I didn't see Ben forward this himself, but it's definitely relevant to
the discussion of malware hiding in hardware:

"Without needlessly boring everyone with the various steps allow me to
share an interesting observation: drivers often assume the hardware is
misbehaved but never malicious. It is fascinating to discover what can
be done by making the hardware malicious.


3) from 1 & 2 above, after about two years, I've reached my goal of
   writing a totally transparent firewall bypass engine for those
   firewalls which are PC-based: you simply overwrite the firmware in
   both NICs and then perform PCI-to-PCI transfers between the two
   cards for suitably formatted IP packets (modern NICs have IP
   "offload engines" in hardware and therefore can trigger on incoming
   and outgoing packets). The "Jedi Packet Trick" (sorry, couldn't
   resist) fools, amongst others, CheckPoint FW-1, Linux-based
   Strongwall, etc. This is of course obvious as none of them check
   PCI-to-PCI transfers,

4) I have extended the technique to provide VM escape support: one
   writes packets from a bridged guest into the network which
   initiates the NIC firmware update, updates the firmware and then
   the NIC firmware is used to inject code into the underlying VM
   host. The requirement to write to the network is then dropped as
   all that is required is the pivoting in the NIC firmware.


                                - Adam

** Expert Technical Project and Business Management
**** System Performance Analysis and Architecture
****** [ http://www.adamfields.com ]

[ http://www.morningside-analytics.com ] .. Latest Venture
[ http://www.confabb.com ] ................ Founder
[ http://www.aquick.org/blog ] ............ Blog
[ http://www.adamfields.com/resume.html ].. Experience
[ http://www.flickr.com/photos/fields ] ... Photos
[ http://www.aquicki.com/wiki ].............Wiki

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to