[Vuln] [Intel SA-00125] 인텔 펌웨어 취약점
by 담배맛구마Intel ME 취약점이 또나와버렸다. 11버전에 대해서만 해당되어 범위는 작지만 인텔 칩셋을 워낙 많이쓰고 있고 앞으로도 그럴것같아 취약대상인지 확인하는 스크립트틀 만들어보자.
취약대상 인지 확인하려면 해당 장비의 Intel ME 버전을 확인해야 한다. 하지만 메인보드 칩셋에 내장되어 있기에 직접적으로 확인하기가 쉽지가 않다. 간접적으로 확인하는 방법을 생각해봤을때 다음과 같이 기적의 논리가.. 성립된다.
Case1) 메인보드모델명 → 메인보드칩셋 시리즈 추측 → Intel ME 메이저 버전 추측
• ① 메인보드모델명 : H110M-DS2V-CF
• ② 메인보드칩셋시리즈 : H110M → 100 Series
• ③ Intel ME 메이저 버전 : 10.x 이상
Case2) 장치 관리자 정보 → 메인보드칩셋 시리즈 추측 → Intel ME 메이저 버전 추측
• ① 장치 관리자 정보 : Intel로 시작하는.. 무언가들을 추출한다.
re.compile('Intel\\(R\\) (?P.+ Series)/(?P.+ Series) Chipset Family')
• ② 메인보드칩셋시리즈 : 100 Series/C230 Sries (C230은 서버용 칩셋)
• ③ Intel ME 메이저 버전 : 10.x 이상
Case1의 경우 HP, Dell 장비의 경우 적용이 불가한데 메인보드명이 18E4, 18E7 등으로 추측이 불가능하게 되어 있다.
1. 메인보드 제조사와 모델명 확인
- WMI(Win32_BaseBoard)를 통해 확인
2. 인텔 ME 드라이버 설치 여부 확인
- 장치 관리자에서 관련 드라이버 있는지 확인
3. 인텔 칩셋 시리즈 확인
- Case1) 메인보드 모델명을 통한 확인
- Case2) 장치 관리자에 있는 인텔 관련 드라이버 이름값으로 확인
4. 인텔 ME 드라이버 미설치시에 인텔 칩셋 시리즈값을 통한 인텔 ME 드라이버 설치
import wmi
import re
import subprocess
import zipfile
import platform
intelChipset = {
# Intel Consumer Chipsets
'300 Series' : ['B360','H370','H310','Q370','Z390','Z370','HM370','QM370'],
'200 Series' : ['X299','Z270','Q270','H270','Q250','B250'],
'100 Series' : ['Z170','Q170','H170','Q150','B150','H110','HM175','QM175','HM170','QM170'],
'9 Series' : ['X99','Z97','H97'],
'8 Series' : ['Z87','Q87','H87','Q85','B85','H81','HM87','QM87','HM86'],
'7 Series' : ['X79','Z77','Q77','H77','Z75','Q75','B75','HM77','QM77','UM77','QS77','HM76','HM76','HM70'],
# Intel Server Chipsets(without Intel Communications Chipsets)
'C620 Series' : ['C629','C628','C627','C626','C625','C624','C622','C621'],
'C610 Series' : ['C612'],
'C600 Series' : ['C608','C606','C604','C602J','C602'],
'C400 Series' : ['C400'],
'C240 Series' : ['C246','CM246'],
'C230 Series' : ['CM238','CM236','C236','C232'],
'C220 Series' : ['C226','C224','C222'],
'C210 Series' : ['C216'],
'C200 Series' : ['C206','C204','C202']
}
intelMEdriverInstallFile = {
'v12.0_Win8-10' : '.\\Driver\\Intel MEI Driver INF v1828.12.0.1152 (Win8 & Win10).zip',
'v12.0_Win7' : '.\\Driver\\Intel MEI Driver INF v1828.12.0.1152 (Win7).zip',
'v11.7_Win8-10' : '.\\Driver\\Intel MEI Driver INF v11.7.0.1057 (Win8 & Win10).zip',
'v11.7_WinXP-7' : '.\\Driver\\Intel MEI Driver INF v11.7.0.1057 (WinXP & Win7).zip',
'v11.0_WinXP-10' : '.\\Driver\\Intel MEI Driver INF v11.0.5.1189 (WinXP - Win10).zip'}
class SystemInfo():
def __init__(self):
self.w = wmi.WMI(find_classes=False)
self.systeminfo = {
'mainboardProduct' : False,
'mainboardManufature' : False,
'intelChipsetSeries' : False,
'intelChipset' : False,
'flagIntelMEDriverInstall' : False,
'intelMEDriverVersion' : False
}
# Get mainboard info by wmi(Win32_BaseBoard).
ret = self.getMainBoardInfo()
if ret:
self.systeminfo['mainboardProduct'], self.systeminfo['mainboardManufature'] = ret
# Get intel Chipset info by self.mainboardProduct or wmi(Win32_PnPEntity).
ret = self.getIntelChipsetInfo()
if ret:
self.systeminfo['intelChipsetSeries'], self.systeminfo['intelChipset'] = ret
# Get intel ME Driver info by wmi(Win32_PnPSignedDriver).
ret = self.getIntelMEDriverInfo()
if ret:
self.systeminfo['flagIntelMEDriverInstall'] = True
self.systeminfo['intelMEDriverVersion'] = ret
def getMainBoardInfo(self):
try:
baseboard = self.w.Win32_BaseBoard(['Manufacturer','Product'])[0]
return (baseboard.wmi_property('Product').value, baseboard.wmi_property('Manufacturer').value)
except Exception as e :
print('[-] Error in .\n\t' + e.__str__())
return False
def getIntelChipsetInfo(self):
if self.systeminfo['mainboardProduct']:
for chipsetSeires in intelChipset.keys():
for chipset in intelChipset[chipsetSeires]:
if chipset in self.systeminfo['mainboardProduct']:
return (chipsetSeires, chipset)
else:
try:
result = self.w.query('SELECT Name FROM Win32_PnPEntity WHERE Name LIKE "Intel(R) % Series Chipset Family%"')
regChipset = re.compile('Intel\\(R\\) (?P.+ Series)/(?P.+ Series) Chipset Family')
if result:
for r in result:
reg = regChipset.search(r.wmi_property('Name').value)
if reg:
return (reg.group('series1'), 'Unknown')
#return = '{}/{}'.format(reg.group('series1'), reg.group('series2'))
except Exception as e:
print('[-] Error in .\n\t' + e.__str__())
return False
def getIntelMEDriverInfo(self):
try:
result = self.w.query('SELECT DriverVersion FROM Win32_PnPSignedDriver WHERE DeviceName LIKE "Intel(R) Management Engine Interface%"')
if result:
return result[0].wmi_property('DriverVersion').value
except Exception as e :
print('[-] Error in .\n\t' + e.__str__())
return False
def briefing(self):
try:
if self.systeminfo['mainboardProduct'] and self.systeminfo['mainboardManufature']:
print('[+] Mainboard : {}({})'.format(self.systeminfo['mainboardProduct'], self.systeminfo['mainboardManufature']))
else:
print('[-] Mainboard : IDK!!')
if self.systeminfo['intelChipsetSeries'] and self.systeminfo['intelChipset']:
print('[+] Intel Chipset : {}({})'.format(self.systeminfo['intelChipsetSeries'], self.systeminfo['intelChipset']))
else:
print('[-] Intel Chipset : IDK!!')
if self.systeminfo['flagIntelMEDriverInstall'] and self.systeminfo['intelMEDriverVersion']:
print('[+] Intel ME Driver : Already Installed(v{})'.format(self.systeminfo['intelMEDriverVersion']))
else:
print('[+] Intel ME Driver : Need to Install')
except Exception as e :
print('[-] Error in .\n\t' + e.__str__())
return False
class intelME(SystemInfo):
def __init__(self):
super().__init__()
self.briefing()
if not self.systeminfo['flagIntelMEDriverInstall']:
if self.systeminfo['intelChipsetSeries']:
self.installMEDriver(self.systeminfo['intelChipsetSeries'])
else:
print('[-] Fail to install ME Driver.')
def installMEDriver(self, chipsetSeries):
def install(target):
zf = zipfile.ZipFile(target)
zf.extractall(target.split('.zip')[0])
try:
subprocess.check_output('pnputil -i -a "{}\\*.inf"'.format(target.split('.zip')[0]), shell=True)
print('\t[*] Success to instsall Intel ME Drvier!')
except Exception as e:
if e.returncode == 259:
pass
elif e.returncode == 5:
print('\t[-] Error in . Need administator privilege. \n\t' + e.__str__())
else:
print('\t[-] Error in . \n\t' + e.__str__())
finally:
rescanDeviceManager()
def rescanDeviceManager():
try:
output = subprocess.Popen('.\\Tools\\Devcon\\devcon.exe rescan', shell=True, stdout=subprocess.PIPE)
out, err = output.communicate()
string = out.decode('cp949').split('\r\n')
print('[*] {}\n[*] {}'.format(string[0], string[1]))
except Exception as e:
print('\t[-] Error in . \n\t' + e.__str__())
print('\t[*] Try to instsall Intel ME Drvier...')
os = platform.platform()
# Install (CS)ME >= 10 --> v12.0 driver
if chipsetSeries in ['300 Series', '200 Series', '100 Series']:
if 'Windows-7' in os:
install(intelMEdriverInstallFile['v12.0_Win7'])
elif 'Windows-8' in os or 'Windows-10' in os:
install(intelMEdriverInstallFile['v12.0_Win8-10'])
else:
print('[-] Fail to install Intel ME Driver. {} is not supported.'.format(os))
# Install ME 9 --> v11.7 driver
elif chipsetSeries in ['9 Series']:
if 'Windows-XP' in os or 'Windows-7' in os:
install(intelMEdriverInstallFile['v11.7_WinXP-7'])
elif 'Windows-8' in os or 'Windows-10' in os:
install(intelMEdriverInstallFile['v11.7_Win8-10'])
else:
print('[-] Fail to install Intel ME Driver. {} is not supported.'.format(os))
# Install ME 7-8 --> v11.0 driver
elif chipsetSeries in ['8 Series', '7 Series']:
if 'Windows-XP' in os or 'Windows-7' in os or 'Windows-8' in os or 'Windows-10' in os:
install(intelMEdriverInstallFile['v11.0_WinXP-10'])
else:
print('[-] Fail to install Intel ME Driver. {} is not supported.'.format(os))
else:
print('[-] Fail to install Intel ME Driver. {} is not supported.'.format(chipsetSeries))
if __name__ == '__main__':
obj = intelME()
Output>
[+] Mainboard : H110M-DS2V-CF(Gigabyte Technology Co., Ltd.)
[+] Chipset : 100 Series
[+] Intel ME Driver : Already Installed(v1815.12.0.2021)
[Finished in 0.8s]
반응형
'Secu-' 카테고리의 다른 글
| [Vuln] [Intel SA-00086] 인텔 펌웨어 취약점 (0) | 2018.07.29 |
|---|---|
| [Vuln] .Net Framework Update (0) | 2017.09.22 |
| overthewire : NATAS (2) | 2016.05.22 |
| overthewire.org : Bandit (0) | 2016.01.17 |
| 유무선공유기 DNS 변조 발견과 대처 (0) | 2015.04.07 |
블로그의 정보
정윤상이다.
담배맛구마