Time Authenticated EFI Variable

I’m setting up custom secure boot keys on an Asus Z87I-Deluxe motherboard. On other computers I’ve setup with secure boot, I’ve been able to either write the PK, KEK, and DB keys into the EFI variables via the /sys/firmware/efi/efivars filesystem or I’ve been able to load them in via the BIOS menu. I’ve always used DER encoded x509 certificates.

On this board, I’m able to write to the PK, KEK, and DB keys in both manners and read the variables back after a reboot. However, the computer will not boot a signed UEFI image. It doesn’t give any errors, it just drops you back at the UEFI menu each time you select the boot device. I’ve verified the UEFI signature with sbverify successfully.

 $   for file in PK KEK DB; do                                                                                                          sudo openssl x509 -inform DER -in /root/secure-boot/$  file.cer -outform PEM \       | sudo openssl verify -CAfile /root/secure-boot/$  file.crt   done stdin: OK stdin: OK stdin: OK  $   efibootmgr --verbose BootCurrent: 0000 Timeout: 1 seconds BootOrder: 0000,0001,0002,0003 Boot0000* linux HD(1,GPT,12684b61-8989-4df2-bc61-c2d7c6d640d0,0x800,0x64001)/File(\EFI\linux.efi)   $   sudo sbverify --cert=/root/secure-boot/DB.crt /boot/EFI/linux.efi warning: data remaining[24749608 vs 24759224]: gaps between PE/COFF sections? Signature verification OK 

The user manual for the Z87I mentions that when loading the variables in via the BIOS menu, they must be formatted as “a UEFI variable structure with time-based authenticated variable” (section 8.2.2, I presume?).

I’ve never seen another BIOS that requires such a thing and I’m not aware of any software that can generate the required format.

Am I interpreting this correctly? I’ve tried writing straight DER and PEM files without any success.

get_user can’t read variable

I have this little routine to find the user_id based on a usermeta field..

$  scaleData = json_decode($  reading, TRUE); $  deviceid = $  scaleData["imei"]; echo $  deviceid; // check to confirm is working. Yup  $  WhoIsUser = get_users(   array(    'meta_key' => 'deviceid',    'meta_value' => '$  deviceid'  ) );  $  CurrentUser = $  WhoIsUser[0]->ID; echo $  CurrentUser; //returns nothing 

But if I switch ‘meta_value’ => 45455 (iow a known device number) it returns the ID no problem. I’ve tried both $ deviceid and ‘$ deviceid’ What am I missing?

What is this “prepare” variable used for in this SEH based buffer overflow payload?

I am trying to understand how a SEH based buffer overflow is working and I have to write a paper about how an exploit works. I took this PoC for my paper.

junk = "\x41" * 4091  nseh = "\x61\x62" seh  = "\x57\x42"           # Overwrite Seh # 0x00420057 : {pivot 8}  prepare =  "\x44\x6e\x53\x6e\x58\x6e\x05" prepare += "\x14\x11\x6e\x2d\x13\x11\x6e\x50\x6d\xc3" prepare += "\x41" * 107; ... 

I don’t really understand how it’s jumping over the next SEH.

  • What is \x61\x62 used for in the nseh variable?
  • What is the prepare variable used for?
  • How is it jumping to the shellcode?

I already understand that the \x57\x42 is used as a pointer to target a pop pop ret to trigger a second error but I am stuck after that…

python time since epoch hacking system variable

I am trying to figure out whether it’s safe to let a payed software check its own license date validity using the client’s computer

the way this is done is by invoking time.time() function from python and comparing it to the hashed license expiry date. if the time.time() returns anything after the expiry date than the software throws a license expired error.

The concern I have is whether it’s possible for someone to change some system variables and get time.time() function return a different difference since epoch than the real actual one.

thanks

When computing asymptotic time complexity, can a variable dominate over other?

I want to express the asymptotic time complexity for the worst case scenario of sorting a list of $ n$ strings, each string of length $ k$ letters. Using merge-sort, sorting a list of $ n$ elements requires $ O(n\log n)$ . Comparing two strings of length $ k$ has a cost of $ O(k)$ . Therefore, the cost would be $ O(kn\log n)$ .

However, I know some restrictions about $ k$ and $ n$ due to the nature of the problem. In particular, I know that for any list, $ 0 \lt k \leq 20$ , and $ 0 \lt n \leq 80000$ . In other words, the number of words in a list might vary in a much larger range than the length of the words.

In that case, would it be correct to say that $ n$ dominates over $ k$ and therefore the cost could be expressed as $ O(n\log n)$ ? Or does the fact that we are discussing asymptotic costs make those restriction meaningless (as we are describing how the algorithm is impacted by the growth of each variable, regardless of how much they can actually grow)? In general, if two variables are independent, is it possible to dismiss one of them from the asymptotic cost under certain circumstances?

Unity Serialize IConvertible variable

How can i Serialize IConvertible variable to show up in the inspector? As it now, i can only see the string name. But not the value.

[SerializeField] public List<CStats> stats = new List<CStats>();  [System.Serializable] public class CStats {     [SerializeField]     public string name = String.empty;     [SerializeField]     public IConvertible value = null;      public CStats(string name, IConvertible value)     {         this.name = name;         this.value = value;     } } 

Is it safe to save a user’s email into php session variable for later use?

I’m in the process of creating a password reset functionality for my project. I currently have my website send a password reset link to the user’s email if they request it and validates the link properly when clicked (checks for selector and validator tokens and not expired) before displaying the form to create a new password. The problem I’m having is finding a way to updating the correct user’s password in the database once they submit the new password. One method I have thought of to achieving this, is to get the email associated with the matched selector and validator tokens in my password reset database table and storing it into a session variable so it can be accessed by another php file to update that user’s password in my users database table. I’m wondering if this approach has any security risks to the user or is it a valid method?

Woocommerce Variable Product – Show ‘Sale!’ Flash

I’m trying to get the woocommerce sales flash to appear when a variable product is on sale.

It seems that woocommerce have done this on purpose, because if for example, a variable product has small, medium and large sizes and only one is on sale, a sale flash would appear on the archive page or single product page which could potentially cause confusion for the user when they select a variation only to see that it’s not on sale.

I have a project I’m working on where the client wants the sale flash to display even if one variation is on sale. I feel like I’m missing something here…

Any help is appreciated