GitBucket
Newer
Ajax Dong
/** @file
PasswordCheck.h -- Header for PasswordCheck
Copyright (c) HR650X BIOS Decompilation Project
**/
#ifndef __PASSWORDCHECK_H__
#define __PASSWORDCHECK_H__
#include "../uefi_headers/Uefi.h"
//
// Function Prototypes
//
EFI_STATUS
EFIAPI
StringLengthInChars(
VOID
);
EFI_STATUS
EFIAPI
ModuleEntryPoint(
VOID
);
EFI_STATUS
EFIAPI
DateTimeToEpochSeconds(
VOID
);
EFI_STATUS
EFIAPI
GetMinPasswordLength(
VOID
);
EFI_STATUS
EFIAPI
CheckTimeLockout(
VOID
);
EFI_STATUS
EFIAPI
CheckPasswordHistory(
VOID
);
EFI_STATUS
EFIAPI
SavePasswordWithHistory(
VOID
);
EFI_STATUS
EFIAPI
GetRemainingLockoutDays(
VOID
);
EFI_STATUS
EFIAPI
GetRemainingLockoutMinutes(
VOID
);
EFI_STATUS
EFIAPI
GetRemainingVerifyCount(
VOID
);
EFI_STATUS
EFIAPI
ManageVerifyCounters(
VOID
);
EFI_STATUS
EFIAPI
DebugPrint(
VOID
);
EFI_STATUS
EFIAPI
DebugAssertPrint(
VOID
);
EFI_STATUS
EFIAPI
ReadUnaligned64(
VOID
);
EFI_STATUS
EFIAPI
CompareGuid(
VOID
);
EFI_STATUS
EFIAPI
CheckCmosReset(
VOID
);
EFI_STATUS
EFIAPI
variables (from .data section at 0x1B60-0x1C40)(
VOID
);
EFI_STATUS
EFIAPI
gImageHandle = NULL; // 0x1BF8(
VOID
);
EFI_STATUS
EFIAPI
EFI_BOOT_SERVICES *gBS = NULL; // 0x1BF0(
VOID
);
EFI_STATUS
EFIAPI
EFI_BOOT_SERVICES *BootServices_0 = NULL; // 0x1C18(
VOID
);
EFI_STATUS
EFIAPI
EFI_RUNTIME_SERVICES *RuntimeServices_0 = NULL; // 0x1C20(
VOID
);
EFI_STATUS
EFIAPI
VOID *gDebugProtocol = NULL; // 0x1C08(
VOID
);
EFI_STATUS
EFIAPI
interface installed by this module (off_1BA0 / unk_1B90)(
VOID
);
EFI_STATUS
EFIAPI
actual interface data lives at 0x1BA0 in the binary(
VOID
);
EFI_STATUS
EFIAPI
used for password-related UEFI variables (unk_1B80)(
VOID
);
EFI_STATUS
EFIAPI
for the protocol installed by this module (unk_1B90)(
VOID
);
EFI_STATUS
EFIAPI
for HOB list lookup (unk_1B70)(
VOID
);
EFI_STATUS
EFIAPI
for debug protocol lookup (unk_1B60)(
VOID
);
EFI_STATUS
EFIAPI
in each month (index 1-12)(
VOID
);
EFI_STATUS
EFIAPI
const UINT8 gDaysInMonth[13] = {(
VOID
);
EFI_STATUS
EFIAPI
declarations of internal helpers(
VOID
);
EFI_STATUS
EFIAPI
entry point(
VOID
);
EFI_STATUS
EFIAPI
global service table pointers(
VOID
);
EFI_STATUS
EFIAPI
= (UINT64)ImageHandle;(
VOID
);
EFI_STATUS
EFIAPI
the HOB list(
VOID
);
EFI_STATUS
EFIAPI
local copies of the service tables(
VOID
);
EFI_STATUS
EFIAPI
= 0;(
VOID
);
EFI_STATUS
EFIAPI
the password check protocol(
VOID
);
EFI_STATUS
EFIAPI
= BootServices->InstallProtocolInterface((
VOID
);
EFI_STATUS
EFIAPI
if the target year is a leap year(
VOID
);
EFI_STATUS
EFIAPI
(((Year & 3) == 0) &&(
VOID
);
EFI_STATUS
EFIAPI
seconds per full year from 2000 up to (but not including) Year(
VOID
);
EFI_STATUS
EFIAPI
(Y = BASE_YEAR; Y < Year; Y++) {(
VOID
);
EFI_STATUS
EFIAPI
} else {(
VOID
);
EFI_STATUS
EFIAPI
}(
VOID
);
EFI_STATUS
EFIAPI
seconds per completed month(
VOID
);
EFI_STATUS
EFIAPI
(M = 1; M < Month; M++) {(
VOID
);
EFI_STATUS
EFIAPI
the day/hour/minute/second within the current month.(
VOID
);
EFI_STATUS
EFIAPI
formula matches the decompiled binary exactly:(
VOID
);
EFI_STATUS
EFIAPI
+= (UINT64)(SECONDS_PER_HOUR * Hour - SECONDS_PER_HOUR)(
VOID
);
EFI_STATUS
EFIAPI
policy enforcement functions(
VOID
);
EFI_STATUS
EFIAPI
components for the "Setup" variable (from decompilation)(
VOID
);
EFI_STATUS
EFIAPI
AttributeGuid[2] = 0x3E414D61; // 1044374945(
VOID
);
EFI_STATUS
EFIAPI
-((UINT64)(StringLengthInChars(Password) < MinLength) & PASSWORD_STATUS_NOT_FOUND_RET);(
VOID
);
EFI_STATUS
EFIAPI
the Setup variable to get max lockout days(
VOID
);
EFI_STATUS
EFIAPI
= VAR_DATA_SETUP_SIZE;(
VOID
);
EFI_STATUS
EFIAPI
max lockout days based on password type(
VOID
);
EFI_STATUS
EFIAPI
= (PasswordType == PASSWORD_TYPE_PAP)(
VOID
);
EFI_STATUS
EFIAPI
the timestamp variable(
VOID
);
EFI_STATUS
EFIAPI
= VAR_DATA_TIMESTAMP_SIZE;(
VOID
);
EFI_STATUS
EFIAPI
current time via GetTime (RuntimeServices+24 = offset 0x18 = GetTime)(
VOID
);
EFI_STATUS
EFIAPI
= gRT->GetTime(&CurrentTime, NULL);(
VOID
);
EFI_STATUS
EFIAPI
(now - saved) / 3600 < MaxLockoutDays, we are still in lockout(
VOID
);
EFI_STATUS
EFIAPI
-((UINT64)((EpochNow - EpochSaved) / SECONDS_PER_HOUR < MaxLockoutDays)(
VOID
);
EFI_STATUS
EFIAPI
the Setup variable to get the history count(
VOID
);
EFI_STATUS
EFIAPI
the password history variable(
VOID
);
EFI_STATUS
EFIAPI
= VAR_DATA_HISTORY_SIZE;(
VOID
);
EFI_STATUS
EFIAPI
each 40-byte history entry, comparing the password(
VOID
);
EFI_STATUS
EFIAPI
the password string against this entry(
VOID
);
EFI_STATUS
EFIAPI
= Password;(
VOID
);
EFI_STATUS
EFIAPI
found(
VOID
);
EFI_STATUS
EFIAPI
we broke early (EntryIndex < HistoryCount), password was reused.(
VOID
);
EFI_STATUS
EFIAPI
-((UINT64)(EntryIndex < HistoryCount) & PASSWORD_STATUS_NOT_FOUND_RET);(
VOID
);
EFI_STATUS
EFIAPI
password => delete the timestamp variable(
VOID
);
EFI_STATUS
EFIAPI
(*Password == 0) {(
VOID
);
EFI_STATUS
EFIAPI
existing history(
VOID
);
EFI_STATUS
EFIAPI
= L"PapSaveHistory";(
VOID
);
EFI_STATUS
EFIAPI
decompiled code shifts history entries by 40 bytes (one entry)(
VOID
);
EFI_STATUS
EFIAPI
that the oldest entry is discarded and slot 0 is free.(
VOID
);
EFI_STATUS
EFIAPI
((INT64)Status >= 0) {(
VOID
);
EFI_STATUS
EFIAPI
password length (in characters)(
VOID
);
EFI_STATUS
EFIAPI
out the first entry slot, then copy the password into it(
VOID
);
EFI_STATUS
EFIAPI
updated history back (SET_VARIABLE, Attributes=3 = NV+BS)(
VOID
);
EFI_STATUS
EFIAPI
= RuntimeServices_0->RT->SetVariable((
VOID
);
EFI_STATUS
EFIAPI
current time and save as timestamp(
VOID
);
EFI_STATUS
EFIAPI
SaveTime;(
VOID
);
EFI_STATUS
EFIAPI
save timestamp(
VOID
);
EFI_STATUS
EFIAPI
Setup variable for max lockout days(
VOID
);
EFI_STATUS
EFIAPI
current time(
VOID
);
EFI_STATUS
EFIAPI
HaltStamp(
VOID
);
EFI_STATUS
EFIAPI
Setup variable(
VOID
);
EFI_STATUS
EFIAPI
lockout minutes from offset 0x1A in Setup variable(
VOID
);
EFI_STATUS
EFIAPI
= *(UINT16 *)&SetupBuf[0x1A];(
VOID
);
/// delete HaltStamp
EFI_STATUS
EFIAPI
has elapsed(
VOID
);
EFI_STATUS
EFIAPI
current verify count(
VOID
);
EFI_STATUS
EFIAPI
max verify count(
VOID
);
EFI_STATUS
EFIAPI
mode: delete the verify counter variable(
VOID
);
EFI_STATUS
EFIAPI
= L"PapVerifyCnt";(
VOID
);
EFI_STATUS
EFIAPI
mode: read Setup variable(
VOID
);
EFI_STATUS
EFIAPI
current count(
VOID
);
EFI_STATUS
EFIAPI
against max(
VOID
);
EFI_STATUS
EFIAPI
limit: save incremented count(
VOID
);
EFI_STATUS
EFIAPI
limit: record HaltStamp(
VOID
);
EFI_STATUS
EFIAPI
reset counter to 0 after processing(
VOID
);
EFI_STATUS
EFIAPI
helper / library functions(
VOID
);
EFI_STATUS
EFIAPI
before calling LocateProtocol. BootServices+0x18 = AllocatePages(
VOID
);
EFI_STATUS
EFIAPI
is <= 0x10 pages, it proceeds with LocateProtocol.(
VOID
);
EFI_STATUS
EFIAPI
exact pattern in the binary (from survey: no imports) suggests this(
VOID
);
EFI_STATUS
EFIAPI
a debug/production-build discriminator baked into the assert library.(
VOID
);
EFI_STATUS
EFIAPI
probe: gBS->AllocatePages(AllocateMaxAddress, EfiBootServicesData, 1, &Address)(
VOID
);
EFI_STATUS
EFIAPI
gBS->FreePages(Address). If the returned page count <= 0x10 (64KB)(
VOID
);
EFI_STATUS
EFIAPI
system is in a "debug" configuration and the protocol is located.(
VOID
);
EFI_STATUS
EFIAPI
pattern matches the EDK2 DebugLib initialization sequence.(
VOID
);
EFI_STATUS
EFIAPI
bit 7 of CMOS address port, then select register 0x4B(
VOID
);
EFI_STATUS
EFIAPI
= IoRead8(CMOS_ADDRESS_PORT);(
VOID
);
EFI_STATUS
EFIAPI
value > 3 and non-zero, the system may be in a specific reset state.(
VOID
);
EFI_STATUS
EFIAPI
value == 0, read from a memory-mapped IO register to determine state.(
VOID
);
EFI_STATUS
EFIAPI
((UINT8)RegValue > 3) {(
VOID
);
EFI_STATUS
EFIAPI
range check(
VOID
);
EFI_STATUS
EFIAPI
((UINT8)(RegValue - 1) > 0xFD) {(
VOID
);
EFI_STATUS
EFIAPI
static data referenced by the module(
VOID
);
EFI_STATUS
EFIAPI
following data items reside in the binary at the specified offsets:(
VOID
);
#endif /* __PASSWORDCHECK_H__ */