Sector size (logical/physical): 512 bytes / 512 bytes In fact, the CMOS chip had just about the largest pin size you can find on standard motherboards, it was a SOP-8 (aka SOIC-8). After some probing and consulting the schematics, it turned out that the TPM shared a SPI bus with a single other chip, the CMOS chip, which definitely had larger pins. Maybe their pins would be larger and easier to use. We started looking throughout the board for any other chip that might be on the same bus as the TPM. It’s a technique hardware designers use to make connections simpler, save on cost, and make troubleshooting/programming easier. Many times SPI chips share the same “bus” with other SPI chips. This was not going to be easy.īut before we got started we figured there might be another way. Alternatively a common tactic is to locate in-series resistors to solder to, but they were just as small, and even more fragile. You could solder “fly leads” to the solder pads but that’s a hassle and tends to be a very physically unstable connection. And those “pins” aren’t actually pins, they are flat against the wall of the chip so it’s physically impossible to attach any sort of clip. The “pins” are actually only 0.25mm wide and spaced 0.5mm apart. This TPM is on a VQFN32 footprint, which is very tiny. Normally that is simple but there is a practical problem in this case. In order to sniff the data moving over the SPI bus, we must attach leads or probes to the pins (labeled above as MOSI, MISO, CS, and CLK) on the TPM. Getting around the TPM in this manner is akin to ignoring Fort Knox and focusing on the not-so-armored car coming out of it. If we can grab that key, we should be able to decrypt the drive, get access to the VPN client config, and maybe get access to the internal network. At the time of this writing BitLocker does not utilize any encrypted communication features of the TPM 2.0 standard, which means any data coming out of the TPM is coming out in plaintext, including the decryption key for Windows. Any encryption must be handled by the devices themselves. Due to its simplicity, there is no encryption option for SPI. SPI is a communication protocol for embedded systems and is extremely common amongst virtually all hardware. A process that places it squarely into Evil-Maid territory. A pre-equipped attacker can perform this entire attack chain in less than 30 minutes with no soldering, simple and relatively cheap hardware, and publicly available tools.
KON BOOT BITLOCKER PASSWORD
That, coupled with the BitLocker encryption means that the drive decryption key is being pulled only from the TPM, no user supplied PIN or password was needed which is the default for BitLocker.
KON BOOT BITLOCKER WINDOWS 10
One of the things we saw when doing recon was that the laptop boots directly to the Windows 10 Login screen. With nothing else working, that last point, TPM secured BitLocker, was going to be our way in.
KON BOOT BITLOCKER FULL
The SSD was full disk encrypted (FDE) using Microsoft’s BitLocker, secured via Trusted Platform Module (TPM).LAN turtle and other Responder attacks via USB ethernet adapters returned nothing usable.Kon-boot auth bypass did not work because of full disk encryption.Secureboot was fully enabled and prevented any non-signed operating systems.The BIOS boot order was locked to prevent booting from USB or CD.All BIOS settings were locked with a password.pcileech/DMA attacks were blocked because Intel’s VT-d BIOS setting was enabled.After we did our reconnaissance of the laptop (BIOS settings, normal boot operation, hardware details, etc) we noted a lot of best practices were being followed, negating many common attacks. Once the laptop came in, we opened the shipping box and got to work. We didn’t get any information about this laptop, no test credentials, no configuration details, no nothing, it was a 100% blackbox test. We received a Lenovo laptop preconfigured with the standard security stack for this organization.
0 kommentar(er)
