From developer@mail2dude.com Thu Dec 8 21:53:08 2016 From: mr dude To: flashrom@flashrom.org Subject: [flashrom] Flash EFI ROM on MAC with default ROM? Date: Thu, 08 Dec 2016 12:53:29 -0800 Message-ID: <33DCA2BF5E1849F1BDC5FC510BF4EAEF@mail2world.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============8916689781836247077==" --===============8916689781836247077== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hello, I found out about Flashrom after researching the Mac EFI exploit. I have several reasons to suspect that my machine (early 2013 macbook pro) is compromised at the EFI level. I am reaching out to you for help because this article from Ars Technica (link below) mentions Flashrom: "The flash is unlocked and now you can use flashrom to update its contents from userland, including EFI binaries," Friday's blog post stated, referring to the freely available utility for reading, writing, erasing, and verifying firmware contained in flash chips. "It means Thunderstrike like rootkit strictly from userland." Here's the links about the exploit and how to fix it (according to the guy who found it): https://reverse.put.as/2015/05/29/the-empire-strikes-back-apple-how-your -mac-firmware-security-is-completely-broken/ https://reverse.put.as/2015/07/01/reversing-prince-harmings-kiss-of-deat h/ "Both chips use SPI, meaning that a SPI reader/writer such as the one introduced by Trammell Hudson can be used to read and write its contents. This is the best and safest way to do it and you should definitely get or build one if you plan to do EFI research." https://trmm.net/SPI This article (http://arstechnica.com/security/2015/06/new-remote-exploit-leaves-most- macs-vulnerable-to-permanent-backdooring/) links also to OSX verification software: https://github.com/osresearch/rwmem But I already ran this tool=20 https://01.org/linux-uefi-validation And the results had "405 fails" I don't want to verify, I just want a clean EFI ROM. Is this possible using Flashrom? I have been unable to find any tutorials online, only videos that involve custom hardware connected to the chip to unlock the EFI password. Please help or advise in any way, thank you Frank=20

____________________________________________________= ___________
Get the Free email that has everyone talking at http://www.mail2world.com
Unlimited Email Storage – POP3 – Calendar – SMS= – Translator – Much More! --===============8916689781836247077== Content-Type: text/html Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="attachment.htm" MIME-Version: 1.0 PEhUTUw+CjxCT0RZPgpIZWxsbyw8YnI+Cgo8YnI+CgpJIGZvdW5kIG91dCBhYm91dCBGbGFzaHJv bSBhZnRlciByZXNlYXJjaGluZyB0aGUgTWFjIEVGSSBleHBsb2l0LiBJIGhhdmUgc2V2ZXJhbCBy ZWFzb25zIHRvIHN1c3BlY3QgdGhhdCBteSBtYWNoaW5lIChlYXJseSAyMDEzIG1hY2Jvb2sgcHJv KSBpcyBjb21wcm9taXNlZCBhdCB0aGUgRUZJIGxldmVsLiBJIGFtIHJlYWNoaW5nIG91dCB0byB5 b3UgZm9yIGhlbHAgYmVjYXVzZSB0aGlzIGFydGljbGUgZnJvbSBBcnMgVGVjaG5pY2EgKGxpbmsg YmVsb3cpIG1lbnRpb25zIEZsYXNocm9tOjxicj4KCjxicj4KCiJUaGUgZmxhc2ggaXMgdW5sb2Nr ZWQgYW5kIG5vdyB5b3UgY2FuIHVzZSBmbGFzaHJvbSB0byB1cGRhdGUgaXRzIGNvbnRlbnRzIGZy b20gdXNlcmxhbmQsIGluY2x1ZGluZyBFRkkgYmluYXJpZXMsIiBGcmlkYXkncyBibG9nIHBvc3Qg c3RhdGVkLCByZWZlcnJpbmcgdG8gdGhlIGZyZWVseSBhdmFpbGFibGUgdXRpbGl0eSBmb3IgcmVh ZGluZywgd3JpdGluZywgZXJhc2luZywgYW5kIHZlcmlmeWluZyBmaXJtd2FyZSBjb250YWluZWQg aW4gZmxhc2ggY2hpcHMuICJJdCBtZWFucyBUaHVuZGVyc3RyaWtlIGxpa2Ugcm9vdGtpdCBzdHJp Y3RseSBmcm9tIHVzZXJsYW5kLiI8YnI+Cgo8YnI+CgpIZXJlJ3MgdGhlIGxpbmtzIGFib3V0IHRo ZSBleHBsb2l0IGFuZCBob3cgdG8gZml4IGl0IChhY2NvcmRpbmcgdG8gdGhlIGd1eSB3aG8gZm91 bmQgaXQpOjxicj4KCjxicj4KCmh0dHBzOi8vcmV2ZXJzZS5wdXQuYXMvMjAxNS8wNS8yOS90aGUt ZW1waXJlLXN0cmlrZXMtYmFjay1hcHBsZS1ob3cteW91ci1tYWMtZmlybXdhcmUtc2VjdXJpdHkt aXMtY29tcGxldGVseS1icm9rZW4vPGJyPgoKPGJyPgoKaHR0cHM6Ly9yZXZlcnNlLnB1dC5hcy8y MDE1LzA3LzAxL3JldmVyc2luZy1wcmluY2UtaGFybWluZ3Mta2lzcy1vZi1kZWF0aC88YnI+Cgo8 YnI+CgoiQm90aCBjaGlwcyB1c2UgU1BJLCBtZWFuaW5nIHRoYXQgYSBTUEkgcmVhZGVyL3dyaXRl ciBzdWNoIGFzIHRoZSBvbmUgaW50cm9kdWNlZCBieSBUcmFtbWVsbCBIdWRzb24gY2FuIGJlIHVz ZWQgdG8gcmVhZCBhbmQgd3JpdGUgaXRzIGNvbnRlbnRzLjxicj4KClRoaXMgaXMgdGhlIGJlc3Qg YW5kIHNhZmVzdCB3YXkgdG8gZG8gaXQgYW5kIHlvdSBzaG91bGQgZGVmaW5pdGVseSBnZXQgb3Ig YnVpbGQgb25lIGlmIHlvdSBwbGFuIHRvIGRvIEVGSSByZXNlYXJjaC4iPGJyPgoKPGJyPgoKaHR0 cHM6Ly90cm1tLm5ldC9TUEk8YnI+Cgo8YnI+CgpUaGlzIGFydGljbGUgKGh0dHA6Ly9hcnN0ZWNo bmljYS5jb20vc2VjdXJpdHkvMjAxNS8wNi9uZXctcmVtb3RlLWV4cGxvaXQtbGVhdmVzLW1vc3Qt bWFjcy12dWxuZXJhYmxlLXRvLXBlcm1hbmVudC1iYWNrZG9vcmluZy8pPGJyPgoKPGJyPgoKbGlu a3MgYWxzbyB0byBPU1ggdmVyaWZpY2F0aW9uIHNvZnR3YXJlOjxicj4KCjxicj4KCmh0dHBzOi8v Z2l0aHViLmNvbS9vc3Jlc2VhcmNoL3J3bWVtPGJyPgoKPGJyPgoKQnV0IEkgYWxyZWFkeSByYW4g dGhpcyB0b29sIDxicj4KCjxicj4KCmh0dHBzOi8vMDEub3JnL2xpbnV4LXVlZmktdmFsaWRhdGlv bjxicj4KCjxicj4KCkFuZCB0aGUgcmVzdWx0cyBoYWQgIjQwNSBmYWlscyI8YnI+Cgo8YnI+CgpJ IGRvbid0IHdhbnQgdG8gdmVyaWZ5LCBJIGp1c3Qgd2FudCBhIGNsZWFuIEVGSSBST00uIElzIHRo aXMgcG9zc2libGUgdXNpbmcgRmxhc2hyb20/IEkgaGF2ZSBiZWVuIHVuYWJsZSB0byBmaW5kIGFu eSB0dXRvcmlhbHMgb25saW5lLCBvbmx5IHZpZGVvcyB0aGF0IGludm9sdmUgY3VzdG9tIGhhcmR3 YXJlIGNvbm5lY3RlZCB0byB0aGUgY2hpcCB0byB1bmxvY2sgdGhlIEVGSSBwYXNzd29yZC48YnI+ Cgo8YnI+CgpQbGVhc2UgaGVscCBvciBhZHZpc2UgaW4gYW55IHdheSwgdGhhbmsgeW91PGJyPgoK PGJyPgoKRnJhbmsKPC9CT0RZPjwvSFRNTD4KCgo8c3BhbiBpZD1tMndUbD48cD48Zm9udCBmYWNl PSJBcmlhbCwgSGVsdmV0aWNhLCBzYW5zLXNlcmlmIiBzaXplPSIyIiBzdHlsZT0iZm9udC1zaXpl OjEzLjVweCI+X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fPEJSPkdldCB0aGUgRnJlZSBlbWFpbCB0aGF0IGhhcyBldmVyeW9uZSB0 YWxraW5nIGF0IDxhIGhyZWY9aHR0cDovL3d3dy5tYWlsMndvcmxkLmNvbSB0YXJnZXQ9bmV3Pmh0 dHA6Ly93d3cubWFpbDJ3b3JsZC5jb208L2E+PGJyPiAgPGZvbnQgY29sb3I9Izk5OTk5OT5Vbmxp bWl0ZWQgRW1haWwgU3RvcmFnZSAmIzE1MDsgUE9QMyAmIzE1MDsgQ2FsZW5kYXIgJiMxNTA7IFNN UyAmIzE1MDsgVHJhbnNsYXRvciAmIzE1MDsgTXVjaCBNb3JlITwvZm9udD48L2ZvbnQ+PC9zcGFu Pg== --===============8916689781836247077==--