Year of Python (YOP) – Week Thirty Three

17Aug15

Hello Readers!

Well this week will be another short one, I’m on vacation right now, but I did write up a new script this week….however….

This one comes with a catch.  I currently don’t have any way to test it….

You may or may not have heard recently how Lenovo up until April of this last year was injecting software on to their Windows machines.  While most manufacturers do this, the uproar here was that they were doing it in such a way, where even if you wiped the device and did a clean install, the software would show up.  You can read more in the Ars Technica article here.

Unfortunately, this isn’t the first time that Lenovo has done this.

What was different this time around, is they were taking advantage of a Windows feature called Windows Platform Binary Table.  Which is essentially gives you the ability to inject a binary into Microsoft Windows via boot firmware.  One example of where you would see something like this is on machines that have Lojack for Laptops installed.

Now for this particular item, Microsoft does supply some documentation, which can be located here (or you can do a Google search to find it).

I decided this week to write quick script to parse out the first 49 bytes of the file, the only downside like I said in the beginning is I don’t have anything to test it against.

(so if anyone does have anything to test it against I’d appreciate the feedback…I’m sure a couple of the formats are wrong)

But basically following the documentation, the script opens up the file you point to, and then parses out the first 49 bytes.  Now currently there is more to the format than that, but without anything to check against it I can’t proceed any further.  Based on the documentation I would need to add some additional logic checks, but I need to see what the output looks like first.  Hopefully I’ll be able to update this at a later date….

Until next week!

https://github.com/CdtDelta/YOP

Advertisements


No Responses Yet to “Year of Python (YOP) – Week Thirty Three”

  1. Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: