wack0 / cve-2022-21894 Goto Github PK
View Code? Open in Web Editor NEWbaton drop (CVE-2022-21894): Secure Boot Security Feature Bypass Vulnerability
License: The Unlicense
baton drop (CVE-2022-21894): Secure Boot Security Feature Bypass Vulnerability
License: The Unlicense
Hi,
is there source code available for the payload provided in the 19041 iso with the hvloader exploit? (the one that prints a message to the screen)
I came across this one but obviously the offsets are going to be all different.
Please take a look .
#4 (comment)
When using my own bitlocker VHD for the poc I recieve error status 0xC0210000/STATUS_FVE_LOCKED_VOLUME at boot. The reason is: 'The operating system couldn't be loaded because the BitLocker key required to unlock the volume wasn't loaded correcty'. I used 'manage-bde -on E:' on the vhd so that it is encrypted but there are no key protectors like with your vhd. The patch with your fve tool also seems successful. How can this be fixed? I'm using win 11 to prepare the vhd.
Hi, I'm trying this on a VM running Win 10 19045 using an older version of bootmgfw from 2020 as recommended in #1.
(Almost) similar to that post, I had:
bcdedit /import ESP:\BCD
(I could not delete the boot directory BCD because it was "opened by another process")shutdown -r -t 0
However, I still got 0xC00004B4 from trying to launch \minram\bootmgr.efi. Do you have any ideas? I cannot seem to find any reference to this error code when decompiling bootmgfw, is this not thrown by it?
I've been testing your poc using qemu with a vdi file created from VBox Win10 19041 machine. When it got to the execution of "\maxram\hvloader.efi", in the function HvlpSLATPresent
, my cpu is checked against Second Level Address Translation:
and it failed:
which make the caller quit without continuing loading up the dll payload mcupdate_*.dll
and further is Windows OS:
My guess is my cpu just not suitable for this POC. I'm using "Intel64 Family 6 Model 165 Stepping 3 GenuineIntel ~2904 Mhz" for the host machine. You have any idea?
If the problem is really my cpu, is there any other efi file that loads a DLL which I could code my payload (like hvloader.efi
loading mcupdate.dll
)?
How can I utilize this proof-of-concept (PoC)?
The PoC, named "poc_amd64_19041.iso," serves the purpose of creating a bootable USB drive.
That is working . it is printing Baton drop text.
However, I encounter a limitation: the content of the ISO file is read-only, making it impossible to modify.
When attempting to compile the provided source code, it results in the generation of a ".dll" file rather than the intended ".iso" file.
Please guide me.
thanks****
Hello,
I apologize if this is a foolish question to ask, but it is not very clear to me how the PoCs provided in this repo can be installed. Is there a script available for this? Why exactly are there 3 different PoCs? This is not explained in the 'Included files' readme section.
For the poc_amd64_19041 I tried the following on latest Win10:
This causes an error and prevents successful boot (File: \minram\bootmgr.efi; Status: 0xc00004b4). The meaning of this status seems to be STATUS_FILE_NOT_SUPPORTED.
Regards
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.