Skip to content
This repository has been archived by the owner on Sep 22, 2022. It is now read-only.

Bad LZMA[0x3408C] header bd7fd292a621c1bf1d53354139dd8157f2 #5

Open
throwaway-a opened this issue Jun 28, 2022 · 0 comments
Open

Bad LZMA[0x3408C] header bd7fd292a621c1bf1d53354139dd8157f2 #5

throwaway-a opened this issue Jun 28, 2022 · 0 comments

Comments

@throwaway-a
Copy link

throwaway-a commented Jun 28, 2022
edited
Loading

I know this is called unME11, but in Intel ME: The Way of the Static Analysis TXE 3 was discussed as well. So I wanted to try unME11 on the TXE 3 which was targeted by your IntelTXE-PoC. Specifically I wanted to see the data parsed out from slide 28 "Ext#4: Shared Lib" since currently AFAIK neither UEFITool nor MEAnalyzer prints that extension info (Edit: OK actually MEAnalyzer does...). But I'd like to see the parsed versions like appear in the talk.

So I used 3.0.1.1107_B_PRD_RGN.bin from here and I get:

python2.7 unME11.py ../3.0.1.1107_B_PRD_RGN.bin
. Processing CPD at 0x1000
. Processing CPD at 0x9A000
. Processing CPD at 0xA4000
. Processing CPD at 0x1AE000
- Module pavp is encrypted
- Bad LZMA[0x3408C] header bd7fd292a621c1bf1d53354139dd8157f2
- hash NFTP.pavp[lzma]: 2b7efcdd61adcca53b1176a95134cdc25265f32a829fe408c6b9cb7f703d5c00

And no final report.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@throwaway-a