Into the unknown: how to detect BIOS-level attackers (slides), and Copernicus (free program)

From https://www.virusbtn.com/conference/vb2014/abstracts/LM6-Kovah-etal.xml:

From http://www.mitre.org/capabilities/c...og/copernicus-question-your-assumptions-about:

 

Copernicus 2

 

Slides "PC Firmware Attacks, Copernicus, and You" - hxxp://conference.auscert.org.au/gfx/speakers/presentation-slides/1425_xeno_kovah.pdf .

 

Related: BIOS and other firmware security

 

I tried Copernicus v1 Aug 7 2014. The BIOS dump worked fine. I have no reference BIOS to compare it with though. I always got error "No valid CSV files found" when I ran Protections.py.

Some might find Copernicus tutorial hxxp://alexandreborgesbrazil.files.wordpress.com/2014/04/malware_attack_bios.pdf useful.

 

By the way, Python doesn't need to be installed to do the dump.

 

If anyone's wondering why I used Copernicus v1 instead of Copernicus v2, it's because my computer doesn't have a TPM chip, which Copernicus v2 requires if I am not mistaken. It's probably better to use Copernicus v2 than Copernicus v1 because Copernicus v1 can be induced to output lies, as a paper in the link in post #2 mentions.

If anyone's interested in using this thread as a public repository of BIOS hash values, please list your computer model, BIOS version, and BIOS hash.