Jump to content
Phishing Emails & YouTube Messages - Fake Giveaway Read more... ×
Search In
  • More options...
Find results that contain...
Find results in...
rcmaehl

Consoles, Phones, Laptops, Oh My! - WiFi Module Vulnerability allows attackers to run code on a wide range of devices

Recommended Posts

Posted · Original PosterOP

Source:
Zeronights

 

Summary:

Discovered by Denis Selianin in 2018 a still unpatched vulnerability in a Wireless chip used by a wide range of devices allows Code to be Remotely Ran on devices without any user interaction. 

Media:
image.png.0cd0abf002094aac9fa7cbd9186fa3e3.png

 

Excerpts:

Quote

Researched device: • Marvell Avastar 88W8897 on Steamlink Wi-Fi (GNU/Linux w/ mlan + mlinux kernel modules w/ Wi-Fi core - ARM946 core w/ Wi-Fi + Bluetooth + NFC COMBO)

Firmware API implemented in driver: • READ/WRITE functions of SoC memory • Extended version info from firmware (for SteamLink) • Wi-Fi related stuff (authentication, association, scanning…) • Some of them can be accessed from the usermode • It is much easier to Reverse Engineer firmware dump

Reverse Engineer of Firmware: • Use full memory dumps instead of loaded image FW • You can get runtime structures • Appears to be a ThreadX – based bare-metal firmware • Recover ThreadX runtime structure from live memory dump • Recover RTOS tasks + stacks • You can get entry points !!! (with names in case steamlink firmware) • Recover block and byte pool memory layout • Essential for hunting bugs

Firmware instrumentation: • Extremely limited resources on Wi-Fi SoC, Only several Kbytes of free memory available. However, we can hook a single function (splicing), We can replace pointers for some debug-or-log-like routines, Can trace block pool allocation/deallocation, We can even instrument entire code regions (not so big) with thumb function calls (like DBI with function-level granularity). All of this can be accomplished using READ/WRITE firmware API functions and extended version info API

Disclosure timeline: Some bugs were found (4), Vendor notified on 02 May 2018, Submitted for ZeroNights on Sept 2018, Talk selected for presentation on Oct 2018. Presentation slides reviewed by Marvell on 12 Nov 2018, ZeroNights conference on 21 November 2018, Vendors Still fixing...
 

The most interesting bug to be exploited: • The most interesting bug is the one that can be triggered during network scan, There is no authentication, There is no need to know which network name (SSID) victim is expecting, Can be triggered whether a victim is connected to network or not and without ANY user interaction (every 5 minutes in case of Marvell Wi-Fi), Appears to be a ThreadX block pool overflow during network scan

 

My Thoughts:

It is surprising for this still not to be fixed or to have been picked up by major news sources yet despite the large scope of the affected devices. Everything from Phones, Consoles, to Laptops are affected by this. I'll update this post if any do actually pick it up now that it's gaining traction again.
 


NotCPUCores Dev | Desktop Build: Ryzen 7 1800X @ 4.0GHz, AsRock Fatal1ty X370 Professional Gaming, 32GB Corsair DDR4 @ 2933MHz, RX480 8GB OC, Benq XL2730 1440p 144Hz FS


 

Link to post
Share on other sites

Oh nice


PC Specs: i7 6EiGht00K (4.4ghz), Asus DeLuxe X99A II, GTX1080 Zotac Amp ExTrEme),64Gb DOminator PlatinUm, EVGA G2 seven5zeroWatt, Phanteks Enthoo Primo, 3TB WD Black, 500gb 850 Evo, H100iGTX, Windows 10, K70 RGB, G502, HyperX Cloud 2s, Asus MX34. SAMSUNG 960 EVO

Just keeping this here as a backup 980tiZotacStockBIOS.zip☻♥■∞{╚§XÅD{┘Æ╩mYÄÜXτ╕○\╚Θº£¥ΘBM@Q05♠{{↨↨▬§¶‼↕◄►☼1♦  wumbo

Link to post
Share on other sites

i don't own any of those... so there's that. 

 

it's bad though... 


DISCLAIMER: ANYTHING I SAY COULD BE WRONG. DO YOUR OWN RESEARCH! 

PC: 2X XEON X5650 | GTX 690 | 2X 240GB SSD | 24GB RAM Windows 10

MacBook: I5 3210M HD4000 | 1 TB SSD | 16GB RAM | macOS Mojave / Windows 10

Link to post
Share on other sites

i thought my ps4 uses the other card (not sure what company) so i might be safe


PSU TIER LIST 3.0//Vram info//80+ info//HDD Guide//Build logs//build plan guide//Before troubleshoot//Mark Solved//Off Topic//Community standards

Don't forget to quote or mention me

 

Primary PC:

CPU: I5-8600k  @4.5 ghz  GPU: GTX 1070 ti EVGA SC Gaming   RAM: 8+8 3360 mhz DDR4 Trident Z   MOBO: MSI Gaming Pro Carbon AC   HDD: 1 TB 7200 RPM Seagate Baracudda, 1 TB 5400 RPM Samsung ECOGREEN   SSD: Samsung 860 EVO 500 GB   Soundcard: built in   Case: Cooler Master Masterbox Lite 5 RGB   Screen: Salora 40LED1500

 

Second PC: Cedar mill

CPU: i3-2130   GPU: Intel HD graphics   RAM: 4+2 GB 1333 mhz DDR3    MOBO: HP H series   HDD: 320 GB WD Black 7200 RPM   PSU: HP 250 watt   Soundcard: built in   Case: Sunbeam Quarterback   Screen: IIyama Prolite T2240MTS, Samsung SyncMaster710N

 

Server: CookieVault

CPU: core2dual E8400   GPU: Intel HD graphics   RAM: 2+1+1+1 gb 1333 mhz ddr3   MOBO: HP Q series   HDD: 4x 1tb 5400 RPM Samsung Spinpoint Ecogreen   Soundcard: built in   Case: Compaq 6000 pro mt   Screen: Samsung SyncMaster710n

 

Laptop : Acer TravelMate 8573t

CPU: I3-2330M   GPU: Intel HD graphics   RAM: 8+2 GB 1333 mhz DDR3   MOBO: Acer   SSD: 250 gb mx500 sata   Soundcard: built in   Case: Acer TravelMate 8573t   Screen: TN 768p

 

Game consoles:

PS4 slim glacier white 500 gb, PS4 FTP Special Edition 500 gb, Xbox, 3 DS lites, DSI XL, Gameboy Advanced Color, PS Vita v2, Wii, PS3 500 gb

Link to post
Share on other sites
Posted · Original PosterOP
Just now, LukeSavenije said:

i thought my ps4 uses the other card (not sure what company) so i might be safe

Broadcom?


NotCPUCores Dev | Desktop Build: Ryzen 7 1800X @ 4.0GHz, AsRock Fatal1ty X370 Professional Gaming, 32GB Corsair DDR4 @ 2933MHz, RX480 8GB OC, Benq XL2730 1440p 144Hz FS


 

Link to post
Share on other sites
11 minutes ago, rcmaehl said:

Broadcom?

no, it wasn't broadcom neither intel. I just don't remeber what is was


PSU TIER LIST 3.0//Vram info//80+ info//HDD Guide//Build logs//build plan guide//Before troubleshoot//Mark Solved//Off Topic//Community standards

Don't forget to quote or mention me

 

Primary PC:

CPU: I5-8600k  @4.5 ghz  GPU: GTX 1070 ti EVGA SC Gaming   RAM: 8+8 3360 mhz DDR4 Trident Z   MOBO: MSI Gaming Pro Carbon AC   HDD: 1 TB 7200 RPM Seagate Baracudda, 1 TB 5400 RPM Samsung ECOGREEN   SSD: Samsung 860 EVO 500 GB   Soundcard: built in   Case: Cooler Master Masterbox Lite 5 RGB   Screen: Salora 40LED1500

 

Second PC: Cedar mill

CPU: i3-2130   GPU: Intel HD graphics   RAM: 4+2 GB 1333 mhz DDR3    MOBO: HP H series   HDD: 320 GB WD Black 7200 RPM   PSU: HP 250 watt   Soundcard: built in   Case: Sunbeam Quarterback   Screen: IIyama Prolite T2240MTS, Samsung SyncMaster710N

 

Server: CookieVault

CPU: core2dual E8400   GPU: Intel HD graphics   RAM: 2+1+1+1 gb 1333 mhz ddr3   MOBO: HP Q series   HDD: 4x 1tb 5400 RPM Samsung Spinpoint Ecogreen   Soundcard: built in   Case: Compaq 6000 pro mt   Screen: Samsung SyncMaster710n

 

Laptop : Acer TravelMate 8573t

CPU: I3-2330M   GPU: Intel HD graphics   RAM: 8+2 GB 1333 mhz DDR3   MOBO: Acer   SSD: 250 gb mx500 sata   Soundcard: built in   Case: Acer TravelMate 8573t   Screen: TN 768p

 

Game consoles:

PS4 slim glacier white 500 gb, PS4 FTP Special Edition 500 gb, Xbox, 3 DS lites, DSI XL, Gameboy Advanced Color, PS Vita v2, Wii, PS3 500 gb

Link to post
Share on other sites

oh wait, now i do.... it was azurewave


PSU TIER LIST 3.0//Vram info//80+ info//HDD Guide//Build logs//build plan guide//Before troubleshoot//Mark Solved//Off Topic//Community standards

Don't forget to quote or mention me

 

Primary PC:

CPU: I5-8600k  @4.5 ghz  GPU: GTX 1070 ti EVGA SC Gaming   RAM: 8+8 3360 mhz DDR4 Trident Z   MOBO: MSI Gaming Pro Carbon AC   HDD: 1 TB 7200 RPM Seagate Baracudda, 1 TB 5400 RPM Samsung ECOGREEN   SSD: Samsung 860 EVO 500 GB   Soundcard: built in   Case: Cooler Master Masterbox Lite 5 RGB   Screen: Salora 40LED1500

 

Second PC: Cedar mill

CPU: i3-2130   GPU: Intel HD graphics   RAM: 4+2 GB 1333 mhz DDR3    MOBO: HP H series   HDD: 320 GB WD Black 7200 RPM   PSU: HP 250 watt   Soundcard: built in   Case: Sunbeam Quarterback   Screen: IIyama Prolite T2240MTS, Samsung SyncMaster710N

 

Server: CookieVault

CPU: core2dual E8400   GPU: Intel HD graphics   RAM: 2+1+1+1 gb 1333 mhz ddr3   MOBO: HP Q series   HDD: 4x 1tb 5400 RPM Samsung Spinpoint Ecogreen   Soundcard: built in   Case: Compaq 6000 pro mt   Screen: Samsung SyncMaster710n

 

Laptop : Acer TravelMate 8573t

CPU: I3-2330M   GPU: Intel HD graphics   RAM: 8+2 GB 1333 mhz DDR3   MOBO: Acer   SSD: 250 gb mx500 sata   Soundcard: built in   Case: Acer TravelMate 8573t   Screen: TN 768p

 

Game consoles:

PS4 slim glacier white 500 gb, PS4 FTP Special Edition 500 gb, Xbox, 3 DS lites, DSI XL, Gameboy Advanced Color, PS Vita v2, Wii, PS3 500 gb

Link to post
Share on other sites

oh great... hopefully there is a way to block this software side


I spent $2500 on building my PC and all i do with it is play MTGA & watch anime at 720p...

Builds:

The Toaster Project! Northern Bee! The Cassette Deck!

 

The original LAN PC build log! (Old, dead and replaced by The Toaster Project & 5.0)

Spoiler

"Here is some advice that might have gotten lost somewhere along the way in your life. 

 

#1. Treat others as you would like to be treated.

#2. It's best to keep your mouth shut; and appear to be stupid, rather than open it and remove all doubt.

#3. There is nothing "wrong" with being wrong. Learning from a mistake can be more valuable than not making one in the first place.

 

Follow these simple rules in life, and I promise you, things magically get easier. " - MageTank 31-10-2016

 

 

Link to post
Share on other sites

Great. I wonder if this can be patched at the OS level...?


<Make me a sandwich.> <No! Make it yourself!> <Sudo make me a sandwich.> <FINE.> What is scaling and how does it work? Asus PB287Q unboxing! Console alternatives :D  CoC F.A.Q Beginner's Guide To LTT (by iamdarkyoshi)

Sauron'stm Product Scores:

Spoiler

Just a list of my personal scores for some products, in no particular order, with brief comments. I just got the idea to do them so they aren't many for now :)

Don't take these as complete reviews or final truths - they are just my personal impressions on products I may or may not have used, summed up in a couple of sentences and a rough score. All scores take into account the unit's price and time of release, heavily so, therefore don't expect absolute performance to be reflected here.

 

-Lenovo Thinkpad X220 - [8/10]

Spoiler

A durable and reliable machine that is relatively lightweight, has all the hardware it needs to never feel sluggish and has a great IPS matte screen. Downsides are mostly due to its age, most notably the screen resolution of 1366x768 and usb 2.0 ports.

 

-Apple Macbook (2015) - [Garbage -/10]

Spoiler

From my perspective, this product has no redeeming factors given its price and the competition. It is underpowered, overpriced, impractical due to its single port and is made redundant even by Apple's own iPad pro line.

 

-OnePlus X - [7/10]

Spoiler

A good phone for the price. It does everything I (and most people) need without being sluggish and has no particularly bad flaws. The lack of recent software updates and relatively barebones feature kit (most notably the lack of 5GHz wifi, biometric sensors and backlight for the capacitive buttons) prevent it from being exceptional.

 

-Microsoft Surface Book 2 - [Garbage - -/10]

Spoiler

Overpriced and rushed, offers nothing notable compared to the competition, doesn't come with an adequate charger despite the premium price. Worse than the Macbook for not even offering the small plus sides of having macOS. Buy a Razer Blade if you want high performance in a (relatively) light package.

 

-Intel Core i7 2600/k - [9/10]

Spoiler

Quite possibly Intel's best product launch ever. It had all the bleeding edge features of the time, it came with a very significant performance improvement over its predecessor and it had a soldered heatspreader, allowing for efficient cooling and great overclocking. Even the "locked" version could be overclocked through the multiplier within (quite reasonable) limits.

 

-Apple iPad Pro - [5/10]

Spoiler

A pretty good product, sunk by its price (plus the extra cost of the physical keyboard and the pencil). Buy it if you don't mind the Apple tax and are looking for a very light office machine with an excellent digitizer. Particularly good for rich students. Bad for cheap tinkerers like myself.

 

 

Link to post
Share on other sites

Wifi.


CPU: 9900k @ 5.35ghz Motherboard: Z390 Aorus Xtreme GPU: EVGA 2080ti FTW3 + HYDROCOPPER @ 2190Mhz RAM: 16GB Vengeance RGB 3600CL17 PSU: 850P2

COOLING: Bent Glass Loop CASE: 900D

Link to post
Share on other sites

I wonder if there are similar vulnerabilities in their ethernet chips. Far harder to actually even start an attack not being wireless, but still....


"We also blind small animals with cosmetics.
We do not sell cosmetics. We just blind animals."

 

"Please don't mistake us for Equifax. Those fuckers are evil"

 

This PSA brought to you by Equifacks.
PMSL

Link to post
Share on other sites

Well shit there better be some way you can patch this via software


Make sure to quote me or tag me when responding to me, or I might not know you replied! Examples:

 

Do this:

Quote

And make sure you do it by hitting the quote button at the bottom left of my post, and not the one inside the editor!

Or this:

@DocSwag

 

Buy whatever product is best for you, not what product is "best" for the market.

 

I seem to like any products who have the same software and hardware maker, as long as it's not Apple. Weird. I like the Surface Book and the Pixel phones, but most definitely don't want an iPhone (I'm not saying they're bad, though).

 

Interested in computer architecture? Still in middle or high school? P.M. me!

 

I love computer hardware and feel free to ask me anything about that (or phones). I especially like SSDs. But please do not ask me anything about Networking, programming, command line stuff, or any relatively hard software stuff. I know next to nothing about that.

 

Compooters:

Spoiler

Desktop:

Spoiler

CPU: i7 6700k, CPU Cooler: be quiet! Dark Rock Pro 3, Motherboard: MSI Z170a KRAIT GAMING, RAM: G.Skill Ripjaws 4 Series 4x4gb DDR4-2666 MHz, Storage: SanDisk SSD Plus 240gb + OCZ Vertex 180 480 GB + Western Digital Caviar Blue 1 TB 7200 RPM, Video Card: EVGA GTX 970 SSC, Case: Fractal Design Define S, Power Supply: EVGA Supernova G1 650 watt (soon to be Seasonic Focus+ Gold 650w Yay!), Keyboard: Logitech G710+, Mouse: Logitech G502 Proteus Spectrum, Headphones: Creative Fata1ty, Monitor: LG 29um67 (2560x1080 75hz freesync)

Home Server:

Spoiler

CPU: Pentium G4400, CPU Cooler: Stock, Motherboard: MSI h110l Pro Mini AC, RAM: Hyper X Fury DDR4 1x8gb 2133 MHz, Storage: PNY CS1311 120gb SSD + two Segate 4tb HDDs in RAID 1, Video Card: Does Intel Integrated Graphics count?, Case: Fractal Design Node 304, Power Supply: Seasonic 360w 80+ Gold, Keyboard+Mouse+Monitor: Does it matter?

Laptop (I use it for school):

Spoiler

Surface book 2 13" with an i7 8650u, 8gb RAM, 256 GB storage, and a GTX 1050

And if you're curious (or a stalker) I have a Just Black Pixel 2 XL 64gb

 

Link to post
Share on other sites

the virgin wifi: slow, unsecure, prone to interference, only losers and NPCs use it 

 

VS

 

the chad ethernet cable: fast, secure, interferences are afraid of it, only the wisest people use it no matter the length


ASUS X470-PRO • R7 1700 4GHz • Corsair H110i GT P/P • 2x MSI RX 480 8G • Corsair DP 2x8 @3466 • EVGA 750 G2 • Corsair 730T • Crucial MX500 250GB • WD 4TB

Link to post
Share on other sites
40 minutes ago, aezakmi said:

the virgin wifi: slow, unsecure, prone to interference, only losers and NPCs use it 

 

VS

 

the chad ethernet cable: fast, secure, interferences are afraid of it, only the wisest people use it no matter the length

The Virgin Ethernet cable:

Very clingy and attatched

Probably just as good 

Can’t be used by everyone

Comes with router (no one wants additional commitment)

Used by old people and GaM3Rz

 

Chad 4G LTE

Everywhere 

Unlimited and cheap 

Fasterrrrrrr

No cable no stress

The Future 

 

 


Toasted Muesli Specs: Rolled Oats | Desiccated Coconut | Sunflower Seeds | Chopped Brazil Nuts | Sultanas | Chopped Dried Apricots | Cinnamon | Nutmeg

Link to post
Share on other sites
12 hours ago, aezakmi said:

only the wisest people use it no matter the length

Image result for man of culture meme


Gaming Mouse Buying Guide (Technical Terms,Optical vs Laser,Mice Recommendation,Popular Mouse Sensor,Etc)

[LOGITECH G402 REVIEW]

I love Dark Souls lore, Mice and Milk tea  ^_^ Praise The Sun! \[T]/

 

 

 

I can conquer the world with one hand,As long as you hold the other -Unknown

Its better to enjoy your own company than expecting someone to make you happy -Mr Bean

No one is going to be with you forever,One day u'll have to walk alone -Hiromi aoki (avery)

BUT the one who love us never really leave us,You can always find them here -Sirius Black

Don't pity the dead,Pity the living and above all those who live without love -Albus Dumbledore

 

 

Link to post
Share on other sites
12 hours ago, RorzNZ said:

The Virgin Ethernet cable:

Very clingy and attatched

Probably just as good 

Can’t be used by everyone

Comes with router (no one wants additional commitment)

Used by old people and GaM3Rz

 

Chad 4G LTE

Everywhere 

Unlimited and cheap 

Fasterrrrrrr

No cable no stress

The Future 

 

 

Ethernet

It just works.. 

Link to post
Share on other sites
25 minutes ago, Brooksie359 said:

Ethernet

It just works.. 

So does all of these unless you have something from 2005


Toasted Muesli Specs: Rolled Oats | Desiccated Coconut | Sunflower Seeds | Chopped Brazil Nuts | Sultanas | Chopped Dried Apricots | Cinnamon | Nutmeg

Link to post
Share on other sites
7 minutes ago, RorzNZ said:

So does all of these unless you have something from 2005

Not really. There are many things that can interfere with a wireless signal like walls and overcongestion. If you have an Ethernet cable plugged in it just works. I have dealt with a ton issues with trying to get wireless to work properly and not just randomly go down. I have yet to run into issues when using Ethernet because there are less things that can go wrong.     

Link to post
Share on other sites
40 minutes ago, Brooksie359 said:

Not really. There are many things that can interfere with a wireless signal like walls and overcongestion. If you have an Ethernet cable plugged in it just works. I have dealt with a ton issues with trying to get wireless to work properly and not just randomly go down. I have yet to run into issues when using Ethernet because there are less things that can go wrong.     

It’s all plug and play now IDK what trouble you have lol, especially with fiber.


Toasted Muesli Specs: Rolled Oats | Desiccated Coconut | Sunflower Seeds | Chopped Brazil Nuts | Sultanas | Chopped Dried Apricots | Cinnamon | Nutmeg

Link to post
Share on other sites
1 minute ago, RorzNZ said:

It’s all plug and play now IDK what trouble you have lol, especially with fiber.

It's funny how you mention it is plug and play because that is why I like Ethernet. It's literally plug and play and is kinda what the term comes from. Wireless doesn't have issues when in ideal scenarios but I have often found myself in nonideal scenarios. Have had fantastic wireless connections just up and stop working for 10 mins for no apparent reason then work normally again all the time at college. Never had that issue when I used the Ethernet in my dorm. I used to have a brick wall between my desktop and my router making wireless impossible and had to use Ethernet. I have had driver issues with wireless cards quite often but have never had issues with Ethernet drivers. 

Link to post
Share on other sites
2 hours ago, Brooksie359 said:

It's funny how you mention it is plug and play because that is why I like Ethernet. It's literally plug and play and is kinda what the term comes from. Wireless doesn't have issues when in ideal scenarios but I have often found myself in nonideal scenarios. Have had fantastic wireless connections just up and stop working for 10 mins for no apparent reason then work normally again all the time at college. Never had that issue when I used the Ethernet in my dorm. I used to have a brick wall between my desktop and my router making wireless impossible and had to use Ethernet. I have had driver issues with wireless cards quite often but have never had issues with Ethernet drivers. 

Oh yeah nah that’s college WiFi, it’s always cabbage. If you get your own router it’s only a banana setup. 


Toasted Muesli Specs: Rolled Oats | Desiccated Coconut | Sunflower Seeds | Chopped Brazil Nuts | Sultanas | Chopped Dried Apricots | Cinnamon | Nutmeg

Link to post
Share on other sites
3 minutes ago, RorzNZ said:

Oh yeah nah that’s college WiFi, it’s always cabbage. If you get your own router it’s only a banana setup. 

If you have your own router and everywhere in your house has a good signal to that router it works but again that isn't always the case. 

Link to post
Share on other sites
2 hours ago, Brooksie359 said:

Not really. There are many things that can interfere with a wireless signal like walls and overcongestion. If you have an Ethernet cable plugged in it just works. I have dealt with a ton issues with trying to get wireless to work properly and not just randomly go down. I have yet to run into issues when using Ethernet because there are less things that can go wrong.     

Ethernet also suffers from interference and range issues. Proper planning solves both Wifi and Ethernet issues.


PSU Tier List | CoC

Gaming Build | FreeNAS Server

Spoiler

i5-4690k || Seidon 240m || GTX780 ACX || MSI Z97s SLI Plus || 8GB 2400mhz || 250GB 840 Evo || 1TB WD Blue || H440 (Black/Blue) || Windows 10 Pro || Dell P2414H & BenQ XL2411Z || Ducky Shine Mini || Logitech G502 Proteus Core

Spoiler

FreeNAS 9.3 - Stable || Xeon E3 1230v2 || Supermicro X9SCM-F || 32GB Crucial ECC DDR3 || 3x4TB WD Red (JBOD) || SYBA SI-PEX40064 sata controller || Corsair CX500m || NZXT Source 210.

Link to post
Share on other sites
1 minute ago, 79wjd said:

Ethernet also suffers from interference and range issues. Proper planning solves both Wifi and Ethernet issues.

I have never had interference issues or range issues with Ethernet. You can't fix having a room with brick walls and wireless signals just don't go threw them. 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×