 and welcome back to the R3S of the RC3 in Monheim. You can reach us on hackintirc in the channel RC3-R3S on Twitter and Mastodon with the hashtag RC3R3S and additionally on Mastodon with our handle at r3s at chaos.social. So after two more legal talks now something more technical and when I asked the speaker who is again on the stage with us thanks for joining us when I asked him how shall I introduce you he said Google me and so I did so what did I find I found a veteran US Army Lieutenant Colonel from the Vietnam War I think that's not him I found a graduate of the Rockledge High School in Rockledge Florida I think that's neither him then I found some guy from Essen so here live and live and in person Daniel Maslowski with his talk introducing Utk web a web developers view on firmware have fun hey and thanks for the quick introduction yeah you might know me from previous talks usually I just take things apart and talk about it or I speak about some general things regarding software engineering which is also my main field of work anyway this time I built a tool which I'm going to introduce here's the little agenda I will first give a very brief introduction also on me because not everybody necessarily knows me I will talk a bit about motivation why I'm doing what I'm doing here what you can use it for and so on and then I will explain actually what the tool is show what it implements and finally give you some sort of outlook what's coming in the future so on me I'm Daniel actually a few backgrounds first United Security I've been studying that for years and then I switched over to computer science but for a living I decided to actually do something more practical and that made me become a software engineer eventually I mostly work on the web so I'm building web applications which is also what this tool here is about but I also have some interest in infrastructure and you know to run your applications and so on you need to have infrastructure underneath you and that's how I eventually looked at more and more things out there and a friend of mine introduced me to firmware which this tool integrates in and so this is what I'm also doing in the open source space I'm developing several tools which are about firmware I also work on firmware directly sometimes and well eventually I need to do some reverse engineering which is the sad truth of the current state of how hardware works in the industry now about application development in general as an application developer I need to have some awareness of a few things first of all I need to have an understanding of the domain where I'm developing and by domain I'm talking about you know what the application is actually about so let's let's just take a very very stupid example the Corona one app that was made in Germany the domain of that application well it's about tracing it's about Corona and so in order to you know talk about it to develop it you need to understand what it's actually about and the second thing that you need to know is the environment an application lives in and that's on the one hand side platforms coming back to the example that would be mobile platforms in this case it could also be wearables or something like that and we have to know APIs so you know that especially for the Corona one app there actually had to be new APIs implemented by both Google and Apple so that you know the application could get its functionality and eventually it's very very handy to know some frameworks so that you know you have something to build on top of so you don't need to like reinvent reinvent the wheel all the time the second part and that's the visual part is actually the UX design and large companies and they're often dedicated people doing that or even dedicated teams doing that so over the course of my career I've been working with several people doing this sort of work and eventually I you know also had to get an understanding of that because UX and UI you know those are fancy fancy both words but what it actually means is that I need to also get an understanding of aesthetics on the on the one hand side I need to know you know what seems appealing to people and that's all about shapes and colors about spacings topography icons but on the other hand there are also some functional requirements that you have regarding UX and that's where we came up with the idea of so called widgets. Widgets are basically you know everything that you can see in an application that you can interact with and many of them are actually reappearing all the time for example everyone knows buttons right so you know you can click a button if you start diving further into it at some point you will get an understanding that well a button is actually not just a button right so you can have buttons in and that's the aesthetics again in different shapes and so on colors and so on but on the other hand you can also have different functionalities and that's what you know many people don't even think about actually coming back to the button example there are buttons which are stateless so you can just click them once and then something happens but there are also the stateful buttons so you can click those buttons and they will reflect something so those are buttons which you might know from old cassette tape recorder so you press a button and then it stays in place and that's what what we now also call radio buttons still even on computers so we don't have those physical buttons and I was thinking about this a lot and there is this one thing which was always puzzling me so people with new computers at some point you know when I was working together with people I was using their machine and I tried to scroll and for some reason it didn't work and they showed me no no you need to move your hand the other way I asked okay why is that the case and they call it natural scrolling and they told me that the image behind it is actually that you're moving paper around I was thinking about it and that you know gave me the idea of what the word actually stems from so if I imagine a very ancient scroll right something that you can't hold in your hand imagine you're holding it like this you can also move it up and down if you just wound it up on something like a stick for example so that's like the very very ancient sort of user interface where scrolling comes from and I thought about well on the machine I have something like scroll bars did we also have that in the past and why did we actually come up with this non-natural way of scrolling which I was actually used to and so I thought okay that's like when I attach a string on that stick where the scroll where the scroll is hanging and then I could also move it that way but there's nothing nothing natural actually about it even the scroll itself is not a natural thing right it's something that somebody made it's a creative thing and it's also some sort of engineering and now depending on how you wind up that string that actually determines your scroll direction right so you can wind it forward or backwards and then depending on that direction when you pull it either goes up or down anyway that was a bit of an aside um so what I want to say in summary is that you know I'm I'm dealing a lot with these ideas I want to bring them into play and this brings us to firmware so there is one sort of industry standard now which is called UEFI which has become very much ubiquitous you will find it everywhere you find it in laptops you find it on desktop machines on server platforms even and they also started to hold out to other places like usually we know it from the Intel and AMD platforms but it's also now on ARM even RISC-5 decided to go that path and that means that we need to have good tooling to understand it and this is what my tool is actually about I wanted to have a good understanding now looking at this example here this is where UEFI is actually not too much of a standard it doesn't even live on its own but it's part of an entire platform and if you look at this very example here this is from an Intel platform they just partition their firmware images into multiple regions so when when you get a file for let's say a firmware upgrade or you just read it out from your laptop you can look at the file in that way and you can divide it into those sections not everyone is doing it exactly like that for example AMD is doing it it's somewhat different in some regards but anyway let's look a bit closer at the UEFI part here it's it's quite a complex standard on itself and let's look at the boot flow so when you boot up a machine that is running UEFI it actually runs through a bunch of so-called phases and other firmware implementations you might also know this at just know it as some different terms they might be called stages but eventually the idea is always the same there is something that is starting and then some sort of program flow is happening at some point you have a decision to make in UEFI that's called BDS or boot device select that's where your actual operating system is starting and where you need to decide where to start from again we can have a user interface here which is not exactly what my tool is about but what I was also thinking about simulating but anyway so this is this is where the firmware ends and your operating starts I borrowed this slide from the UEFI forum there was a talk recently on new ideas in firmware so if you if you remember the flow that you might have seen in UEFI before they have these phases sec, Dixie and BDS there is actually a bit more to it but anyway so this is just to have a rough outline of what we're talking about and the complexity that you face here and now let's have some more motivation so what are we actually looking at here and why do we do so on the one hand side and this is also especially interesting for us here at the case communication congress or this time the remote congress we're talking a lot about security and let's be honest everybody knows that security through obscurity is not working out eventually so at every congress we're seeing dozens of examples where it doesn't work so what we need instead is we need better tools to look at what we already have and this is hopefully something I can provide here so in the UEFI space there have already been so-called implants so think of malware but not malware that is running in the operating system but malware that is actually baked into your firmware at some point so it's entirely possible that somebody installed something on your machine now you come along you toss out your hard drive or SSD throw it away you just take a fresh new one but you still have the malware because it's part of your main board so that's in a small storage that is actually on your machine so I mean it's not too practical to throw away your machines all the time right unless they are as cheap as possible but even then maybe it's not so friendly for the environment that's the one hand side the other hand is most of what we're seeing in the firmware space is very much proprietary and close source today and so we're trying to build more open tools not just people in the open source community by the way but also more and more companies are interested in that and they actually started talking to the community we have very very huge projects actually looking into that for example the ocp the open compute project which is all about large servers and data centers and so on and what they actually need is they need to have very very high availability and they need to have a very good understanding of what's going on in their machines okay so this is what I want to provide and now on the other hand of course there are already other tools right so they are proprietary tools from vendors AMI for example a very well-known vendor for firmware they have their tool called mm tool for manipulating firmware images Intel has theirs and then we have lots of open source tools now I was looking at those tools some are very nice already some have a very very nice user interface and eventually well most of them are just looking at firmware images in terms of trees and tables they are very basic data structures and well if you just draw them down there you don't really get an exact understanding of what you have so you would need to read all those specifications around what you're looking at for you if I for example you would need to read I don't know how many thousands of pages but I can promise you it's more than five thousand I haven't seen them all I've looked at some of them and so I wanted to come up with a better idea or maybe just a different idea I'm not saying that this year is bad it's just not suitable for me just to get an understanding and this is what Utk web is about and it actually started when I was talking to Ryan Ryan is one of the developers of the tools that are being used at Google's data centers for example there is a project called Linux boot it's quite large now and what it requires is lots of tooling and one of those very tools is Utk itself hence the name it's the UFI toolkit and the other tool or one of the other tools is called fMap and what fMap does is it's actually very very simple it's looking at a file and it will tell you about how many parts of that file are actually used data and if you just output that in let's say in a terminal it's very nice so you can represent different blocks as let's say hashes for example or dots or zeros to indicate that some block is really just empty so that's what the f's are so if you look at the the hex values you will just see f f f f the zeros just mean it's all zeros and the actual useful data is where it's something else so not all zero and not all just f and I thought okay I can do this myself in a different way as a web developer I can just you know I can just show boxes which are sort of the same but it's not just boxes it's also colors right so colors are very very good indicators for us they are very very easy and helpful so don't even need to closely read like okay is it a hash now is it a dot or something so not in mono color but in various colors and then Ryan asked me again could you pick some colors which also work out for people with color blindness and I first of all had to do a lot of research because unfortunately I'm not color blind myself at least to my knowledge so you know I didn't really have a good understanding of that which brings us back to the domain topic so here I'm touching another domain again um so fortunately I was very lucky and other people had already done lots of research in that space and so I could find a very nice color palette which I'm using here now so I can tell it myself but I hope that some color blind person can at some point tell me if they can actually distinguish those colors here because otherwise this is entirely pointless because I'm just using colors so this is now the current state of development in Utk what I have so far is representations of what is in generally called a directory or if you think about file systems it sometimes also called a folder or it might be called something else the rough idea is it's just a collection of files and each of those files in a directory is represented as a just simple entry right so entry is a very very generic term I could also have named that file but yeah doesn't really matter too much here anyway those are very very simple components I could model and what I could think about that is you know always the same for those is a directory is always this sort of collection and an entry is always something more specific and I wanted to have a tool that is a bit more generic even and that goes beyond just files and directories but also the specifics of those files because we need to have you know for you if I a clear understanding of the specifics of those files meta information for example on the other hand I've already shown you this I have this flash usage view here the component behind that is called fmap and because those images here those file images can grow very very large I made a quick navigation bar that's what you see here in the screenshot on the very top it allows you to jump to a very specific directory or as it's called in ufi an fv a former volume but I just told you that I wanted to be a bit more generic and I started looking a lot into the AMD platforms there's something that is called PSP or was called PSP I don't know why but they renamed it no it's called ASP AMD secure processor something like that previously it was platform security processor you know those names can always change a bit it's a bit about marketing as well anyway so there is a tool out there which already allowed reading the data structures for PSP and I wanted to have some format that I could use on my side so what I did was I went to the maintainers of PSP tool and I added json output support because json is a format that I can easily use natively in web development it's the JavaScript object notation so I can just use it in JavaScript right away and then I could model my components here and here you can see the so-called entries for PSP and you can also see that you know they contain lots of data actually and you know they can have various dimensions I'm using emoji as some sort of indicators sometimes I'm just printing on values and those are the specifics of those entries and I already told you that there is lots of tools out there so I started to integrate more and more I also filed a pull request to ui firmware parser so that can also give us json output now at some point you know I started to have various way to look at firmware images so I added a small tab bar where you can just switch between the different views and well eventually what it also means to do all this work is I need to transform the data I can get out from the existing tools and what you see here is something that is very very typical for working with data structures and representing them you need to transform the data in a way such that it's suitable for your ui components or widgets in this example here this is taken from utk we have something that is called value we have something that is called files and I'm transforming them in such a way that I can use them in my tool so I promise in the abstract I wanted to also show you something that I actually found in firmware and which might be interesting to you now it's marked here actually the tool allows you to mark things already this is called asrock net smtp smtp the simple mail transfer protocol tells us well there is an email client in your firmware and I cannot tell you why it's there I haven't actually asked the vendor I might do that at some point I'm not sure yet but anyway this is why I actually want to look at my firmware just myself so I want to see what's going on there and maybe I want to replace it with something or you know just remove things and this is what utk the tool itself allows us to do similar to many other tools but yeah utk is what I'm using and what I got to know so here is a very very brief outlook what I want to do is I want to integrate utk itself into utk web and that would mean that I need to have an in browser back end I can do that with today's technologies there is something called wasm or web assembly and then I will just go ahead and integrate other tools like memoyas firmware toolkit which you might have seen at other talks before so memoya introduced that at some point um at last year's congress I think then there is many many other tools I will try to integrate maybe I will just need to add some more jason support or something like that and eventually I'm open for some questions if you have any and on the very last slide here you already have the references so you can quickly look things up the pdf version of the slides is already online if you were looking live if you want to see the source code to the slides or also upload those in a bit with that thank you very much so yeah thank you for for your time thank you for preparing a talk um so your talk seems to have been very comprehensive as we currently don't have any questions uh forwarded by the signal angels I had a quick look into the IOC and there were no questions either either so I believe you were quite comprehensive in your talk thank you so thank you for your time thank you thank you for coming over here and yeah have a nice RC3