Intel ME Manufacturing Mode Detection Tools
This repository contains Python 2.7 scripts for checking the state of the Intel ME Manufacturing Mode.
Manufacturing Mode
Intel ME has a Manufacturing Mode designed to be used exclusively by motherboard manufacturers. This mode provides some additional opportunities that an attacker can take advantage of. When Manufacturing Mode is enabled, Intel ME allows execution of the command which makes the ME region writable via the SPI controller built into the motherboard. The ability to run code and send commands to Intel ME on the attacked system allows the attacker to rewrite the Intel ME firmware onto another version. So the attacker is able to deploy the firmware (full disclosure) which is vulnerable to INTEL-SA-00086 and execute arbitrary code on Intel ME even if the system is patched.
Usage
mmdetect.py [-h] [--path PATH]
Manufacturing mode detection tool.
optional arguments:
-h, --help show this help message and exit
--path PATH path to lspci binary
Limitations
- Tools work only if HECI device isn't hidden.
- 'pciutils' library (WIN, LIN) is required.
- 'requests' library is needed for installing 'pciutils' on Windows.
pip install requests
Related URLs:
How to Hack a Turned-Off Computer or Running Unsigned Code in Intel Management Engine
CVE-2018-4251 (MacOS High Sierra 10.13.5, Security Update)
Author
Maxim Goryachy (@h0t_max)
Research Team
Mark Ermolov (@_markel___)
Maxim Goryachy (@h0t_max)
Dmitry Sklyarov (@_Dmit)
License
This software is provided under a custom License. See the accompanying LICENSE file for more information.