Manouchehri

Recovering the BIOS password from a Panasonic CF-U1 mk2 (AMI Aptio UEFI)

A mess of my own making

While messing with a CF-U1 handheld PC that I bought off ebay I managed to mess up the BIOS and it seems it reverted to previous settings which included an unknown BIOS password, it would however still boot into windows. Since I could still boot windows I was able to dump the bios flash using AFUWINGUI.EXE the version I used was 3.09.03.1462 which is available here:
https://ami.com/en/?Aptio_4_AMI_Firmware_Update_Utility.zip

Manouchehri

#include <android/log.h>
#include <jni.h>
#include <binder/Binder.h>
#include <binder/Parcel.h>
#include <binder/IServiceManager.h>
#include <dlfcn.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>

Manouchehri

Physical layer

The dongle itself is sending out data using 802.11a (5 GHz WiFi) with OFDM and 6 Mbit/s data rate:

Radiotap Header v0, Length 38
    Header revision: 0
    Header pad: 0
    Header length: 38
    Present flags

Manouchehri

|=-----------------------------------------------------------------------=|
|=-------------=[ 3 Years of Attacking JavaScript Engines ]=-------------=|
|=-----------------------------------------------------------------------=|
|=------------------------------=[ saelo ]=------------------------------=|
|=-----------------------------------------------------------------------=|

The following are some brief notes about the changes that have taken place
since the release of the "Attacking JavaScript Engines" paper [1]. In
general, no big conceptional changes have happened since. Mitigations have
been added to break some of the presented techniques and, as expected, a

Manouchehri

#!/usr/bin/env python

import os
import sys
import os.path
import site

try:
    import binaryninja
    print "Binary Ninja API Installed"

Manouchehri

meta:
  id: linked_list
  endian: le
seq:
  - id: entries
    size: 8
    type: entry
    repeat: until
    repeat-until: _.next == 0
types:

Manouchehri

SWITCH=$1
OPERATION=$2

if [ "$SWITCH" = "" ] || [ "$OPERATION" = "" ]; then
	echo "Enable/disable LLDP on vSwitch"
	echo ""
	echo "USAGE:"
	echo "$0 <vSwitch> <operation>"
	echo "Examples: "
	echo "Enable LLDP: $0 vSwitch0 1"

Manouchehri

# lldb debugging v8-related functionality in Node.js
# =========================================================

# lldb re-write of user-defined V8 debugging functions
# https://github.com/v8/v8/blob/master/tools/gdbinit

#allow the file to be read when lldb starts (set to false to ignore it)
settings set target.load-cwd-lldbinit true

# Print HeapObjects.

Manouchehri

# lldb debugging v8-related functionality in Node.js
# =========================================================

# lldb re-write of user-defined V8 debugging functions
# https://github.com/v8/v8/blob/master/tools/gdbinit

#allow the file to be read when lldb starts (set to false to ignore it)
settings set target.load-cwd-lldbinit true

# Print HeapObjects.

Manouchehri

My First PANDA

Introduction

Being someone who tries to play a lot with Windows memory, I really wanted to play with PANDA, but I was slightly scared because I'd never touched qemu before - all my experience had been with VirtualBox and VMware.

My goal was to install PANDA into a (relatively) clean install of Debian 8 'Jessie', capture a recording and successfully run a PANDA plugin.

1. Get PANDA