ASRock.com Homepage
Forum Home Forum Home > Technical Support > AMD Motherboards
  New Posts New Posts RSS Feed - LogoFail hack/threat...
  FAQ FAQ  Forum Search Search  Events   Register Register  Login Login

LogoFail hack/threat...

 Post Reply Post Reply
Author
Message Reverse Sort Order
mrbill View Drop Down
Groupie
Groupie


Joined: 07 Jan 2023
Status: Offline
Points: 560
Post Options Post Options   Thanks (0) Thanks(0)   Quote mrbill Quote  Post ReplyReply Direct Link To This Post Topic: LogoFail hack/threat...
    Posted: 31 May 2024 at 7:42am
Good luck. I have the X670E Steel Legend and can't use anything beyond V 1.30AS05 due to system crashes with the newer FW. There's been 5 FW releases since, with one being the FW that fixes the LogoFail vulnerability. I open a support ticket, get a response from Eric with an image with the area highlighted where it says "If the system is working properly, we recommend keeping the current BIOS / firmware." Needless to say, I'm running a vulnerable board and it will be the last ASRock board I ever own.
ASRock X670E Steel Legend (ABA159EAF581)
AMD Ryzen 9 7900X
32GB (2x16GB) G.Skill F5-5200J4040A16GX2-RS5K
WD SN570 2TB
MSI NVIDIA GeForce RTX 3080 Ti
Win 11 Pro
Back to Top
Skybuck View Drop Down
Groupie
Groupie


Joined: 18 Apr 2023
Status: Offline
Points: 955
Post Options Post Options   Thanks (0) Thanks(0)   Quote Skybuck Quote  Post ReplyReply Direct Link To This Post Posted: 27 May 2024 at 9:48am
After reading this I am left with some questions:

https://www.binarly.io/blog/finding-logofail-the-dangers-of-image-parsing-during-system-boot

First a short summary of what this is:

The firmware of many bios/uefi/motherboards contain sloppy C code for loading pictures/logos like JPEG/PNG/BMP. This sloppy C code allows a hacker to place a file/logo on the UEFI (special) system partition which may or may not be loaded by the bios/uefi/firmware of the motherboard.

During the image loading the sloppy/buggy C code allows the image data to overwrite other critical software instructions, like protocol related instructions, these are overwritten with "shell code" allowing the hacker to do anything else it wants with the system, for example run curl or cmd.exe and download subsequent software and comprise linux and window systems.

Chrome browser already contains a vunerability to allow protocol handlers/urls to execute cmd.exe via command line parsing mistakes of certain other applications maybe utorrent or wimamp, not saying these are vunerable but this is also an old drive by attack.

So 1 + 1 + 1 + 1 + 1 + 1 = 6. URL exploit + CMD.exe + batchfile + firmwarehack + blacklotus/similiar could comprise system fast (maybe also +python to enable this hack as in the demo).

This system vunerablity was discovered around december 2023 and was only recently disclossed, say 2 months ago or so. I didn't know about it because I was busy with other things, which I find a bit concerning but ok. Today I decided to check the ASRock forum to see if anything is going on with firmware and yup... need firmware available to combat this LogoFail...

Example:
https://www.asrock.com/mb/AMD/B650E%20Steel%20Legend%20WiFi/index.nl.asp#BIOS

"2. Patch UEFI LogoFail vulnerabilities."

Most recent firmware seems to be:

"
3.01     2024/5/15     15.17MB     
Update AMD AGESA 1.1.7.0 for Next Generation Ryzen??processors support.
"

However googling this agesa 1.1.6.0 version mention MSI and Gigabyte motherboard problems especially with build in iGPU of ryzen processors, leading to all kinds of weird things, like restarts, crashes, bsods, black screens, 1.5 gb of iGPU driver downloads.

The only thing I haven't really tested yet on this new superpc 2023 for me is the iGPU...

My ASRock motherboard Steel Legend Wifi 650B is still on BIOS version 1.28 and working beautifully so far.

Only thing I do notice is boot time is sometimes a bit strange, longer than normal and red lights start burning, but I am running default bios/uefi/firmware settings.

Anyway I have some questions about the way this motherboard works in relation to this potential attack vector, the link at the top of the posting mentions:

NVRam, which seems to be "non-volatile ram" which can store data. The article mentions the hacker could store a module inside of this nvram.

1. Does the ASRock Steel Legend 650B contain NVRam ? If so where is it stored, how can I see what is in it ? Where can I read more information about this technology in relation to motherboards, google/ai copilot did not turn up much yet, best was some older information from 2014... it's now 2024...

2. Would it be possible for the hacker to prevent re-flashing the firmware in the future in case the PC/motherboard/firmware was hacked ? Making it important to flash it now before such an event would occur...

3. Since firmware version 1.28 is working flawlessly for me, is it possible for ASRock to release a special updated firmware version 1.28 which patches this vunerability ?

This may offer an alternative in case the newer firmware versions are indeed buggy/problematic...















Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 12.04
Copyright ©2001-2021 Web Wiz Ltd.

This page was generated in 0.078 seconds.