EC HACKING

EC HACKING: Recently, I stumbled upon a cool write-up by [DHowett], about reprogramming a Framework laptop’s Embedded Controller (EC). He shows us how to reuse the Caps Lock LED, instead of making it indicate the F1-F12 key layer state – also known as “Fn lock”, AKA, “Does your F1 key currently work as F1, or does it regulate volume”. He walks us through adding custom code to your laptop’s EC firmware and integrates it properly into the various routines the EC runs.

The EC that the Framework uses is a MEC1521 chip from Microchip, and earlier this year, they open-sourced the firmware for it. Now, there’s a repository of microcontroller code that you can compile yourself, and flash your Framework laptop’s motherboard with. In a comment section of HackerNews, a Framework representative has speculated that you could add GPIOs to a Framework motherboard through EC firmware hacking.

Wait… Microcontroller code? GPIOs? This brings us to the question – what is the EC? To start with, it’s just a microcontroller. You can find an EC in every x86 computer, including laptops, managing your computer’s lower-level functions like power management, keyboard, touchpad, battery, and a slew of other things. In Apple land, you might know them as SMC, but their function is the same.

Ethical Hacking Certification Course Overview

Why have we not been reprogramming our ECs all this time? That’s a warranted question, too, and I will tell you all about it.

WHAT’S THE EC’S JOB?

The EC controls a whole bunch of devices in your laptop. Not devices connected to USB, LVDS/eDP, or PCIe, because those would fall within the purview of the chipset. Instead, these are devices like power switches, the charger chip, and various current monitors, since these have to work correctly even when the chipset and CPU are powered off. But of course, it’s not just power management – there are a whole lot of things in a laptop you need GPIOs for.

The EC of a EEE PC 701. This one even has some extra signals for media buttons that were left out in the hardware!

Generally, anything that you’d control with a digitalWrite or monitor using a digitalRead, measure through an ADC, or talk to using I2C – these are things handled by the EC. Thus, the EC reads battery state and charger voltages, drives the fans with PWM, and takes temperature measurements from various sensors. The laptop keyboard is a key matrix, and the EC scans that matrix and processes key presses, forwarding the key events to the chipset that your OS then reads. Whether your touchpad is PS/2 or I2C, the EC handles it and exposes it to the OS, too.

Certified Ethical Hacker: CEH Certification guide

Your laptop’s power button is connected directly to the EC. As a result, your EC is the first thing to get powered on; and if a broken laptop of yours does not react to the power button, it means the EC can’t do its power management job for whatever reason. If you check Framework laptop’s recently published reduced schematics, you’ll see that the EC has its separate power rail coming directly from the battery.

How does it even talk to the chipset? For about two decades, ECs have been using the LPC bus – a four-bit wide bus superficially resembling CSPI. Apart from ECs, it’s only really been used by TPMs in recent times. LPC uses frequencies from 25MHz to 100MHz. Thus, if you want to put a logic analyzer to your LPC signals and capture some packets, your typical cheapo 25Msps LA won’t do, but an off-the-shelf FPGA board or a way faster LA will work wonders, and there’s a pretty cool paper using LPC manipulation and an FPGA to extract keys from TPMs.

LPC is about two decades old, and is a direct successor to the ISA bus – in fact, in some laptop schematics from 2003 you’ll find the EC connected through ISA instead, but it’s all LPC beyond that. However, recent ECs talk eSPI instead, a CSPI-like interface meant to replace LPC, and the Framework EC talks ESPN, too.

Certified Ethical Hacker (CEH) Courses

OF COURSE, THERE’S FIRMWARE INVOLVED

Every EC has firmware, and every laptop (and desktop, and server!) has an EC. The EC firmware is nearly always closed-source. As such, the EC firmware is one of the binary blobs we tend to miss when talking about proprietary parts inside our computers. Often, the EC firmware is stored on the same SPI flash chip as the BIOS – other times, there’s a separate external or on-chip flash, in which case, you typically have a UART bootloader you can reflash your EC through. All of that depends on which specific manufacturer and model of the EC you have.

Often, your EC is built on something like ARM or 8051 architecture, other times it’s something more obscure like CompactRISC. The common thing is – at most, you’ll get a binary blob when it comes to your EC’s firmware. At some point, when Google got into the laptop business, a group of their engineers presumably said “enough”, and open-sourced their EC code – which is what Framework has been building on when it comes to their own EC firmware. Last year, System76 opened up their EC code, too. Unfortunately, the situation remains dire for other laptop manufacturers.

Could your EC get backdoored? Not likely – it tends to be harder to modify and update EC firmware than it is to do the same with BIOS images. Now, could you modify your EC’s behavior? It’s at least technically possible, and I’d argue that you should have always been able to do that.

Certified Ethical Hacker – CEH v10

SO, WHAT ABOUT HACKING?

Of course, with every subsystem of a laptop, you’ll find a subgroup of Thinkpad enthusiasts that have already dug deep and used it to pull off some fun and useful things. The EC is one such aspect, and they sure have something to offer – reprogramming keyboard layouts and removing battery locks, mainly. With keyboard layouts, they’ve managed to make older (and more superior) keyboards work with newer laptops, with a tutorial talking about how specifically you need to insulate certain pins and a super convenient way to flash the changes.

The battery part is more vital, however – you can more often than not live with a subpar keyboard, even on supposedly otherwise-stellar ThinkPads. The problem is the “genuine” battery check in the EC, which doesn’t let you charge (or even operate from) the battery if it doesn’t pass. This isn’t just limited to the third-party battery options, in case that’s what it sounds like – such checks also prohibit the use of Lenovo batteries that were just meant for a different kind of Thinkpad, but otherwise mechanically, electrically, and electronically perfectly suitable.

Certified Ethical Hacker (CEH v10) Training

There’s a video on how ThinkPad EC hacking unfolded, and I recommend you check that one out to see what’s up. Now, Lenovo didn’t seem to like that people were swapping keyboards and enabling the use of third-party batteries that Lenovo themselves stopped selling ‘genuine’ counterparts for anymore. So, at some point, they decided to close one of the most comfortable ways for EC firmware updating, and release a BIOS update citing “security improvements”. The relevant CVE says this:

A vulnerability was reported in various BIOS versions of older ThinkPad systems that could allow a user with administrative privileges or physical access the ability to update the Embedded Controller with unsigned firmware.

If you ask me, this description is bonkers. This sentence essentially means “the laptop’s owner can flash EC firmware not approved by Lenovo”. I do wonder what led to it and what the possible justification might be, but in the end, whatever the reason, it’s a distraction from what I believe. That is, updating the EC firmware on one’s laptop should be possible, and Lenovo closed a user-friendly way to do just that.

Also, without a doubt, not all manufacturers respect your right to repair when it comes to its. As an example, for almost a decade now, Dell has been shipping their laptops with ECs that have encrypted firmware, and keys fused inside the EC. This has been a particular problem for Dell laptop repair, as EC dies now and then. While you can buy a blank EC and reflow it in place of Dell’s dead one, it won’t have the decryption keys Dell flashes into the EC at the factory, and therefore won’t run Dell’s encrypted firmware. Modifications are off the table where – it’s not even possible to source a fitting replacement for the EC when your laptop is broken, even though the chips themselves are abundant.

Become a Web Application Hacking Expert With CEH (EC Council)

WHAT CAN YOU DO NOW?

Now three manufacturers have open-source firmware for ECs – Google, System76, and Framework. What could you do with this firmware, though? As with any underutilized area of hacking, it will take time to realize its full potential. Remapping keys is not the only thing – you could implement an 80% battery charge limit for cell longevity if your laptop’s manufacturer didn’t provide you with one, add extra layers to your laptop keyboard without any need for OS support, or maybe tweak your fan curves. Or, indeed, you could add some GPIOs inside your laptop, for whatever sensors or buttons your heart desires.

You can also fix bugs, which crop up in ECs now and then, and can be quite annoying to deal with – imagine keyboard keys getting stuck now and then, seemingly randomly, and that’s exactly what happens when you have an EC bug. Bug fixes or improvements, just like with any firmware currently closed to us, we won’t see a slew of cool hacks starting tomorrow, but there are cool things on the horizon when it comes to EC hacking.

Certified Ethical Hacker: CEH v11 – EC-Council

https://www.eccouncil.org › programs › certified-ethica

Certified Ethical Hacker (CEH) Certification. The CEH exam is a 4-hour exam with 125 multiple choice questions. This knowledge-based exam will test your skills 

‎About the CEH Exam · ‎CEH Master · ‎Take an Assessment

EC-Council: Certified Ethical Hacker | InfoSec Cyber Security 

https://www.eccouncil.org

EC-Council is a global leader in InfoSec Cyber Security certification programs like Certified Ethical Hacker and Computer Hacking Forensic Investigator.

Ethical Hacking Course | CEH Certification Online (EC-Council)

https://www.simplilearn.com › cyber-security › ceh-cert

In this online ethical hacking certification training, you will master advanced network packet analysis and system penetration testing techniques to build your …

 Rating: 4.5 · ‎3,361 reviews · ‎$2,299.00

13 Jun – 8 Jul

CEH v11 – Certified Ethical

17 Jun – 16 Jul

CEH v11 – Certified Ethical 

9 Jul – 7 Aug

CEH v11 – Certified Ethical 

Certified Ethical Hacker: CEH Certification guide

https://cybersecurityguide.org › programs › ceh

19-Oct-2021 — This guide is all about how to become a certified ethical hacker. … The EC-Council Certified Ethical Hacker Live Course is $2,999.

Certified Ethical Hacker (CEH) Training – Udemy

https://www.udemy.com › topic › ceh

Take a Certified Ethical Hacker CEH exam prep course on Udemy. Get ready for the exam with training and practice tests created by top-rated instructors.

What is Certified Ethical Hacker (CEH)?

Are there any prerequisites for CEH?

Certified Ethical Hacker – CEH v10 – EC Council

https://www.ecccoe.com 

Course Description. The Certified Ethical Hacker (C|EH v10) program is a trusted and respected ethical hacking training Program that any information 

Certified Ethical Hacker (CEH v10) Training – SpringPeople

https://www.springpeople.com › EC Council

SpringPeople is an Authorized Training Partner of EC Council. Get EC Council Certified Ethical Hacker (CEH v10) Training & Certification from Experts

Become a Web Application Hacking Expert With CEH (EC 

https://www.shahandanchor.com › cyber_security › cert

To celebrate EC Council 20th anniversary, Cyber Security Department , SAKEC is thrilled to announce that EC council Certified Ethical Hacker (C|EH) course …

About EC Council: EC-Council USA is the worl…

Last date of Registration: Registration closed

Brochure or Course Details: Certified Ethical H

EC Hacking: Your Laptop Has A Microcontroller | Hackaday

https://hackaday.com › 2022/06/07 › ec-hacking-your-l

3 hours ago — You can find an EC in every x86 computer, including laptops, managing your computer’s lower-level functions like power management, keyboard, 

EC-Council Certified Ethical Hacker (CEH) | CET Institute – ATT

https://www.cetinstitute.org › ec-council-certified-ethica

CEH is a comprehensive Ethical Hacking and Information Systems Security … This course prepares you for EC-Council Certified Ethical Hacker exam 312-50.

EC-Council | Certified Ethical Hacker – LinkedIn

https://www.linkedin.com › showcase › certified-ethical-h

EC-Council | Certified Ethical Hacker | 5304 followers on LinkedIn. To beat a hacker, you need to think like a hacker | The Most Comprehensive Ethical 

Certified Ethical Hacker v8 Certification Course Price in India 

https://www.flipkart.com › itmeywatxwadkwv3

Buy EC-Council Ethical Hacking: Certified Ethical Hacker v8 Certification Course for Rs. online. EC-Council Ethical Hacking: Certified Ethical Hacker v8 

Brand: EC-Council

Format: Voucher

Certified Ethical Hacker – Wikipedia

https://en.wikipedia.org › wiki › Certified_Ethical_Hac

Ethical hackers are employed by organizations to penetrate networks and computer systems with the purpose of finding and fixing security vulnerabilities. The EC 

Validity duration: 3 years

Focus: Ethical hacking

Issuing Organization: EC-Council

Certified Ethical Hacker

https://resources.infosecinstitute.com › certification › th

According to the EC-Council, “The Certified Ethical Hacker certification will fortify the application knowledge of security officers, auditors, security 

EC-Council | CEH | Certified Ethical Hacker – NC-Expert

https://www.nc-expert.com › class › e-council-certified

The CEH credential certifies individuals in the specific network security discipline of Ethical Hacking from a vendor-neutral perspective. Class Details. Class 

EC-Council Certified Ethical Hacker Training – GIS consulting

https://gisconsulting.in › programs › certified-ethical-ha

Reinforce ethical hacking as a unique and self-regulating profession. Expert Course Curriculum (3999). Introduction to Ethical Hacking. What is it in detail?

EC Council Certified Ethical Hacker v11 (CEH) e-Learning – QA

https://www.qa.com › course-catalogue › products › ec-

EC Council Certified Ethical Hacker v11 (CEH) e-Learning. Cyber Security. Book online today or, if you need help choosing the right course or would like to 

 

 

 

 

 

 

SOURCE URL

 

 

 

Leave a Reply

Your email address will not be published.