Meloader: Linux i386 tool to load and execute Intel ME modules

[magnat]

Temporary link to associated CCC talk: https://streaming.media.ccc.de/36c3/relive/10694 (starts around 15:45 mark)

Proper recording will be available at https://media.ccc.de/c/36c3

[jakeogh]

https://cdn.c3voc.de/relive/36c3/10694/index.m3u8

[Fnoord]

https://media.ccc.de/v/36c3-10694-intel_management_engine_de...

[rwmj]

I guess ME modules are a kind of plugin for Intel's management engine: https://en.wikipedia.org/wiki/Intel_Management_Engine#Module... Could someone explain what kinds of things this loader could be used for?

[Karliss]

It is a loader for loading ME modules in an emulated environment not for loading new ME modules into existing Intel system.

It could be used for debugging and dynamic analysis of existing ME module code. Other use would be developing exploits for ME by providing an environment where they can be tested and debugged.

[rurban]

More like to replace privileged closed binary blobs with open and better code. To avoid possible bugs and backdoors.

[alex_anglin]

Probably to compromise computers - there have been more than a couple examples of CVEs related to the Intel Management Engine.

[incompleteness]

Does this work for unloading followed by summary execution?

It says it's useable for developing code for the CSME, does that take care of the whole thing or are there ROM areas left which cannot be worked around?

[znpy]

Fresh out of the CCC talk, congrats on the upvote points loot! :P