最近のすべてのIntelのマザーボードのチップセットに組み込まれた専用マイクロコントローラであるIntel Management Engine(ME)はシステム電源がオフの場合でもメインCPUから独立して動作しネットワークインターフェースへの専用接続を持っている。その構造分析と攻撃を受ける可能性および対策について解説。 インテルマネージメントエンジン（"ME")は最近のインテル系マザーボードチップセットに組み込まれてる専用のマイクロコントローラです。 マザーボードのメインのCPUから完全に独立しており、システムが稼働していなくとも稼働でき、 ネットワークインターフェイスへの専属のコネクションを持っている為メインの CPUとインストールされているOSを回避するout-of-bound通信が可能です。 従来の目的に関連する管理タスクの処理だけに止まらず、Intel Identity Protection Technology(IPT)、Protected Audio-Video Path、Intel Anti-Theft, Intel TPM, NFC 通信などの様々な機能を実装しています。 現在、 このマイクロコントローラがどのように動くかについて関する情報は非常に少なく、本プレゼンテーションでは情報のギャップを埋める共に低レイヤーに関する詳細について話す予定です。 イゴール・スコチンスキー - Igor Skochinsky イゴール・スコチンスキーは、世界的に有名なInteractive DissasemblerとHex-Rays Decompilerの主要開発者の1人として活躍中。 2008年にHex-Raysと合流する以前 からリバースエンジニアリングに興味を持ち、iTunesのDRMを解除するQTFairUse6と初期のアマゾンキンドル端末のハックで名声を得る。 Recon,Breakpointと Hack.LUなどにて講演。

1. ME
Igor Skochinsky
Hex-Rays
CODE BLUE 2014
Tokyo

2. 2(c) 2014 Igor Skochinsky
! ME
!
! ME
!
!
!

3. 3(c) 2014 Igor Skochinsky
! 15
! IDA
! 2008 Hex-­‐Rays
! IDA (
)
! ( Kindle
Sony
Reader)
! PC (BIOS,
UEFI,
ME)
! reddit.com/r/ReverseEngineering/

4. 4(c) 2014 Igor Skochinsky
ME:
! ( )
!
(GMCH,
PCH,
MCH)
! BIOS CPU
!
( CPU )
!
CPU

5. 5(c) 2014 Igor Skochinsky
ME:
Credit: Intel 2009

6. 6(c) 2014 Igor Skochinsky
ME:
OS
! HECI
(MEI):
Host
Embedded
Controller
Interface;
PCI
! SOAP ;
HTTP
HTTPS

7. 7(c) 2014 Igor Skochinsky
ME:
ME
! (AMT):
KVM
! :
/
! IDE (IDE-­‐R) LAN
(SOL):
OS CD/
HDD PC
! :
2
(OTP)
! :
PIN

8. 8(c) 2014 Igor Skochinsky
ME:
!
PC
” ” PC
! 3G SMS
! HDD
!

9. 9(c) 2014 Igor Skochinsky
ME:

10. 10(c) 2014 Igor Skochinsky
ME:
! ( )
!
! HECI
! AMT
SDK
! Linux
;
coreboot
! BIOS
! ME
BIOS
! ME

11. 11(c) 2014 Igor Skochinsky
ME
! ME
!
FTP
!
!
!
:)

12. 12(c) 2014 Igor Skochinsky
FSP
! 2013
!
! Intel
!
HM76/QM77
!
ME
http://www.intel.com/content/www/us/en/intelligent-systems/intel-firmware-support-package/intel-fsp-
overview
"confidential“
:)

13. 13(c) 2014 Igor Skochinsky
SPI
! SPI BIOS ME GbE
! BIOS( OS) ME
! Descriptor
ME
! Descriptor

14. 14(c) 2014 Igor Skochinsky
ME
! ME
!

15. 15(c) 2014 Igor Skochinsky
ME
! “ "
!
RSA

16. 16(c) 2014 Igor Skochinsky
ME
!
2
! Gen
2:
Intel
5
Series( Ibex
Peak)
Gen 1 Gen 2
ME versions 1.x-5.x 6.x-9.x
Core ARCTangent-A4 ARC 600(?)
Instruction set ARC (32-bit) ARCompact (32/16)
Manifest tag $MAN $MN2
Module header tag $MOD $MME
Code compression None, LZMA None, LZMA, Huffman

17. 17(c) 2014 Igor Skochinsky
ME
Module name Description
BUP Bringup (hardware initialization/configuration)
KERNEL Scheduler, low-level APIs for other modules
POLICY Secondary init tasks, some high-level APIs
HOSTCOMM Handles high-level protocols over HECI/MEI
CLS Capability Licensing Service – enable/disable
features depending on SKU, SKU upgrades
TDT Theft Deterrence Technology (Intel Anti-Theft)
Pavp Protected Audio-Video Path
JOM Dynamic Application Loader (DAL) – used to
implement Identity Protection Technology (IPT)

18. 18(c) 2014 Igor Skochinsky
ME:
ROM
!
ROM
!
!
! ME
"ROMB"

19. 19(c) 2014 Igor Skochinsky
ME:
ROM
! ROM
!

20. 20(c) 2014 Igor Skochinsky
ME:
ROM
! ME
! ROMB

21. 21(c) 2014 Igor Skochinsky
ME:
ROM
! ROMB ROM
! ROM :
! C (memcpy,
memset,
strcpy )
! ThreadX
RTOS
! API
! ROM
! FTPR BUP
! BUP KERNEL
:(

22. 22(c) 2014 Igor Skochinsky
ME:

23. 23(c) 2014 Igor Skochinsky
ME:
! ME
! : ME RSA
ROM
“During the design phase, a Firmware Signing Key (FWSK) public/private pair is
generated at a secure Intel Location, using the Intel Code Signing System. The
Private FWSK is stored securely and confidentially by Intel. Intel AMT ROM
includes a SHA-1 Hash of the public key, based on RSA, 2048 bit modulus
fixed. Each approved production firmware image is digitally signed by Intel with
the private FWSK. The public FWSK and the digital signature are appended to
the firmware image manifest.
At runtime, a secure boot sequence is accomplished by means of the boot ROM
verifying that the public FWSK on Flash is valid, based on the hash value in
ROM. The ROM validates the firmware image that corresponds to the manifest’s
digital signature through the use of the public FWSK, and if successful, the
system continues to boot from Flash code.”
“Architecture Guide: Intel® Active Management Technology”, 2009

24. 24(c) 2014 Igor Skochinsky
ME: (UMA)
! ME
RAM
(UMA) (MCU
)
! ME BIOS
CPU
! 2009 Invisible
Things
Lab
! ...

25. 25(c) 2014 Igor Skochinsky
ME:
UMA
!
UMA
! #1:
BIOS MESEG
! [
...]
!
! UEFI
!
! :
! :
...

26. 26(c) 2014 Igor Skochinsky
ME:
UMA
! #2:
! DRAM UMA
! ...
: ME UMA
:
UMA

27. 27(c) 2014 Igor Skochinsky
ME:
UMA
! –
! –
! DDR3
“The memory controller incorporates a DDR3 Data
Scrambling feature to minimize the impact of excessive di/dt
on the platform DDR3 VRs due to successive 1s and 0s on
the data bus. [...] As a result the memory controller uses a
data scrambling feature to create pseudo-random patterns on
the DDR3 data bus to reduce the impact of any excessive di/
dt.”
(from Intel Corporation Desktop 3rd Generation Intel® Core™ Processor
Family, Desktop Intel® Pentium® Processor Family, and Desktop Intel®
Celeron® Processor Family Datasheet)

28. 28(c) 2014 Igor Skochinsky
ME:
UMA
! #3:
UMA
! UMA FPT 1
! FPT
! :
1)
32MB FPT BIOS 32MB
ME 16MB
2)
16MB FPT BIOS 16MB
16MB
!

29. 29(c) 2014 Igor Skochinsky
ME:
UMA
! #4:
! BIOS
! UEFI
"Setup" ( Breakpoint
2012 )
!
–

30. 30(c) 2014 Igor Skochinsky
ME:
UMA
! #5:
!
!
! ...

31. 31(c) 2014 Igor Skochinsky
! ME
!
! (SPS)
! BUP KERNEL
! #1:
BUP !
! KERNEL " " ...
! #2:
( )
! 2
!

32. 32(c) 2014 Igor Skochinsky
JOM
DAL
! JOM ME 7.1
! (DAL)
! ME ( )
!
( IPT)
! ME
! ...

33. 33(c) 2014 Igor Skochinsky
JOM
DAL
! :
! Java
Could
not
allocate
an
instance
of
java.lang.OutOfMemoryError
linkerInternalCheckFile:
JEFF
format
version
not
supported
com.intel.crypto
com.trustedlogic.isdi
Starting
VM
Server...

34. 34(c) 2014 Igor Skochinsky
JOM
DAL
! Java VM
! ME Base64 BLOB "oath.dalp"
!
! "Medal App"
! JOM "JEFF"
! JEFF Java
! Java
!

35. 35(c) 2014 Igor Skochinsky
JOM
DAL
! ...
! Java
...
.ascii
"Invalid
constant
offset
in
the
SLDC
instruction"

36. 36(c) 2014 Igor Skochinsky
JEFF
! JEFF
! J 2001
! ISO (ISO/IEC 20970)
!
!
!
!
!
!

37. 37(c) 2014 Igor Skochinsky
JEFF
! Python
! oath.dalp JEFF
!
! Java
! :
!
! UI ( )
!
!

38. 38(c) 2014 Igor Skochinsky
JEFF
! ( )
Class
com.intel.util.IntelApplet
private:
/*
0x0C
*/
boolean
m_invokeCommandInProcess;
/*
0x00
*/
OutputBufferView
m_outputBuffer;
/*
0x0D
*/
boolean
m_outputBufferTooSmall;
/*
0x04
*/
OutputValueView
m_outputValue;
/*
0x08
*/
byte[]
m_sessionId;
public:
void
<init>();
final
int
getResponseBufferSize();
final
int
getSessionId(byte[],
int);
final
int
getSessionIdLength();
final
String
getUUID();
final
abstract
int
invokeCommand(int,
byte[]);
int
onClose();
final
void
onCloseSession();
final
int
onCommand(int,
CommandParameters);
int
onInit(byte[]);
final
int
onOpenSession(CommandParameters);
final
void
sendAsynchMessage(byte[],
int,
int);
final
void
setResponse(byte[],
int,
int);
final
void
setResponseCode(int);

39. 39(c) 2014 Igor Skochinsky
IPT
!
! OATH :
package
com.intel.dal.ipt.framework;
public
class
AppletImpl
extends
com.intel.util.IntelApplet
{
final
int
invokeCommand(int,
byte[])
{
...
}
int
onClose()
{
...
}
int
onInit(byte[])
{
...
}
}

40. 40(c) 2014 Igor Skochinsky
IPT
! ME
!
!
! ...

41. 41(c) 2014 Igor Skochinsky
IPT
! C/C++, Java, .NET
API DLL
! DLL JHI
COM TCP/IP
! ME HECI/MEI
! ME JOM
! JOM
!
! out-of-
bound

42. 42(c) 2014 Igor Skochinsky
Trusted
Execu;on
Environment
! JOM Trusted Logic Mobility (
Trustonic) "Trusted Foundations"
Trusted Execution Environment (TEE)
:
Trusted Foundations

43. 43(c) 2014 Igor Skochinsky
Trusted
Execu;on
Environment
! Trusted Foundations
! ARM TrustZone
! GPL Trusted Foundations
!
! TrustZone ME/JOM
HECI/MEI
!

44. 44(c) 2014 Igor Skochinsky
Trusted
Execu;on
Environment
! GlobalPlatform (Trusted Logic Mobililty/
Trustonic ) TEE
! API (TEE
) API
! ME
http://www.globalplatform.org/specificationsdevice.asp

45. 45(c) 2014 Igor Skochinsky
! ME
! ME
! ROM BUP KERNEL
! API
! JEFF DAL/IPT
! ARC IDA 6.4 IDA 6.5

46. 46(c) 2014 Igor Skochinsky
!
! JEFF .class JEFF
!
! Linux
IPT
! EFFS
! ME
! EFFS
!
!

47. 47(c) 2014 Igor Skochinsky
!
!
!
! UMA
!
! ME
↔
!
! ;
!
...
!

48. 48(c) 2014 Igor Skochinsky
! BIOS
RE
! ME
! ME BIOS
! BIOS
! Nikolaj
Schlej UEFITool UEFI
hkps://github.com/NikolajSchlej/UEFITool
! Coreboot ME
!
! Open
Virtual
Plalorm
(www.ovpworld.org)
ARC600
ARC700(ARCompact )
!
!

49. 49(c) 2014 Igor Skochinsky
http://software.intel.com/en-us/articles/architecture-guide-intel-active-management-technology/
http://software.intel.com/sites/manageability/AMT_Implementation_and_Reference_Guide/
http://theinvisiblethings.blogspot.com/2009/08/vegas-toys-part-i-ring-3-tools.html
http://download.intel.com/technology/itj/2008/v12i4/paper[1-10].pdf
http://web.it.kth.se/~maguire/DEGREE-PROJECT-REPORTS/100402-Vassilios_Ververis-with-cover.pdf
http://www.stewin.org/papers/dimvap15-stewin.pdf
http://www.stewin.org/techreports/pstewin_spring2011.pdf
http://www.stewin.org/slides/pstewin-SPRING6-EvaluatingRing-3Rootkits.pdf
http://flashrom.org/trac/flashrom/browser/trunk/Documentation/mysteries_intel.txt
http://review.coreboot.org/gitweb?p=coreboot.git;a=blob;f=src/southbridge/intel/bd82x6x/me.c
http://download.intel.com/technology/product/DCMI/DCMI-HI_1_0.pdf
http://me.bios.io/
http://www.uberwall.org/bin/download/download/102/lacon12_intel_amt.pdf

50. 50(c) 2014 Igor Skochinsky
igor@hex-­‐rays.com
skochinsky@gmail.com