├── DirectHW.kext └── Contents │ ├── Info.plist │ └── MacOS │ └── DirectHW ├── README.md ├── clean.orom ├── t2e_integrity_check.py └── tg3-eeprom /DirectHW.kext/Contents/Info.plist: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | BuildMachineOSBuild 6 | 11G30 7 | CFBundleDevelopmentRegion 8 | English 9 | CFBundleExecutable 10 | DirectHW 11 | CFBundleIdentifier 12 | com.coresystems.driver.DirectHW 13 | CFBundleInfoDictionaryVersion 14 | 6.0 15 | CFBundleName 16 | DirectHW 17 | CFBundlePackageType 18 | KEXT 19 | CFBundleSignature 20 | ???? 21 | CFBundleVersion 22 | 1.3 23 | DTCompiler 24 | 25 | DTPlatformBuild 26 | 4F243 27 | DTPlatformVersion 28 | GM 29 | DTSDKBuild 30 | 11G30 31 | DTSDKName 32 | 33 | DTXcode 34 | 0440 35 | DTXcodeBuild 36 | 4F243 37 | IOKitPersonalities 38 | 39 | DirectHWUserClient 40 | 41 | CFBundleIdentifier 42 | com.coresystems.driver.DirectHW 43 | IOClass 44 | DirectHWService 45 | IOMatchCategory 46 | DirectHWService 47 | IOProviderClass 48 | IOResources 49 | IOResourceMatch 50 | IOKit 51 | IOUserClientClass 52 | DirectHWUserClient 53 | 54 | 55 | OSBundleLibraries 56 | 57 | com.apple.kpi.iokit 58 | 8.0 59 | com.apple.kpi.libkern 60 | 8.0 61 | com.apple.kpi.mach 62 | 8.0.0 63 | com.apple.kpi.unsupported 64 | 8.0 65 | 66 | 67 | 68 | -------------------------------------------------------------------------------- /DirectHW.kext/Contents/MacOS/DirectHW: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/legbacore/t2e_integrity_check/61296bf7c10959c434722653c968f14fd68f28a6/DirectHW.kext/Contents/MacOS/DirectHW -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # t2e_integrity_check 2 | 3 | Apple Thunderbolt to Ethernet PCI Option ROM Integrity Checker 4 | - Xeno Kovah - xeno@legbacore.com 5 | - With thanks to Trammel Hudson, and Corey Kallenberg 6 | 7 | PCI Option ROMs (OROMs, also known as Expansion ROMs) are a 8 | known source of attacks[1][2][3][4] on computing systems. 9 | 10 | In [2][4][5] it was shown in particular that the Apple 11 | thunderbolt-to-ethernet (t2e) adapter could be used to attack Macs. 12 | 13 | However, the OROM for every t2e adapter we have looked at has 14 | been basically the same (with the exception of the MAC and 15 | a checksum.) Therefore integrity checking is highly tractable. 16 | However, we have had a limited set of devices on which to test. 17 | If this program generates an alert, it may be a false positive 18 | due to you having an image that is valid, but simply was not 19 | seen during our testing. Send all alerts/errors to the 20 | email(s) listed at the top of this file. 21 | 22 | This is not meant to be a highly-trustworthy tool. It is not 23 | currently know whether the firmware that the Broadcom chip 24 | on these devices runs can lie about the contents of the OROM. 25 | However it is suspected they may be able to. 26 | 27 | While this tool may check a single OROM, there is still a world 28 | of *other* OROMs out there which can be used to attack people. 29 | The only way the situation will improve is if customers start 30 | telling security vendors that they want them to protect against 31 | firmware-borne attacks. If enough people actually talk to their 32 | vendors, they will start to listen. 33 | 34 | [1] "Implementing and Detecting a PCI Rootkit", 35 | John Heasman, http://www.blackhat.com/presentations/ 36 | bh-dc-07/Heasman/Paper/bh-dc-07-Heasman-WP.pdf 37 | 38 | [2] "DE MYSTERIIS DOM JOBSIVS: MAC EFI ROOTKITS", Loukas K., 39 | http://ho.ax/downloads/De_Mysteriis_Dom_Jobsivs_Black_Hat_Slides.pdf 40 | 41 | [3] "UEFI and PCI Bootkits", Pierre Chifflier, https://pacsec.jp/ 42 | psj13/psj2013-day2_Pierre_pacsec-uefi-pci.pdf 43 | 44 | [4] "Thunderstrike: EFI firmware bootkits for Apple MacBooks", 45 | Trammell Hudson, Larry Rudolph, https://dl.acm.org/ 46 | citation.cfm?id=2757673 47 | 48 | [5] "Thunderstrike 2: Sith Strike", Trammel Hudson, Xeno Kovah, 49 | Corey Kallenberg, http://trmm.net/Thunderstrike_2 50 | 51 | #Other code 52 | 53 | The binary version of DirectHW.kext was compiled from Trammell Hudson's https://github.com/osresearch/rwmem 54 | 55 | The binary version of tg3-eeprom was compiled from Trammell Hundson's https://github.com/osresearch/b57tool 56 | 57 | #Usage: 58 | 59 | sudo chmod -R 700 DirectHW.kext/ 60 | 61 | sudo chown -R root:wheel DirectHW.kext/ 62 | 63 | sudo kextload DirectHW.kext 64 | 65 | sudo ./tg3-eeprom > my.orom 66 | 67 | (it must be named "my.orom") 68 | 69 | python t2e_integrity_check.py 70 | 71 | If your OROM is intact, a message to that effect will print. 72 | 73 | If not, send any alerts/errors to xeno@legbacore.com 74 | -------------------------------------------------------------------------------- /clean.orom: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/legbacore/t2e_integrity_check/61296bf7c10959c434722653c968f14fd68f28a6/clean.orom -------------------------------------------------------------------------------- /t2e_integrity_check.py: -------------------------------------------------------------------------------- 1 | # Apple Thunderbolt to Ethernet PCI Option ROM Integrity Checker 2 | # - Xeno Kovah - xeno@legbacore.com 3 | # - With thanks to Trammel Hudson, and Corey Kallenberg 4 | # 5 | # PCI Option ROMs (OROMs, also known as Expansion ROMs) are a 6 | # known source of attacks[1][2][3][4] on computing systems. 7 | # 8 | # In [2][4][5] it was shown in particular that the Apple 9 | # thunderbolt-to-ethernet (t2e) adapter could be used to attack Macs. 10 | # 11 | # However, the OROM for every t2e adapter we have looked at has 12 | # been basically the same (with the exception of the MAC and 13 | # a checksum.) Therefore integrity checking is highly tractable. 14 | # However, we have had a limited set of devices on which to test. 15 | # If this program generates an alert, it may be a false positive 16 | # due to you having an image that is valid, but simply was not 17 | # seen during our testing. Send all alerts/errors to the 18 | # email(s) listed at the top of this file. 19 | # 20 | # This is not meant to be a highly-trustworthy tool. It is not 21 | # currently know whether the firmware that the Broadcom chip 22 | # on these devices runs can lie about the contents of the OROM. 23 | # However it is suspected they may be able to. 24 | # 25 | # While this tool may check a single OROM, there is still a world 26 | # of *other* OROMs out there which can be used to attack people. 27 | # The only way the situation will improve is if customers start 28 | # telling security vendors that they want them to protect against 29 | # firmware-borne attacks. If enough people actually talk to their 30 | # vendors, they will start to listen. 31 | # 32 | #[1] "Implementing and Detecting a PCI Rootkit", 33 | # John Heasman, http://www.blackhat.com/presentations/ 34 | # bh-dc-07/Heasman/Paper/bh-dc-07-Heasman-WP.pdf 35 | #[2] "DE MYSTERIIS DOM JOBSIVS: MAC EFI ROOTKITS", Loukas K., 36 | # http://ho.ax/downloads/De_Mysteriis_Dom_Jobsivs_Black_Hat_Slides.pdf 37 | #[3] "UEFI and PCI Bootkits", Pierre Chifflier, https://pacsec.jp/ 38 | # psj13/psj2013-day2_Pierre_pacsec-uefi-pci.pdf 39 | #[4] "Thunderstrike: EFI firmware bootkits for Apple MacBooks", 40 | # Trammell Hudson, Larry Rudolph, https://dl.acm.org/ 41 | # citation.cfm?id=2757673 42 | #[5] "Thunderstrike 2: Sith Strike", Trammel Hudson, Xeno Kovah, 43 | # Corey Kallenberg, http://trmm.net/Thunderstrike_2 44 | 45 | ''' 46 | Usage: 47 | 48 | sudo kextload DirectHW.kext 49 | sudo tg3-eeprom > my.orom 50 | (it must be named "my.orom") 51 | python t2e_integrity_check.py 52 | 53 | If your OROM is intact, a message to that effect will print. 54 | If not, send any alerts/errors to xeno@legbacore.com 55 | ''' 56 | 57 | gDiffFound = 0 58 | offset = 0 59 | f = open("my.orom", "rb") 60 | f2 = open("clean.orom", "rb") 61 | try: 62 | byte = f.read(1) 63 | byte2 = f2.read(1) 64 | while byte != "" and byte2 != "": 65 | if (byte != byte2): 66 | #Difference at [0x7E,0x83] is the MAC address 67 | #Difference at [0xFC,0xFF] is the checksum 68 | if (offset < 0x7E) or (offset > 0xFF) or (offset > 0x83 and offset < 0xFC): 69 | print "byte at offset 0x%08x differs. Expected: %x Actual: %x\n" % (offset, byte, byte2) 70 | #else: 71 | # print "expected difference at offset 0x%08x\n" % offset 72 | offset+=1 73 | byte = f.read(1) 74 | byte2 = f2.read(1) 75 | finally: 76 | f.close() 77 | f2.close() 78 | 79 | if gDiffFound: 80 | print "Unexpected differences found. Please submit image to xeno@legbacore.com, so we can check for true/false positives." 81 | else: 82 | print "No unexpected differences found in OROM." 83 | -------------------------------------------------------------------------------- /tg3-eeprom: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/legbacore/t2e_integrity_check/61296bf7c10959c434722653c968f14fd68f28a6/tg3-eeprom --------------------------------------------------------------------------------