Download our 2024 Annual Research Report
Enumerating System Management Interrupts
System Management Interrupts (SMI) provide a mechanism for entering System Management Mode (SMM) which primarily implements platform-specific functions related to power management. SMM is a privileged execution mode with access to the complete physical memory of the system, and to which the operating system has no visibility. This makes the code running in SMM an […]
Cross-Execute Your Linux Binaries, Don’t Cross-Compile Them
Lolbins? Where we’re going, we don’t need lolbins. At NCC Group, as a consultant in our hardware and embedded systems practice1, I often get to play with various devices, which is always fun, but getting your own software to run on them can be a bit of a pain.This article documents a few realisations and […]
Ghidra nanoMIPS ISA module
Introduction In late 2023 and early 2024, the NCC Group Hardware and Embedded Systems practice undertook an engagement to reverse engineer baseband firmware on several smartphones. This included MediaTek 5G baseband firmware based on the nanoMIPS architecture. While we were aware of some nanoMIPS modules for Ghidra having been developed in private, there was no […]
Puckungfu 2: Another NETGEAR WAN Command Injection
A story on finding a zero day attacking the NETGEAR WAN interface after a last minute patch for Pwn2Own 2022, involving a command injection, predicting random numbers, boot timing and voltage supply variations.
Technical Advisory: Sonos Era 100 Secure Boot Bypass Through Unchecked setenv() call
Vendor: Sonos Vendor URL: https://www.sonos.com/ Versions affected: * Confirmed 73.0-42060 Systems Affected: Sonos Era 100 Author: Ilya Zhuravlev Advisory URL: Not provided by Sonos. Sonos state an update was released on 2023-11-15 which remediated the issue. CVE Identifier: N/A Risk: High Summary Sonos Era 100 is a smart speaker released in 2023. A vulnerability exists […]