Presentation is loading. Please wait.

Presentation is loading. Please wait.

HARDWARE PLATFORM SECURITY

Published byΥπάτιος Χατζηιωάννου Modified over 5 years ago

Similar presentations

Presentation on theme: "HARDWARE PLATFORM SECURITY"— Presentation transcript:

1 HARDWARE PLATFORM SECURITY
Course Code: CSCI-620 Course Description: OPERATING SYSTEMS SECURITY Exercise 5: Session: 1 Lecture Unit: CSN1 Topic: Hacking hardware password Author: Prof. R.A. Mihajlović Year: /2011 © Dr. R. A. Mihajlovic, Reproduction in any shape or form is prohibited.

2 CSCI-620 Operating Systems Security
Topics Systems banner NVRAM and the dead battery NVRAM with unknown passwords inside Physical NVRAM hacking: battery replacement Physical NVRAM hacking: adding new batetry NVRAM reprogramming CSCI-620 Operating Systems Security Exercise 5

3 CSCI-620 Operating Systems Security
Question 1 Read the system banner below and find: What is the system board (motherboard) ID number? What is the purpose (use of) the system’s board number? OK banner Sun Ultra 5/10 UPA/PCI (UltraSPARC-II: 270MHz), Keyboard Present OpenBoot 3.11, 128 MB memory installed Serial # Ethernet address 8:0:20:9e:d3:90, Host ID:809ed390 Boot device . . . CSCI-620 Operating Systems Security Exercise 5

4 CSCI-620 Operating Systems Security
Question 2 Read the system banner below and find: What is the OpenBoot systems firmware version number? What is the on board network controller’s MAC address? OK banner Sun Ultra 5/10 UPA/PCI (UltraSPARC-II: 270MHz), Keyboard Present OpenBoot 3.11, 128 MB memory installed Serial # Ethernet address 8:0:20:9e:d3:90, Host ID:809ed390 Boot device . . . CSCI-620 Operating Systems Security Exercise 5

5 Exercises 1: Hacking NVRAM
NVRAM chip has battetry inside that provides power to the memory IC-chip while the main electric supply is off. IF one has to remove hardware protection password NVRAM chip has to be replaced or erased by replacement of the NVRAM battery. CSCI-620 Operating Systems Security Exercise 5

6 Exercises 1: Hacking NVRAM
When NVRAM gets erased the following messages may appears on the banner. Sun Workstation, Model Sun-XXXXXX Series. ROM Rev X.X, XXMB memory installed ID PROM invalid. Testing 0 Megabytes of Memory ... Completed. ERROR: missing or invalid ID prom Requesting Internet address for 0:0:0:0:0:0 or Sun Workstation, Model Sun-XXXX Series. Type 4 Keyboard ROM Rev X.X, XXMB memory installed, Serial # Ethernet address ff:ff:ff:ff:ff:ff, Host ID ffffffff Invalid format type in NVRAM The IDPROM contents are invalid CSCI-620 Operating Systems Security Exercise 5

7 CSCI-620 Operating Systems Security
NVRAM chip NVRAM is a small 24 pin DIP (Dual Inline Packaged) integrated circuit that keeps track of various hardware system parameters such as: Serial number , Ethernet MAC (Media Access Control) address, HOSTID, Date of manufacture, etc. CSCI-620 Operating Systems Security Exercise 5

8 Exercises 1: Hacking NVRAM
Remove the internal battery, by taking the saw and saw the top cover in two, in the middle of the NVRAM. This is to be done only if exceptional situations. CSCI-620 Operating Systems Security Exercise 5

9 Exercises 1: Hacking NVRAM
The half with the dot contains a crystal, the other half a 3V battery. Try to keep the pins from bending. CSCI-620 Operating Systems Security Exercise 5

10 Exercises 1: Hacking NVRAM
Now, gently wiggle the top piece with the battery until the wires break, use the knife on the epoxy on the side if needed. CSCI-620 Operating Systems Security Exercise 5

11 Exercises 1: Hacking NVRAM
The wires from the lower half to the top half will be visible now. To remove hardware passwords the internal battery should now come off, with pieces of the wire. CSCI-620 Operating Systems Security Exercise 5

12 Exercises 1: Hacking NVRAM
Connect 2 exposed wires to the 3V battery. Solder a wire close to pin 12 to the minus and a wire close to pin 13 to the plus of the battery. The pins are number 1-24, starting at the dot, going down the row to 12, then opposite 12 is 13, going up to 24. CSCI-620 Operating Systems Security Exercise 5

13 Exercises 1: Hacking NVRAM
Insert the NVRAM and new batteries into the system. Default parameters can be loaded from the PROM. CSCI-620 Operating Systems Security Exercise 5

14 Exercise 2: Hacking dead NVRAM
NVRAM battery lasts about 5 years. At the end of its life time NVRAM looses its content, (It is erased). CSCI-620 Operating Systems Security Exercise 5

15 Exercise 2: Hacking dead NVRAM
When old battery is “dead” add new battery in parallel with the old. CSCI-620 Operating Systems Security Exercise 5

16 Exercise 3: Reprogram NVRAM
Select new Ethernet (MAC) address an the last 3 bytes of the host ID number. There are no restrictions on the last three bytes. The Ethernet (IEEE standard) address should begin with Sun ID number 08:00:20:xx:yy:zz. CSCI-620 Operating Systems Security Exercise 5

17 Exercise 3: Reprogramming NVRAM
Say the Ethernet MAC address is 08:00:20:E3:E4:E5 and the last three bytes of the hostid are H1, H2, H3. The first byte of the hostid will automatically be set according to the system type (real-machine-type variable value is stored in the OpenBoot monitor PROM). OK set-defaults OK setenv diag-switch? false E3 E4 E5 H1H2H3 mkpl Control-D Control-R CSCI-620 Operating Systems Security Exercise 5

18 Stop-n OBP POST Hot Keys
If the Sun Sparc system will not boot, and the faulty or erased parameters in the NVRAM are suspects, they could easily be changed to the default values. Hold down the Stop-n keys while the system power is on. When you see the keyboard LEDs flash, release the keys. The default hardware parameter values will be copied form the PROM into the NVRAM and the system may continue to boot. CSCI-620 Operating Systems Security Exercise 5

19 PC equivalent NVRAM chip
PC has also NVRAM (CMOS-RAM) chip with the clock timer and all passwords inside. If you cannot replace it, hack it. RTC – RTC means Real Time Clock or it is mostly called as CMOS chip which maintains the date, day and time in a 24 hour format just like your watch. The computer uses this clock to 'time stamp' files as they are produced and customized. Whenever the user print a file it time stamps the pages as they are printed. CSCI-620 Operating Systems Security Exercise 5

20 Resetting BIOS passwords
On many systems temporary removal of the systems board battery does not clear systems firmware passwords, (Which are backed up by the second battery built in the NVRAM RTClock chip). Reset Your PC Bios Password If your PC Bios is asking for a password to enter the main bios screen then your bios has been setup with a password. Have you forgot your bios password? You can easily reset the bios password, although you will need to get your hands dirty. With your PC turned off, use a screw driver take the case of the PC. Move the cables that are attached to the motherboard out of the way and have a look for a large battery on the motherboard. This is the CMOS battery, and holds the charge to your bios when your PC is turned off. Remove the battery, and leave the PC for 10 Minutes. This will ensure there is no electrical signal travelling to your bios, and this will mean that the memory settings for the bios are now reset. Place the CMOS battery back in its position, and replace the PC case. When you log back into the main bios screen the password request will be gone. You can use this method on any PC, and also it will work on older laptops, however you will need to spend a greater amount of time to gain access to the cmos battery in a laptop as there is alot of parts to unscrew, and its very tightly made. Newer laptops have greater security and removing the cmos battery to reset the bios password will not work in this way.  CSCI-620 Operating Systems Security Exercise 5

21 Question: GPPU/CPU internal firmware
What is the term used to name the internal CPU firmware? CSCI-620 Operating Systems Security Exercise 5

22 Answer: GPPU/CPU internal firmware
What is the term used to name the internal CPU firmware? Microcode. CSCI-620 Operating Systems Security Exercise 5

23 Question: GPU internal firmware
What is the term used to name the internal GPU (Graphics Processing Unit controller) firmware? CSCI-620 Operating Systems Security Exercise 5

24 Answer: GPU internal firmware
What is the term used to name the internal GPU (Graphics Processing Unit controller) firmware? Devi device firmware. CSCI-620 Operating Systems Security Exercise 5

25 Question: Motherboard firmware
What is the term used to name the systems (mother) board based firmware? CSCI-620 Operating Systems Security Exercise 5

26 Answer: Motherboard firmware
What is the term used to name the systems (mother) board based firmware? Systems firmware. CSCI-620 Operating Systems Security Exercise 5

27 Question: Motherboard firmware
What is the systems firmware UI shell used mostly for? CSCI-620 Operating Systems Security Exercise 5

28 Answer: Motherboard firmware
What is the systems firmware UI shell used mostly for? System platform parameter configuration, (Hardware performance customization). Hardware performance customization CSCI-620 Operating Systems Security Exercise 5

29 Question: Motherboard firmware
Which systems firmware program generates the following report on the console screen? CSCI-620 Operating Systems Security Exercise 5

30 Answer: Motherboard firmware
Which systems firmware program generates the following report on the console screen? POST program. Every computer user has seen that antiquated 1960's type ASCII character screen that pops up as your PC starts up, but only a fairly small percentage of us have ever understood what all that stuff is, let alone delve into its mysterious functions. When your computer is first turned on, it literally doesn't know what it is. It could boot into a Windows environment or maybe a Linux one, or a Unix server or one of an almost infinite number of proprietary business or technical variants. The Basic Input Output System (BIOS) is how your computer knows how to start the process of launching into the Operating System you have chosen for it. The BIOS is a tiny chunk of software that your PC utilizes to configure and test its various systems, including disk drives, memory, video, and all its various subsystems. The BIOS information is held in an Electrically Erasable Programmable Read Only Memory (EEPROM) that holds the current version of the program. Almost all BIOS chips on the market today are manufactured by either AMI or Phoenix. Even if your BIOS shows your PC manufacturer's name instead of AMI or Phoenix, it is most likely that you're running one of those same BIOSes but your manufacturer has licensed to use it under its own name. The BIOS checks the information on the Complementary Metal Oxide Semiconductor (CMOS) which contain the PC's current settings. A tiny battery on the motherboard maintains electricity to the CMOS to ensure that data does not get erased even if the PC is unplugged for months or years. With the CMOS info, the BIOS now proceeds to configure the various computer subsystems to all work in harmony. Some of the functions that the BIOS controls is the order the disk drives will be polled for boot information, the loading of various interrupt handlers and device drivers to make the subsystems and attached peripherals work properly. After that's all taken care of, the BIOS turns its attention to the video subsystem and will either start its own onboard graphics controller or trigger a separate BIOS which resides inside a third party video card. Once video output is determined to be available, the BIOS runs the Power On Self Test (POST) where it confirms that the power supply voltages, checksums, onboard memory, input/output and video controllers are operating according to specification. This is why you'll often hear distraught computer enthusiast crying "My PC won't POST!" Once the POST routine is completed and the graphics controller is enabled to show the amount of onboard RAM memory on the monitor, everything is A-OK and the boot sequence of the loaded Operating System can begin. That's when you start getting the Windows logos and in many cases go out for lunch, take in a movie, go for a stroll in the park and come back to wait for your Windows to load. If there is anyone to blame for that it's Bill Gates, it is most certainly not the fault of your BIOS which will usually perform all its duties in a matter of a few seconds! CSCI-620 Operating Systems Security Exercise 5

31 Question: Motherboard firmware security
How is systems platform configuration protected? CSCI-620 Operating Systems Security Exercise 5

32 Answer: Motherboard firmware security
How is systems platform configuration protected? By means of two passwords, (User is by default hardware or systems administrator, HA & SA). CSCI-620 Operating Systems Security Exercise 5

33 Question: Motherboard firmware security
Should HA (hardware administrator known as technician) be given password to boot operating system? CSCI-620 Operating Systems Security Exercise 5

34 Answer: Motherboard firmware security
Should HA (hardware administrator known as technician) be given password to boot operating system? Yes! HA may need to boot from the BIOS-update/BIOS-Flash CD-ROM or Floppy to upgrade BIOS. CSCI-620 Operating Systems Security Exercise 5

35 Question: Motherboard firmware security
Which of the systems firmware programs is protected by the boot password? CSCI-620 Operating Systems Security Exercise 5

36 Answer: Motherboard firmware security
Which of the systems firmware programs is protected by the boot password? Bootstrap loader or L0-loader. CSCI-620 Operating Systems Security Exercise 5

37 CSCI-620 Operating Systems Security
Exercise: Systems firmware hacking tools Try to get Hiren’s All in 1 BootCD and try hacking systems firmware password without hacking the NVRAM chip. Password reset CSCI-620 Operating Systems Security Exercise 5

38 CSCI-620 Operating Systems Security
Homework 1: Systems firmware hacking tools Describe minimum 6 OK prompt system-firmware commands with their use examples. Password reset CSCI-620 Operating Systems Security Exercise 5

39 CSCI-620 Operating Systems Security
Homework 2: Systems firmware hacking tools Write a paper on all possible BIOS/system-firmware protection passwords. Describe each password use and the vendor using it. Password reset CSCI-620 Operating Systems Security Exercise 5

40 CSCI-620 Operating Systems Security
Homework 3: Systems firmware hacking tools Do all other homework assignments mentioned in the posted material. Password reset CSCI-620 Operating Systems Security Exercise 5

41 CSCI-620 Operating Systems Security
References [1] IPROM FAQ at NVRAM/HOSTID FAQ [2] Fixing a Sun NVRAM chip [3] Article: [4] Hiren’s tools [5] Oracle instalaltion CSCI-620 Operating Systems Security Exercise 5

42 CSCI-620 Operating Systems Security
The End CSCI-620 Operating Systems Security Exercise 5 42

Download ppt "HARDWARE PLATFORM SECURITY"

Similar presentations

Hardware Lesson 3 Inside your computer.

Hardware Lesson 3 Inside your computer.
MUHAMMAD AHMED HUSSAIN

MUHAMMAD AHMED HUSSAIN
BIOS & CMOS To Navigation page.

BIOS & CMOS To Navigation page.
System Setup CGS2564. What Happens When You Start up a Computer? BIOS Basic Input Output System A set of programs stored in ROM Contain instructions on.

System Setup CGS2564. What Happens When You Start up a Computer? BIOS Basic Input Output System A set of programs stored in ROM Contain instructions on.
RAM Random access memory, or RAM for short, is active during the processing function. RAM is often referred to as “temporary memory.” RAM consists of electronic.

RAM Random access memory, or RAM for short, is active during the processing function. RAM is often referred to as “temporary memory.” RAM consists of electronic.
The power supply performs a self-test. When all voltages and current levels are acceptable, the supply indicates that the power is stable and sends the.

The power supply performs a self-test. When all voltages and current levels are acceptable, the supply indicates that the power is stable and sends the.
PC BIOS and CMOS.

PC BIOS and CMOS.
Motherboard, BIOS and POST The external data bus connects devices on the motherboard together. Everything is also connected to the address bus. These busses.

Motherboard, BIOS and POST The external data bus connects devices on the motherboard together. Everything is also connected to the address bus. These busses.
Basic Input Output System

Basic Input Output System
CCNA 2 v3.1 Module 2.

CCNA 2 v3.1 Module 2.
Booting in Windows XP Presented and Designed By: Luke Ladd.

Booting in Windows XP Presented and Designed By: Luke Ladd.
Basic Input Output System

Basic Input Output System
Configuration Overview The BIOS (basic input/output system) is an important motherboard component. The BIOS has the following functions: Holds and executes.

Configuration Overview The BIOS (basic input/output system) is an important motherboard component. The BIOS has the following functions: Holds and executes.
Elements of a Computer System Dr Kathryn Merrick Thursday 4 th June, 2009.

Elements of a Computer System Dr Kathryn Merrick Thursday 4 th June, 2009.
Working with the BIOS / CMOS

Working with the BIOS / CMOS
Macquarie Fields College of TAFE Version 2 – 13 March 2000 2 - HARDWARE 2.

Macquarie Fields College of TAFE Version 2 – 13 March HARDWARE 2.
Flash Cards Computer Technology.

Flash Cards Computer Technology.
Computer Maintenance Unit Subtitle: Basic Input/Output System (BIOS) Excerpted from www.howstuffworks.com 1 Copyright © Texas Education Agency, 2011. All.

Computer Maintenance Unit Subtitle: Basic Input/Output System (BIOS) Excerpted from 1 Copyright © Texas Education Agency, All.
Random access memory.

Random access memory.
CPU (CENTRAL PROCESSING UNIT): processor chip (computer’s brain) found on the motherboard.

CPU (CENTRAL PROCESSING UNIT): processor chip (computer’s brain) found on the motherboard.

Similar presentations

Ads by Google