Infecting BIOS from within the Windows

[Infinityexists]

Hello Everyone,


I wonder if there is any way that i could infect bios or change its setting from within the Windows environment,


I got a clue that it can be done using mssmbios.sys or bios.sys files but I am not able to find out more details about it,
I tried to execute mssmbios.sys to find more about it but i am getting an error,


The C:\Windows\System32\drivers\mssmbios.sys application cannot be run in Win32 mode




also I got this ,





this might me of somebody's interest.


if there is any way please help me out.
I am eager to know about it

[ande]

Not quite sure how it is done, but it for sure is possible. You could disassemble some bios update executable and see how it does it. I am also sure you can find something existing if you google enough.

EDIT: I guess this is interesting enough: http://www.phrack.org/issues.html?issue=66&id=7&mode=txt
EDIT2: Perhaps this too http://www.securelist.com/en/analysis/204792193/MYBIOS_Is_BIOS_infection_a_reality

[Axon]

What are the benefits behind this? Could this method allows you to change the privileges from user to admin?

[ca0s]

If you get to the ring 0 you can write anywhere anything you want. But maybe the BIOS is not the best place to infect. There are a lot of different BIOS and you will probably need to do specific things in each one, if you want to keep the system working normally.

@Axon: at that point there are not users and admins. But yes, if you get your code there, you can make Windows do whatever you want.

Has anyone tryed to do this? How do AV's react? It must be hard for them to detect those write operations made from kernel. You don't use any of the things they hook.

[Kulverstukas]

I remember older BIOS versions had an option for Virus protection - never understood what it does and how it works...

[ARC_rapture]

There are a dew vanrabilities via windows to BIOS due to the BIOS is very much in contact with the main current OS running, There was a vanrability with Ring 0 but i think that's for older BIOS. Finding it on google may be challenging but give it ago, If i find anything else i will keep in contact.

ARC_rapture

[ca0s]

There are a dew vanrabilities via windows to BIOS due to the BIOS is very much in contact with the main current OS running, There was a vanrability with Ring 0 but i think that's for older BIOS. Finding it on google may be challenging but give it ago, If i find anything else i will keep in contact.

ARC_rapture

Lolwut? A "vanrability" in ring 0?

[Infinityexists]

Not quite sure how it is done, but it for sure is possible. You could disassemble some bios update executable and see how it does it. I am also sure you can find something existing if you google enough.

EDIT: I guess this is interesting enough: http://www.phrack.org/issues.html?issue=66&id=7&mode=txt
EDIT2: Perhaps this too http://www.securelist.com/en/analysis/204792193/MYBIOS_Is_BIOS_infection_a_reality

second link might come handy
Thankyou

[Infinityexists]

What are the benefits behind this? Could this method allows you to change the privileges from user to admin?

benefits -> like setting a Bios Password so if the victim is completely noob he'd never be able to break into it :|
or changing the Boot Device setting (always boot with Floppy Rom/Removable Disc)
the possibilities are endless once you're get into it , but how to get into it this is the question

[ARC_rapture]

By vulnerability i mean to get with Ring 0

[Kulverstukas]

By vulnerability i mean to get with Ring 0

... and what is Ring-0?

[ca0s]

... and what is Ring-0?

The most privileged execution level of the microprocessor.