INTEL ME: FLASH FILE SYSTEM EXPLAINED
Black Hat EU 2017
Talk by: Dmitry Sklyarow of Positive Technologies
Dmitry Sklyarov is Head of Reverse Engineering at Positive Technologies. He is Former Security Researcher at Elcomsoft and a lecturer at Moscow State Technical University. He researched the security of eBooks, authentication of digital photos and smartphone forensics. His work has been presented at many conferences, including Black Hat EU/UAE, Confidence, Troopers.
What is the Intel ME?
The management engine is produced by Intel originally released as Advance Management Technology. Almost all servers produced by Intel int he last 5 years have the technology on board. It runs on a separate processor, not no the main CPU, but it can communicate with all the hardware. It is on as long as the machine is plugged into power. It can send and receive network traffic too without this traffic being visible to the OS. The management engine has the highest level of control over the entire stack.
Notes about the Flash File System design
On modern computers flash chips contain the code for the Bios, the Management Engine and software for cards like the network card. On of the regions in this Flash memory contain a MFS partition which is likely the Management Engine File System.
Flash file systems need to take into account the characteristics for flash. Bits can be set from 0 to 1 individually, but can only be set from 1 to 1 in pages of 8K. This wears down the flash memory chips so the this wear needs to be spread evenly. There are quite a number of flash file systems available that take these characteristics into account.
MFS Internals
Dmitry explians how the pages of the MFS memory is layed out.
- Page headers contain information that can be used for administrative tasks like wear leveling.
- In each page there are sevelar chuncks, which are the smallest data elements in the data.
- There are two kinds of pages, system pages and data pages. System pages are more complex then data pages, which are just used to store plain data.
Because of these complexities it requires some work to extract and reconstruct these memory areas.
The MFS confainst various files including a master configuration file which is protected with a SHA256 checksum so it cannot be manipulated. Other files also have encryption or HMAC to protect them. Additional anti-replay mechanisms are also in place for some files.
Dimitry then showed some dumps from the main configuration and other parts of the file system.
He also explains in depth the file integrity mechanisms used.
Security
Up to 10 keys are involved in FS Security.
There are two sets of keys Intel and non-Intel keys. They are divided into Integrity and confidentiality keys. These keys are tried to the SVN, the Security Version Number. Old keys are still stored in memory, for re-encrypting data when upgrading, but rolling back to an old version in impossible.
Intel ME chips conta special engines that handle AES, RSA and Hash?HMAC functions. They also have a secure key storage (SKS) which is only accessible for very specific modules in the ME.
These is an elaborate schema for key protection in place which can protect the keys quite well.
Final words
With physical access you could rewrite the IntelME file system, but you need to have the keys to generate a valid image.
If you can find a way to eploint data protected with a non-intel key, this key can be obtained and replicated.
Code
GitHub: ptresearch/unME11
This story was life blogged at Black hat EU 2017 in London. It is an attempt to cover the aterials on stage as they are presented and do not reflect the work or opinion of the author.
