kkamagui / napper-for-tpm

TPM vulnerability checking tool for CVE-2018-6622. This tool will be published at Black Hat Asia 2019 and Black Hat Europe 2019
Other
100 stars 20 forks source link

Segfault in tpm2_listpcrs #8

Open customautosys opened 2 years ago

customautosys commented 2 years ago

Napper v1.3 for checking a TPM and Intel PTT vulnerability, CVE-2018-6622 and unknown CVE Made by Seunghun Han, https://kkamagui.github.io Project link: https://github.com/kkamagui/napper-for-tpm

Checking TPM version for testing. [] Checking TPM version... Intel PTT. [] Your system has TPM v2.0, and vulnerability checking is needed.

Preparing for sleep. [] Checking the TPM vulnerability testing module... Running. [] Ready to sleep! Please press "Enter" key. [*] After sleep, please press "Enter" key again to wake up.

[*] Waking up now. Please wait for a while. . . . . . . . . . . 
[*] Checking the resource manager process... Running.

Segmentation fault (core dumped) [*] Reading PCR values of TPM and checking a vulnerability...

sudo dmesg |tail [ 4552.923732] wlo1: send auth to 2c:ba:ba:8c:2b:e0 (try 1/3) [ 4552.953995] wlo1: authenticated [ 4552.958414] wlo1: associate with 2c:ba:ba:8c:2b:e0 (try 1/3) [ 4553.062365] wlo1: associate with 2c:ba:ba:8c:2b:e0 (try 2/3) [ 4553.073414] wlo1: RX AssocResp from 2c:ba:ba:8c:2b:e0 (capab=0x1511 status=0 aid=2) [ 4553.077872] wlo1: associated [ 4553.088820] wlo1: Limiting TX power to 24 (24 - 0) dBm as advertised by 2c:ba:ba:8c:2b:e0 [ 4554.062742] IPv6: ADDRCONF(NETDEV_CHANGE): wlo1: link becomes ready [ 4559.634200] tpm2_listpcrs[188147]: segfault at 556b3dcc2000 ip 0000556b3dcb2fa7 sp 00007ffc1918f668 error 4 in tpm2_listpcrs[556b3dcb2000+5000] [ 4559.634210] Code: 41 b8 01 00 00 00 31 c0 0f 1f 00 89 c1 45 89 c1 89 c6 83 c0 01 83 e1 07 c1 ee 03 41 d3 e1 44 09 ca 88 54 37 07 89 c2 c1 ea 03 <0f> b6 54 17 07 eb da 66 90 f3 0f 1e fa 44 8b 15 55 80 00 00 c7 05