andigandhi
Issues Testing on Real Devices
Have you been able to successfully exploit on real devices (not QEMU). I am having issues finding the VMK in the memory utilizing either exploit or run-exploit inside of the alpine environment. I am testing on a Windows 11 22H2, with Bitlocker TPM + Numerical Passwords with PCR's 7 and 11. The exploit can find FVE headers, but it is then looping on these errors before kernel panicking after I let it loop for a while: "Not enough size 20,20 failed to find correct VMK addr: trying to find new base Version mismatch 52"
Any thoughts?
Well this looks like the VMK was not loaded in the memory from the TPM or it got deleted. The kernel panic is due to the memory scanner reaching the end of the memory...
How do you boot into the Alpine Linux? I had a very similar issue by directly booting from the UEFI into PXE boot. It only worked for me if I booted from the advanced startup menu into PXE.
I will try out another physical system as soon as possible.
Hmm interesting. I am going through the advanced startup menu, with the shift restart trick. I have ran it about 10ish times just in case I was running into a weird timing issue, but have yet to get any results. I may try another laptop just in case.
Going through your create_bcd.bat I did realize, I missed the following, do you think this may be causing an issue?:
bcdedit /store BCD_modded /displayorder {%REBOOT_GUID%} /addlast
Try to understand what the BCD does. Read the blog and watch the talk. That setting does indeed matter a lot.
Been working with @craigsblackie on this, we have tested
Dell Latitude E7250 - Failed, same problem as this issue Dell XPS 15 9530 p91f - Failed on first attempt, exploited without issue on 2nd attempt Lenovo T440 Core - Failed, but PCR7 could not be bound VMWare Workstation Win 11 and 10 Guests - Exploited without issue
Just tested it on a Dell Latitude 5411 with the latest Windows 11 and the exploit worked perfectly. However directly booting into shinx64 didn't work, so I had to manually grab the BCD file.
Would it be worth adding a file to the repo to document these successes/failures? Might save others some time as well help find the commonality between laptops where the exploit doesn't work.
Great idea, I already have a list on my PC and I will commit it as soon as the rework of the Alpine Initramfs by @code1997 and @antgres is done :)
Just worked first time on a Dell Precision 7510. 👍
However, booting with ./start-server get-bcd eth1 results in either errors or measured boot, requiring recovery key. Looks like using native Windows tooling from recovery terminal is still the best way to get BCD.
As an additional note, enabling the network stack in UEFI on the Dell did not result in a measured boot. When you consider that Dells by design have master UEFI passwords (You can use https://bios-pw.org/ or social engineer Dell support) then even if you have disabled networking, it may well be possible to enable and make a machine vulnerable again.
Measured Boot triggers are very plattform specific. Dell business devices have different settings for PXE and PXE from USB for example. Needs to be tested and can be different for each plattform.
I ran an internal training course on exploiting this issue. We exploited a whole bunch of devices, including a DELL PRECISION 7550 and a HP Elite Book 830. Seeing a continuing trend of this exploit more likely to work on new and high end enterprise laptops. I suspect that is down to them supporting TPM 2.0 and PCRs 7 and 11.
Somehow I managed to convince a local laptop repair store to let me bit pixie a bunch of their used devices on the promise I would buy the ones that were vulnerable. The following laptops all worked with first time, no issues whatsoever.
- Dell Latitude 3500
- Dell Latitude 3520
- HP Elitebook 840 G4
It couldn't find the key on:
- HP Elitebook 830 G6