[coreboot] How Coreboot can help in malware reverse engineering ?

Jean-Francois Agneessens jeanfrancois.agneessens at gmail.com
Thu Oct 30 09:16:55 CET 2008


Well,

In a normal world you would use a debugger on the host, but because the
malware creators are introducing more and more debugger detection
techniques, obfuscation and so on, I was thinking of bypassing some of them
but just placing access on the memory at a lower level.

Is it possible to have some devices uniquely accessible by the BIOS ? Is it
possible to get a side access to the BIOS while the OS is running (and I
know that OSes are not using BIOS anymore)? ACPI was just an example but
indeed I might be wrong by thinking of ACPI. David in its earlier post
talked about SMM which I never heard about.

If you think of DRM BIOS, like said during the presentation at FOSDEM (found
on youtube), they can control the whole system independently of the OS. I
kinda have the same goal, but with open source code and not for DRM
purposes.

thanks for your comments !

---------------------------------------
Jean-François Agneessens
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.coreboot.org/pipermail/coreboot/attachments/20081030/8bb1c601/attachment.html>


More information about the coreboot mailing list