Understand how a malicious DSDT can tamper with a running kernel! Green Computing - The Challenge(s) It is possible to find all the operators and their signatures.Īt this point you should have all the basics to understand theĬhallenges, so if you are enjoying this post read further to Resembles "higher-level" programming languages: we have variableĭeclaration ( Name), if statements, for and while loop. Which finally contains "non declarative" ASL code. Inside each of this declarations we can find Methods, Then a number of Scopes and Devices are declared, in a tree-like To be quite important, but more on this later). This block contains the filename where the compiled version of theĭSDT will be placed, the "DSDT" signature and revision, and a number ofįields that contains information about the vendor (which turned out Here isĭefinitionBlock ( "acpi-dsdt.aml", // Output Filename The ACPI subsystem in the very early stages of kernel startup. If you check you kernel logs, you can see these tables are loaded by The user supplied DSDT can both be embedded inside the kernelīinary during compilation, but also placed under Their own DSDTs - since the one contained in the firmware might beīuggy. This standard and it also gives the users the possibility to load Machine (!), and it is used, for example, during the initialization ofĮven if this whole mechanism has been defined "a complete designĭisaster in every way" by its creator, the Linux kernel well supports This bytecode is run by the kernel inside a virtual Its supplementaries Secondary System Descriptor Table (SSDT) - as wellĪs being declarative, can also contains ACPI machine language byteĬode ( AML). Of them - the Differentiated System Description Table ( DSDT) and These tables generally contain only configuration data. Turns contains pointer to all the other tables ( FADT, MADT,ĭSDT.). From here, the kernel isĪble to locate the Root System Description Table ( RSDT) which in The firmware passes to the kernel the Root System Description Pointer Which are passed to the kernel by the firmware.
Used by operating systems to discover and configure peripherals, butĪlso to perform power management. The Advanced Configuration and Power Interface is an open standard,
"malicious" Advanced Configuration and Power Interface ( ACPI)ĭifferentiated System Description Table ( DSDT) to elevate privileges Even though Green Computing was divided in several standaloneĬhallenges, the core idea is shared amongst all of them: implement a In this post we will discuss our solutions for the Green ComputingĬhallenges. Huge congratz to hxp for hosting such amazing CTF! Green Computing - Intro (completely unexpected for us as well) we ranked 1st! As team NOPS we took part to hxp CTF 2018 last weekend and
0 kommentar(er)
