• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

AMIBIOS Source Code and AMI's UEFI Signing Key Leaked

btarunr

Editor & Senior Moderator
Staff member
Joined
Oct 9, 2007
Messages
38,241 (8.39/day)
Location
Hyderabad, India
Processor AMD Ryzen 7 2700X
Motherboard ASUS ROG Strix B450-E Gaming
Cooling AMD Wraith Prism
Memory 2x 16GB Corsair Vengeance LPX DDR4-3000
Video Card(s) Palit GeForce RTX 2080 SUPER GameRock
Storage Western Digital Black NVMe 512GB
Display(s) BenQ 1440p 60 Hz 27-inch
Case Corsair Carbide 100R
Audio Device(s) Creative Sound Blaster Recon3D PCIe
Power Supply Cooler Master MWE Gold 650W
Mouse ASUS ROG Strix Impact
Keyboard Microsoft Sidewinder X4
Software Windows 10 Pro
An FTP server in Taiwan that could be publicly accessed, leaked the source code of AMI Aptio UEFI BIOS, including AMI's unique UEFI signing test key. The utterly irresponsible act of holding such sensitive data on public FTPs is suspected to be committed by motherboard vendor Jetway. In doing so, the company may have compromised security of every motherboard (across vendors) running AMI Aptio UEFI BIOS. Most socket LGA1155 and FM2 motherboards, and some socket AM3+ motherboards run AMI Aptio.

Among the leaked bits of software include the source code of AMI BIOS, Aptio, and AMI's UEFI test signing key, which is used by all its clients to sign their BIOS updates. Signing ensures that BIOS updating software verifies the update is genuine, and coming from the motherboard manufacturer. With this key out, malware developers can develop malicious BIOS updates, hack motherboard vendors' customer support websites, and replace legitimate BIOS updates with their malicious ones. Control over the system BIOS could then give hackers access to most ring-0 OS functions.



"By leaking this key and the firmware source, it is possible (and simple) for others to create malicious UEFI updates that will be validated & installed for the vendor's products that use this firmware. If the vendor used this same key for other products - the impact could be even worse," writes Adam Caudill, who along with Brandon Wilson, discovered the open FTP server. "This kind of leak is a dream come true for advanced corporate espionage or intelligence operations. The ability to create a nearly undetectable, permanent hole in a system's security is an ideal scenario for covert information collection," he added.

View at TechPowerUp Main Site
 
Last edited:

FordGT90Concept

"I go fast!1!11!1!"
Joined
Oct 13, 2008
Messages
25,812 (6.16/day)
Location
IA, USA
System Name BY-2015
Processor Intel Core i7-6700K (4 x 4.00 GHz) w/ HT and Turbo on
Motherboard MSI Z170A GAMING M7
Cooling Scythe Kotetsu
Memory 2 x Kingston HyperX DDR4-2133 8 GiB
Video Card(s) Sapphire Radeon RX 5500 XT Pulse 8 GiB
Storage Crucial MX300 275 GB, Seagate Exos X12 TB 7200 RPM
Display(s) Samsung SyncMaster T240 24" LCD (1920x1200 HDMI) + Samsung SyncMaster 906BW 19" LCD (1440x900 VGA)
Case Coolermaster HAF 932 w/ USB 3.0 5.25" bay
Audio Device(s) Realtek ALC1150, Micca OriGen+
Power Supply Enermax Platimax 850w
Mouse SteelSeries Sensei RAW
Keyboard Tesoro Excalibur
Software Windows 10 Pro 64-bit
Benchmark Scores Faster than the tortoise; slower than the hare.
Look on the bright side: this may mean BIOS can be updated to eliminate secure boot (aka DRM).
 
Last edited:
Joined
Dec 16, 2010
Messages
1,493 (0.44/day)
Location
State College, PA, US
System Name My Surround PC
Processor Intel Core i7 8086K @ 5.1 GHz
Motherboard Gigabyte Z370 AORUS Gaming 5
Cooling Swiftech MCP35X / XSPC Rasa CPU / Swiftech MCW82 / Koolance HX-1320 w/ 4 Corsair Fans
Memory 32GB (2 x 16 GB) Team DDR4-3200 CL16-18-18-38
Video Card(s) MSI Nvidia GeForce GTX 980 Ti Armor 2X
Storage Samsung SSD 970 Pro 512GB, 2 x 4TB HGST NAS HDD in RAID 1
Display(s) 3 x Acer K272HUL 27" in Surround 7860x1440
Case NZXT Source 530
Audio Device(s) Integrated ALC1220 + Sony MDR-7506 + Logitech Z-5500 5.1
Power Supply Seasonic X-1250 1.25kW
Mouse Patriot Viper V560
Keyboard Logitech G15
Software Windows 10 Pro x64
I guess people with Samsung laptops can now finally use them with operating systems other than Windows.
 

cdawall

where the hell are my stars
Joined
Jul 23, 2006
Messages
27,669 (5.53/day)
Location
Houston
System Name All the cores || Into the Blue
Processor 2990WX || 5960X
Motherboard Asrock X399M || Asus X99M WS
Cooling CPU-XSPC RayStorm Neo, 2x240mm+360mm, D5PWM+140mL, GPU-2x360mm, 2xbyski, D4+D5+100mL || TBD
Memory 4x8GB G.Skill Trident Z 3200 CL16 || EVGA 3200 2x8GB
Video Card(s) (2) EVGA SC BLACK 1080Ti's || EVGA 1080Ti FE
Storage 2x Samsung SM951 512GB, Samsung PM961 512GB || OCZ Vector 180 480GB
Display(s) Dell UP2414Q 3840X2160@60hz || TBD
Case Caselabs Mercury S5+pedestal || Supermicro S5 (GS5A-753K)
Audio Device(s) Fischer HA-02->Fischer FA-002W High edition/FA-003/Jubilate/FA-011 depending on my mood
Power Supply Seasonic Prime 1200w || Seasonic Snow Silent 750w
Mouse Thermaltake Theron, Steam controller || TBD
Keyboard Thermaltake Poseidon ZX, Steam controller || Corsair K70
Software W10P || W10P
Joined
May 4, 2011
Messages
526 (0.16/day)
System Name Smooth-Operator
Processor AMD Ryzen 7 3800x
Motherboard Asrock x570 Taichi
Cooling AMD Wraith Prism
Memory 2x16GB 3200MHz CL16 DDR4
Video Card(s) Sapphire Radeon RX 580 8GB NITRO+
Storage JBOD: 2+1+1TB 7200RPM HDD
Display(s) Samsung S24E370DL 24" IPS Freesync 75Hz
Case Fractal Design Focus G Window Blue
Audio Device(s) Creative X-Fi Titanium PCIe x1
Power Supply Corsair HX850 80+ Platinum
Mouse Gigabyte Aorus M3
Keyboard Zalman ZM-K300M
Software Windows 10 x64 Enterprise/Ubuntu Budgie amd64
"Malicous firmware/bios/uefi" a.k.a. firmware/bios/uefi allowing user to do with bought device anything user wish to.
 

Frick

Fishfaced Nincompoop
Joined
Feb 27, 2006
Messages
16,139 (3.14/day)
Location
Piteå
System Name Black MC in Tokyo
Processor Ryzen 5 2600x
Motherboard Asrock B450M-HDV
Cooling AMD Wraith Spire I think
Memory 2 x 8GB G-skill Aegis 3000 or somesuch
Video Card(s) Asus GTX 760 DCU2OC 2GB
Storage Kingston A400 240GB | WD Blue 1TB x 2
Display(s) BenQ GL2450HT
Case Some old Antec
Audio Device(s) Line6 UX1 + slightly modded Sony DR-ZX302
Power Supply Fractal Design Effekt 400W
Mouse Logitech G602
Keyboard Cherry MX-Board 3.0
Software Windows 10 Pro
Benchmark Scores I once had +100 dorfs in DF, so yeah pretty great
"Malicous firmware/bios/uefi" a.k.a. firmware/bios/uefi allowing user to do with bought device anything user wish to.
Or, you know, allowing people to install serious malware.
 
Joined
Feb 8, 2008
Messages
2,513 (0.57/day)
Location
Switzerland
Processor i7 4790K ( O.C 4.7 Ghz ) 1.28 V
Motherboard Maximus VII Impact z97
Cooling CM Masterliquid 240mm AIO
Memory 16 GB Corsair Dominator Platinum DDR3 1866 Mhz
Video Card(s) ASUS Strix RTX 2080 Ti
Storage M.2 Samsung NVMe 960 Pro 512 GB
Display(s) Asus PG279 IPS 1440p 165Hz G-sync
Case CM Mastercase 3.1
Power Supply Corsair AX760
Mouse Razer Deathadder Chroma
Keyboard Rapoo
Software Win 10 64 Bit
So maybe the virus now can be inside the motherboard not anymore on HardDisk ?

And then how you clean the motherboard bios ? Buying new one ?
 
Joined
Apr 16, 2010
Messages
3,160 (0.87/day)
Location
Portugal
System Name _JP_'s Daily Driver
Processor AMD Ryzen 7 1700
Motherboard MSI X370 Gaming Plus
Cooling Noctua NH-C12P SE14 + NM-AM4 + NF-P14r
Memory 2x 8GB G.Skill Trident Z (F4-3200C16D-16GTZB)(Hynix)
Video Card(s) Sapphire Pulse AMD Radeon RX 5500 XT 8GiB
Storage HyperX Savage 240GB + KC300 240GB + 750EVO 500GB
Display(s) LG Flatron W2361V 23'' FHD
Case NOX Blaze
Audio Device(s) Creative SoundBlasterX AE-5
Power Supply Corsair TX650M
Mouse Microsoft Comfort Mouse 4500
Keyboard Logitech Media Keyboard (PS/2)
Software Windows 10 x86-64 (1909)
Benchmark Scores It plays a game or two in TV resolution from time to time
So maybe the virus now can be inside the motherboard not anymore on HardDisk?
Yes, it WILL be in the motherboard, not the HDD.
And then how you clean the motherboard bios ? Buying new one ?
No. You just have to remove the infected chip out and install a clean one, or just reprogram (with an external programmer) the infected one, just like in the CIH days.
 
Joined
Mar 10, 2010
Messages
7,222 (1.97/day)
Location
Manchester uk
System Name RyzenGtEvo/ Asus strix scar II
Processor Amd R7 3800X@4.350/525/ Intel 8750H
Motherboard Crosshair hero7 @bios 2703/?
Cooling 360EK extreme rad+ 360$EK slim all push, cpu Monoblock Gpu full cover all EK
Memory Corsair Vengeance Rgb pro 3600cas14 16Gb in two sticks./16Gb
Video Card(s) Sapphire refference Rx vega 64 EK waterblocked/Rtx 2060
Storage Samsung Nvme Pg981, silicon power 1Tb samsung 840 basic as a primocache drive for, WD2Tbgrn +3Tbgrn,
Display(s) Samsung UAE28"850R 4k freesync, LG 49" 4K 60hz ,Oculus
Case Lianli p0-11 dynamic
Audio Device(s) Xfi creative 7.1 on board ,Yamaha dts av setup, corsair void pro headset
Power Supply corsair 1200Hxi
Mouse Roccat Kova/ Logitech G wireless
Keyboard Roccat Iksu force fx
Software Win 10 Pro
Benchmark Scores 8726 vega 3dmark timespy/ laptop Timespy 6506
Joined
Nov 18, 2010
Messages
4,971 (1.45/day)
Location
Rīga, Latvia
System Name HELLSTAR
Processor Intel 5960X @ 4.4GHz
Motherboard Gigabyte GA-X99-UD3
Cooling Custom Loop. 360+240 rads. 5x Nidec Servo Gentle Typhoons. AC CUPLEX KRYOS NEXT.
Memory 4x8GB Corsair Vengeance LPX 3000MHz 15-17-17-36 CR1
Video Card(s) ASUS 1080 Ti FE + water block
Storage Optane 900P + Samsung PM981 NVMe 1TB + 750 EVO 500GB
Display(s) Philips PHL BDM3270
Case Phanteks Enthoo Evolv ATX Tempered Glass
Audio Device(s) Sound Blaster ZxR
Power Supply Fractal Design Newton R3 1000W
Mouse Razer Basilisk
Keyboard Razer Deathstalker
Software Windows 10 insider
good news... I hated that thing... DRM is double edged sword that is implemented in very wrong fashion... shoo shoo get lost... I want to really own the device I buy, not just lend it...
 
Joined
Jul 5, 2008
Messages
272 (0.06/day)
System Name WorkStation
Processor Intel i7 3770k @ 4.4GHz
Motherboard ASRock Z77 Extreme6
Cooling Corsair H110 Water Cooler AIO
Memory Corsair Vengeance 8GB DDR3 1600MHz
Video Card(s) MSI GTX680 Twin Frozr III OC
Storage WD 1TB Sata III
Display(s) Samsung 22-inch LED 1080p
Case Corsair Carbide Air 540
Audio Device(s) Onboard Realtek 898 HD
Power Supply Corsair CS750M Gold
Software Windows 8.1 Pro x64

Rebel333

New Member
Joined
Jan 12, 2011
Messages
29 (0.01/day)
This might excellent news, does this mean we are going to see more customizable bios, such as adding memory timings, overclocking CPU, GPU, changing voltages, etc in Samsung laptops?
 

cadaveca

My name is Dave
Joined
Apr 10, 2006
Messages
17,104 (3.35/day)
This might excellent news, does this mean we are going to see more customizable bios, such as adding memory timings, overclocking CPU, GPU, changing voltages, etc in Samsung laptops?
Nope.


I've got AMI UEFI editing tools. I posted I had them many months ago.


When you go to update BIOS, the BIOS is checked if it is "official" BIOS. This is the mechanism that prevents you from flashing BIOS from a different product to your board.


So, now, someone could write "I LOVE SPAGETTINI" a billion times, and your board would flash it to the BIOS chip, thinking it was a BIOS.


And I got my softwares off of Jetway's FTP as well. This is hardly new news, honestly, Jetway's FTP was open for a long long time(literally years), as was ASUS's(again, years, you can find lots of posts about it), and several other board makers. Today, all these FTP's are blocked from open public access.


Seems like Adam Caudill was just looking for some traffic! Publically leaking that key and other infos is very much a dick move.
 
Joined
Aug 17, 2009
Messages
1,585 (0.41/day)
Location
Los Angeles/Orange County CA
System Name Vulcan
Processor i6 6600K
Motherboard GIGABYTE Z170X UD3
Cooling Thermaltake Frio Silent 14
Memory 16GB Corsair Vengeance LPX 16GB (2 x 8GB)
Video Card(s) ASUS Strix GTX 970
Storage Mushkin Enhanced Reactor 1TB SSD
Display(s) QNIX 27 Inch 1440p
Case Fractal Design Define S
Audio Device(s) On Board
Power Supply Cooler Master V750
Software Win 10 64-bit
Well I guess no other hum had done something incredibly insanely stupid today.

Someone had to step up and do it.

That's the problems with the keys and certificates and stuff. Good in theory, but you've got to consider the weakest link in the chain.

Depresses that I too am a member of this ignoble group.

Ok, rant over. Have a nice day.
 
Joined
Sep 4, 2005
Messages
658 (0.12/day)
there are some leaked tools out there already that will allow you to flash boards with a BIOS not for that board. However this is great, because now vendors will have to one up their security, i mean do you guys think their security was so low that any motherboard maker could hack eath other's UEFI? Some vendors don't allow such easy access to their UEFI's as they have ot make up their own modules, for instance memory OC profiles is a custom module, as is UEFI profile sharing, and other stuff like that. I mean sure there are some vendors who don't use much security, some very big ones too, but other vendors can put on good security, which will probably become even greater with this.

I am sure AMI with their nice monopoly will do something about it.
 

hkbeta

New Member
Joined
Apr 8, 2013
Messages
3 (0.00/day)
great article... or not

Let me tell you something else. On a public FTP there is the source code for Windows 8. And on the same *public* FTP there is the complete source code for World of Warcraft (all of them). And on another public ftp you can find a program that let's you decrypt any encrypted ZIP and RAR file. And of course there's a FTP where you can find... nevermind, I think you got the point.

So techpowerup editors please start and write about all of the above, no need for a link to the FTP, if I tell you it's true, then it's true. Or should I write this on a blog to believe me?
 

W1zzard

Administrator
Staff member
Joined
May 14, 2004
Messages
20,205 (3.48/day)
Processor Core i7-4790K
Memory 16 GB
Video Card(s) GTX 1080
Display(s) 30" 2560x1600 + 19" 1280x1024
Software Windows 7
Let me tell you something else. On a public FTP there is the source code for Windows 8. And on the same *public* FTP there is the complete source code for World of Warcraft (all of them). And on another public ftp you can find a program that let's you decrypt any encrypted ZIP and RAR file. And of course there's a FTP where you can find... nevermind, I think you got the point.

So techpowerup editors please start and write about all of the above, no need for a link to the FTP, if I tell you it's true, then it's true. Or should I write this on a blog to believe me?
You can find the leaked AMI source code yourself, it's not that difficult.
 
Joined
Feb 16, 2005
Messages
539 (0.10/day)
Location
Germany,Hannover
System Name ChaosMoes
Processor Intel® Core™ i5-3570K no OC yet
Motherboard Asrock Z77 Extreme4
Cooling Scythe Ninja 3 Rev. B
Memory 16GB 2xPatriot DIMM 8 GB DDR3-1866 Kit (PV38G186C9KRD, Viper 3 Venom Red)
Video Card(s) ASRock Radeon RX 590 Phantom Gaming X 8GB GDDR5 188€@13.07.19 Amazon Sale
Storage Samsung 840 Pro SSD 256GB, + ST32000645NS Seagate Constellation 109€ reichelt.de 2012
Display(s) 27" Phillips PHL 276E9Q 189€ @ Saturn(Germany) 1.09.2018
Case Zaria A20 !!!THANK YOU TECHPOWERUP.COM!!!
Audio Device(s) onboard Sound
Power Supply SeaSonic Prime Ultra Titanium 750W
Mouse Logitech M705
Keyboard Microsoft SideWinder X4 Keyboard
Software Windows 10 Pro x64
posting a link just poses more risk than use for tpu...
use your giyf skills or you are wrong here anyway

well i wasn't able to get the source code myself just to see it out of curiosity :rolleyes:
 

btarunr

Editor & Senior Moderator
Staff member
Joined
Oct 9, 2007
Messages
38,241 (8.39/day)
Location
Hyderabad, India
Processor AMD Ryzen 7 2700X
Motherboard ASUS ROG Strix B450-E Gaming
Cooling AMD Wraith Prism
Memory 2x 16GB Corsair Vengeance LPX DDR4-3000
Video Card(s) Palit GeForce RTX 2080 SUPER GameRock
Storage Western Digital Black NVMe 512GB
Display(s) BenQ 1440p 60 Hz 27-inch
Case Corsair Carbide 100R
Audio Device(s) Creative Sound Blaster Recon3D PCIe
Power Supply Cooler Master MWE Gold 650W
Mouse ASUS ROG Strix Impact
Keyboard Microsoft Sidewinder X4
Software Windows 10 Pro
So techpowerup editors please start and write about all of the above, no need for a link to the FTP, if I tell you it's true, then it's true. Or should I write this on a blog to believe me?
www.google.com
 
Top