PythonĪll our scripts are written on Python. The SPI Flash image for Gigabyte GB-BPCE-3350C version F5 contains the necessary firmware version.
The PoC targets Intel TXE firmware version 3. In our experiments, we used Intel System Studio 2018. You need to install Intel System Studio, a trial version of which can be downloaded from Intel site.
So, for integrating our PoC you need Intel TXE System Tools version 3.x, which can be found online. However, some OEMs publish them as part of software updates together with device drivers. The Intel ME (TXE, SPS) System Tools utilities are not intended for end users-so you cannot find them on the official Intel website. Here is the structure of the root directory of the Intel System Tools package: You will need to integrate it into the ME firmware by using Intel Flash Image Tool (FIT), one of the Intel System Tools provided by Intel to OEMs of hardware based on Intel PCH chipsets. Vulnerability INTEL-SA-00086 involves a buffer overflow when handling a file stored on MFS (the internal ME file system). Although we recommend that would-be researchers use the same platform, other manufacturers' platforms with the Intel Apollo Lake chipset should support the PoC as well (for TXE version 3.). We developed our JTAG PoC for the Gigabyte Brix GP-BPCE-3350C platform. Vulnerability INTEL-SA-00086 allows to activate JTAG for Intel Management Engine core. Performing an Initial Check of JTAG Operability Setting the IPC_PATH Environment Variable Integrating Files Into the Firmware Image Neither the authors nor their employer are responsible for any direct or consequential damage or loss arising from any person or organization acting or failing to act on the basis of information contained in this page. Follow these instructions at your own risk. All information is provided for educational purposes only.
0 kommentar(er)
