Dumping BIOS

[leonardo.p...@gmail.com]

Can anyone give me the instructions necessaries to dump the bios of my PC. So that I’m sure while using Qubes that I’m safe?
Best regards
Leonardo

[Yethal]

How exactly would dumping the bios make sure you're safe?

[Matteo]

>> Can anyone give me the instructions necessaries to dump the bios of my PC. So that I’m sure while using Qubes that I’m safe?
>> Best regards
>> Leonardo
>
> How exactly would dumping the bios make sure you're safe?
>

You don't need to dump it to be safe. Qubes "shields" you from buggy
bios so you don't care if it has an exploitable vulnerability.
you only need to worry about supply chain attacks (you buy a new pc with
backdoored bios).
but again you don't need to worry about that, instead focus your efforts
in automatizing opening links and email attachments in the correct vm
(micah flee has made a tutorial for that).

if you really want to dump the bios for fun or learn new things here is
my expirence:
you can use arduino or a raspberry pi (of course you can also buy a
programmer but they cost more).

depending on the spi flash model and pc model you might need a power
adapter:
arduino is 5V
raspberry is 3,3V
spi flash are usually 3,3V but some are 1,8V (and you will burn them if
you attach 3,3V)
you might need to desolder the chip to be able to read it.
again, i think you should focus on other things.

Qubes OS is a security oriented os but this doesn't mean that everyone
must come out with the most strange attacks... think about simpler one
and stop them, noone is going to backdoor your bios, and if it has
unfixed bugs you don't care thanks to Qubes.

if you/someone wants more detailed info about bios dumping i'll be happy
to help but i think it's a bit off topic and an overkill.

[cooloutac]

I disagree when you say nooone is going to backdoor your bios. I think its very common nowadays. I don't think Qubes actually shields you from a buggy bios but its actually very dependent on a proper working bios, like any O/S. Especially since qubes uses features of bios most os doesn't.

But I guess you are right not to worry about it, because there is not much you can do for a corrupted or buggy bios, except to buy a new pc, but it would be something most people would want to confirm before doing, or using it for sensitive tasks.

I agree dumping the bios to have a snapshot of it would be very complicated and not practical at all. But I see nothing wrong with doing so if willing and able. You can also look into using AEM to see if something changes during boot.

https://www.qubes-os.org/doc/anti-evil-maid/

[Matteo]

> I disagree when you say nooone is going to backdoor your bios. I think its very common nowadays.

as far as i know there is computrace that is an anti theft system that
gain persistence over the os by dropping an exe that windows will load
at boot time but this works only over fat32 and ntfs (not encrypted).
i heard also about lenovo doing the same thing for ads or whatever. and
after people got angry they released a bios patch to opt-out.
but i wouldn't say "very common".

I don't think Qubes actually shields you from a buggy bios...
yes, Qubes "shield" you because bios is simply not visible from the vm
so for example a bug in S3 resume script that does not restore proper
spi flash write protection is not a problem (from what i have understood).
also see rutkovska:
https://twitter.com/rootkovska/status/934695078764974080

> But I guess you are right not to worry about it

yes, and please anyone, focus your efforts on something more probable;
attackers always chose the cheapest path.
take a look at:
https://www.securityplanner.org/ (require javascript)

[Tai...@gmx.com]

On 12/15/2017 12:54 PM, Matteo wrote:

>> I disagree when you say nooone is going to backdoor your bios. I think its very common nowadays.

Actually no it isn't - unless you have managed to ruffle the feathers of
a state actor such as the FSB or MSS.

I have never heard of a real proven BIOS hack of anyone even a serious
military intelligence target let alone a common law abiding citizen who
simply managed to piss off some guy in a chat-room or what not, I am
sure it has been done many times but despite being active in the
firmware modification community I haven't heard about it.

> as far as i know there is computrace that is an anti theft system that
> gain persistence over the os by dropping an exe that windows will load
> at boot time but this works only over fat32 and ntfs (not encrypted).
> i heard also about lenovo doing the same thing for ads or whatever. and
> after people got angry they released a bios patch to opt-out.
> but i wouldn't say "very common".

Computrace uses a windows utility to do this not direct code injection
so using linux or simply disabling it in your vendor BIOS would solve
the issue of an out-dated problematic exe being forcibly loaded.

If you wish for better security you can use a coreboot board with open
source silicon init (not purism, get the libre RYF kcma-d8 or the lenovo
g505s laptop for instance) otherwise while you can use an external flash
clip to read back the BIOS and make sure it hasn't been modified you
still would be vulnerable to manufacturer security problems, ME etc.

[cooloutac]

I would get the same responses from people in the 90s. Can't believe its still parroted in 2017 when we see so many real life examples and poc's. Bios devs claim bios's are more safer now, but I think they are less safe. Its why I'm a big fan of ITL, they keep it real.

You forget all the hacking teams out there getting their data pilfered by 15 year olds. Or the story about intel's backdoor that has been there for years and years, who knows how many people knew. Its also holiday season right now. Satans claws are coming to town and everything is on sale for everyone lol

I think part of the problem is old school mentalities like yours have a hard time not only admitting that a bios can be infected in the first place, but also that it can be infected remotely.

Its also very hard to admit to something like this, because what can we really do against it? I still remember the look on everyones face on the panel of the Logan CIJ Symposium 2016 when Joanna said maybe there is no point if we can't trust companies or developers or the hardware is backdoored.

Doesn't purism use secure boot on their latest model?

[Tim W]

BIOS today especially with all the extra intel coding have balloned into an actual full OS between your user installed OS and the bare metal.

As most all the BIOS code is propriety how exactly can anyone on here claim there are no hacks or otherwise?

There is a HUGE difference between chain of trust or having to accept having to trust hardware and actually trusting it.

I really do not want to spend any real time digging up bios hacks but a google search would at least get you the reports of them.

Just to offer up one take a look at Bruce Schneier's blog as he wrote on this topic very briefly here: https://www.schneier.com/blog/archives/2015/03/bios_hacking.html

Not to mention today bios can interact remotely with the hardware vs cellular radio ethernet etc.. Unless there is a manual switch to separate it like some wifi etc have compared to a software on off mode is basically meaningless as its open to being modified and you have no way to audit the code even if you wanted to. You have no way of knowing there is not a backdoor that allows them to be turned on or settings changed.

While I may no be able to control it I would say with the direction BIOS software has been going over the last 1o yrs it presents a very real security threat. Anything that is between my installed OS and the bare metal IMO is of the most serious of threats as we are extremely limited in protecting ourselves from anything below what we install. The BIOS is a master key to everything above it.