Into the unknown: how to detect BIOS-level attackers (slides), and Copernicus (free program)

Discussion in 'other anti-malware software' started by MrBrian, Oct 2, 2014.

  1. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    From https://www.virusbtn.com/conference/vb2014/abstracts/LM6-Kovah-etal.xml:
    From http://www.mitre.org/capabilities/c...og/copernicus-question-your-assumptions-about:
     
  2. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  3. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Slides "PC Firmware Attacks, Copernicus, and You" - hxxp://conference.auscert.org.au/gfx/speakers/presentation-slides/1425_xeno_kovah.pdf .
     
  4. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  5. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    I tried Copernicus v1 Aug 7 2014. The BIOS dump worked fine. I have no reference BIOS to compare it with though. I always got error "No valid CSV files found" when I ran Protections.py.

    Some might find Copernicus tutorial hxxp://alexandreborgesbrazil.files.wordpress.com/2014/04/malware_attack_bios.pdf useful.
     
  6. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    By the way, Python doesn't need to be installed to do the dump.
     
  7. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    If anyone's wondering why I used Copernicus v1 instead of Copernicus v2, it's because my computer doesn't have a TPM chip, which Copernicus v2 requires if I am not mistaken. It's probably better to use Copernicus v2 than Copernicus v1 because Copernicus v1 can be induced to output lies, as a paper in the link in post #2 mentions.

    If anyone's interested in using this thread as a public repository of BIOS hash values, please list your computer model, BIOS version, and BIOS hash.
     
Loading...