Articles 16
Tags 19


when root is not enough

Swimming, Diving, Hopefully not Drowning!

I got a super nice project, and for that I needed to learn how the SMM really works. Again I started dipping my toes in this ocean of knowledge and I hope I don’t get too excited and drown myself before even getting started ;) For the people who are not sure if they want to read all this:


In SMM, it is possible to modify SMM saved execution context. SMM also sets its own IDT, it is initialized by the BIOS (DXE) and tons of cool stuff.

Learning about the BIOS

or why do we discuss how to authenticate the user to the machine, but never the machine to the user

My path into low-level security

I have been away for a while as you may or may not have noticed and the reason for that is a great one! I am learning new things and as usual I will try to share my notes here. They are going to be chaotic and I can not give you any guarantee that I got it right, so please let me know if something looks weird ;)

Logic & binaries

What is this post about?

Malicious codes are implemented to stay hidden during the infection and operation, preventing their removal and the analysis of the code. Software analysis is a critical point in dealing with malware, since most samples employ some sort of packing or obfuscation techniques in order to thwart analysis.

Firmware 101

Getting the Code

Extracting the Firmware

In the last post, we discussed how to find important information about how to communicate with the device’s. In this post, we are going to describe the standard approach of getting the code we want to reverse and use the information we collected before.

Hardware 101

I have this $device - How to start?

Understanding your device

First of all: Look for Debug Ports

In fact, this should be the step zero step. I mean, you’ve got a wonderful piece of hardware but how do you communicate with it? To find all the available connections, I usually make a list of all physical ports I can access, I count all the pins I see and so on, always keeping in my mind that I want a debug port. The debug port is usually the one used to program the device at the factory and is sometimes left available for technical support and repair reasons.