Speakers: bushing, marcan Is implementation the enemy of design? The Nintendo Wii game console has been one of the most popular of all time, selling almost as many units as all of its competitors combined. Despite being cheaper than the PS3 and Xbox360, it contains a sophisticated security architecture that withstood over a year of concerted effort to hack the device. The design itself is impressive; unfortunately, flaws in the implementation (both subtle and severe) render the device easily hacked, with little chance of recovery. 24C3 saw the first public demonstration of unsigned code running on the Wii. A year later, we will present full details of that attack and share the results of another full year of research. We will show the bugs that have been found, the reasons they may have existed, and what attempts the vendor has made to fix them. Gamers will probably find this talk interesting, but it will be most valuable for anyone who hacks on (or designs) embedded systems. Basic knowledge of crypto is assumed. We will have an area set up in the Hackcenter for those who want to learn more about this subject, before or after the presentation. More information about the 25th Chaos Communication Congress can be found via the Chaos Communication ... https://www.youtube.com/watch?v=DFvMsoBMIJk

Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube. ... https://www.youtube.com/watch?v=ZBEzWPIbh_Q

On modern Intel based computers there exists two powerful and protected code regions: the UEFI firmware and System Management Mode (SMM). UEFI is the replacement for conventional BIOS and has the responsibility of initializing the platform. SMM is a powerful mode of execution on Intel CPUs that is even more privileged than a hypervisor. Because of their powerful positions, SMM and UEFI are protected by a variety of hardware mechanisms. In this talk, Rafal Wojtczuk and Corey Kallenberg team up to disclose several prevalent vulnerabilities that result in SMM runtime breakin as well as arbitrary reflash of the UEFI firmware. In 2009 Rafal Wojtczuk and Alexander Tereshkin described the first publicly presented BIOS reflash exploit. Then in 2013 Corey Kallenberg presented the second instance of this class of vulnerability with an exploit targeting Dell BIOS. Now, in 2014, Rafal and Corey have joined forces to complete the destruction of the jedi^H^H BIOS. The UEFI firmware is normally the first code to execute on the CPU, putting it in a powerful position to subvert other components of the platform. Because of its security critical nature, the UEFI code resides on a flash chip that is protected against arbitrary writes via a number of chipset protection mechanisms. Besides initializing the platform and bootstrapping to an operating system, UEFI is also charged with instantiating the all powerful System Management Mode (SMM). SMM is neither readable or writeable by any other code on the platform. In fact, SMM has the ability to read and write hypervisor protected memory, but the converse is not true! These properties make SMM an ideal place to store a rootkit. Similar to the UEFI firmware, because of these security critical properties, there are hardware mechanisms that protect the integrity and confidentiality of SMM. This talk will explore attack surface against SMM and UEFI that has not previously been discussed. We will highlight a bug in one of the critical hardware protection mechanisms that results in a compromise of the firmware. We will also directly target a part of the UEFI specification that provides SMM exploitation opportunities. The vulnerabilities disclosed and their corresponding exploits are both prevalent among UEFI systems and reliably exploitable. The consequences of these vulnerabilities include hypervisor and TXT subversion, bricking of the victim platform, insertion of powerful rootkits, secure boot break, among other possibilities. ... https://www.youtube.com/watch?v=12NApRC8ZXc

Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube. ... https://www.youtube.com/watch?v=Q6DxZEt4u0M