newer firmware versions are indeed buggy/problematic... |
|
Post Reply | |
Tweet
|
Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |