Logo
Project Icon

PSPTool

AMD安全处理器固件分析与处理工具

PSPToolAMDUEFI固件安全处理器Github开源项目

PSPTool是一款用于分析和处理AMD安全处理器(ASP)固件的开源工具。它能解析、提取和替换UEFI镜像中的AMD固件,并可处理UEFITool无法识别的二进制块。该工具提供命令行接口,支持列出固件条目、提取和替换固件组件等功能,便于进行AMD平台固件分析和修改。PSPTool基于对AMD专有文件系统的逆向工程,为研究人员和开发者提供了深入了解AMD安全处理器固件的有力工具。

访问官网访问官网GithubGithub论文论文
介绍相关项目

PSPTool

PSPTool is a Swiss Army knife for dealing with firmware of the AMD Secure Processor (ASP), formerly known as Platform Security Processor or PSP. It can parse, extract, and replace AMD firmware inside UEFI images as part of BIOS updates targeting AMD platforms.

It is based on reverse-engineering efforts of AMD's proprietary filesystem used to pack firmware blobs into UEFI Firmware Images. These are usually 16MB (or 8MB, or 32MB) in size and can be conveniently parsed by UEFITool. However, all binary blobs by AMD are located in padding volumes unparsable by UEFITool.

PSPTool favourably works with UEFI images as obtained through BIOS updates. If these updates are only available through Windows executables, tools like innoextract can help.

PSPTool was developed at TU Berlin in context of the following research:

Installation

You can either install PSPTool's latest release from PyPI,

pip3 install psptool

or install it freshly off GitHub:

git clone https://github.com/PSPReverse/PSPTool
cd PSPTool
pip3 install .

If you intend to make changes to the code and would like your installation to point to the latest changes, install it editable:

pip3 install -e .

Please note that the integration tests require ROM files from a private submodule (tests/integration/fixtures). If you would like to get access to these, contact us.

CLI Usage

PSPTool offers a range of features from the command line.

Example 1: List all firmware entries of a given BIOS ROM.

$ psptool Lenovo_Thinkpad_T495_r12uj35wd.iso
Click to expand output 
+-----+----------+-----------+----------+--------------------------------+
| ROM |   Addr   |    Size   |   FET    |             AGESA              |
+-----+----------+-----------+----------+--------------------------------+
|  0  | 0x24ab20 | 0x1000000 | 0x26ab20 | AGESA!V9 PicassoPI-FP5 1.0.0.3 |
+-----+----------+-----------+----------+--------------------------------+
+--+-----------+----------+------+-------+---------------------+
|  | Directory |   Addr   | Type | Magic | Secondary Directory |
+--+-----------+----------+------+-------+---------------------+
|  |     0     | 0x28bb20 | PSP  |  $PSP |       0x138000      |
+--+-----------+----------+------+-------+---------------------+
+--+---+-------+----------+---------+---------------------------------+----------+------------+----------------------------+
|  |   | Entry |  Address |    Size |                            Type | Magic/ID |    Version |                       Info |
+--+---+-------+----------+---------+---------------------------------+----------+------------+----------------------------+
|  |   |     0 | 0x28bf20 |   0x240 |              AMD_PUBLIC_KEY~0x0 |     60BB |          1 |                            |
|  |   |     1 | 0x382f20 |  0xc300 |          PSP_FW_BOOT_LOADER~0x1 |     $PS1 |   0.8.2.59 |  verified(60BB), encrypted |
|  |   |     2 | 0x28c220 |  0xb300 | PSP_FW_RECOVERY_BOOT_LOADER~0x3 |     $PS1 |   0.8.2.59 |  verified(60BB), encrypted |
|  |   |     3 | 0x297520 | 0x22770 |                           0x208 |          |    0.0.0.0 | compressed, verified(60BB) |
|  |   |     4 | 0x2b9d20 |  0x71b0 |                           0x212 |          |    0.0.0.0 | compressed, verified(60BB) |
|  |   |     5 | 0x2c0f20 | 0x20830 |       PSP_SMU_FN_FIRMWARE~0x108 |          |    0.0.0.0 | compressed, verified(60BB) |
|  |   |     6 | 0x2e1820 |  0x5010 |        !SMU_OFF_CHIP_FW_3~0x112 |          |    0.0.0.0 | compressed, verified(60BB) |
|  |   |     7 | 0x2e6920 |    0x10 |               WRAPPED_IKEK~0x21 |          |            |                            |
|  |   |     8 | 0x2e6b20 |  0x1000 |               TOKEN_UNLOCK~0x22 |          |            |                            |
|  |   |     9 | 0x2e7b20 |  0x1860 |                           0x224 |     $PS1 |   A.2.3.27 |  verified(60BB), encrypted |
|  |   |    10 | 0x2e9420 |  0x1760 |                           0x124 |     $PS1 |   A.2.3.1A |  verified(60BB), encrypted |
|  |   |    11 | 0x2eac20 |   0xdd0 |                       ABL0~0x30 |     AW0B | 18.12.10.0 | compressed, verified(60BB) |
|  |   |    12 | 0x2eba20 |  0xcbb0 |                       ABL1~0x31 |     AW1B | 18.12.10.0 | compressed, verified(60BB) |
|  |   |    13 | 0x2f8620 |  0x8dc0 |                       ABL2~0x32 |     AW2B | 18.12.10.0 | compressed, verified(60BB) |
|  |   |    14 | 0x301420 |  0xbb90 |                       ABL3~0x33 |     AW3B | 18.12.10.0 | compressed, verified(60BB) |
|  |   |    15 | 0x30d020 |  0xcca0 |                       ABL4~0x34 |     AW4B | 18.12.10.0 | compressed, verified(60BB) |
|  |   |    16 | 0x319d20 |  0xc910 |                       ABL5~0x35 |     AW5B | 18.12.10.0 | compressed, verified(60BB) |
|  |   |    17 | 0x326720 |  0x9ef0 |                       ABL6~0x36 |     AW6B | 18.12.10.0 | compressed, verified(60BB) |
|  |   |    18 | 0x330620 |  0xc710 |                       ABL7~0x37 |     AW7B | 18.12.10.0 | compressed, verified(60BB) |
|  |   |    19 | 0x382b20 |   0x400 |   !PL2_SECONDARY_DIRECTORY~0x40 |          |            |                            |
+--+---+-------+----------+---------+---------------------------------+----------+------------+----------------------------+


+--+-----------+----------+-----------+-------+---------------------+
|  | Directory |   Addr   |    Type   | Magic | Secondary Directory |
+--+-----------+----------+-----------+-------+---------------------+
|  |     1     | 0x382b20 | secondary |  $PL2 |          --         |
+--+-----------+----------+-----------+-------+---------------------+
+--+---+-------+----------+----------+-----------------------------+----------+------------+----------------------------+
|  |   | Entry |  Address |     Size |                        Type | Magic/ID |    Version |                       Info |
+--+---+-------+----------+----------+-----------------------------+----------+------------+----------------------------+
|  |   |     0 | 0x382f20 |   0xc300 |      PSP_FW_BOOT_LOADER~0x1 |     $PS1 |   0.8.2.59 |  verified(60BB), encrypted |
|  |   |     1 | 0x38f220 |    0x240 |          AMD_PUBLIC_KEY~0x0 |     60BB |          1 |                            |
|  |   |     2 | 0x38f520 |   0xf300 |       PSP_FW_TRUSTED_OS~0x2 |     $PS1 |   0.8.2.59 |  verified(60BB), encrypted |
|  |   |     3 | 0x26bb20 |  0x20000 |             PSP_NV_DATA~0x4 |          |            |                            |
|  |   |     4 | 0x39e820 |  0x22770 |                       0x208 |          |    0.0.0.0 | compressed, verified(60BB) |
|  |   |     5 | 0x3c1020 |    0x340 |      SEC_DBG_PUBLIC_KEY~0x9 |     ED22 |          1 |             verified(60BB) |
|  |   |     6 | 0x24ab21 |      0x0 |      SOFT_FUSE_CHAIN_01~0xb |          |            |                            |
|  |   |     7 | 0x3c1420 |  0x11a50 | PSP_BOOT_TIME_TRUSTLETS~0xc |     $PS1 |    0.7.0.1 | compressed, verified(60BB) |
|  |   |     8 | 0x3d2f20 |   0x71b0 |                       0x212 |          |    0.0.0.0 | compressed, verified(60BB) |
|  |   |     9 | 0x3da120 |   0x1930 |           DEBUG_UNLOCK~0x13 |     $PS1 |   0.8.2.59 | compressed, verified(60BB) |
|  |   |    10 | 0x3dbb20 |     0x10 |           WRAPPED_IKEK~0x21 |          |            |                            |
|  |   |    11 | 0x3dcb20 |   0x1000 |           TOKEN_UNLOCK~0x22 |          |            |                            |
|  |   |    12 | 0x3ddb20 |   0x1860 |                       0x224 |     $PS1 |   A.2.3.27 |  verified(60BB), encrypted |
|  |   |    13 | 0x3df420 |   0x1760 |                       0x124 |     $PS1 |   A.2.3.1A |  verified(60BB), encrypted |
|  |   |    14 | 0x3e0c20 |   0x23e4 |                       0x225 |          |    4.2.1.1 |          inline_keys(76E9) |
|  |   |    15 | 0x3e3020 |   0x3b00 |                       0x125 |          |    3.2.2.1 |          inline_keys(76E9) |
|  |   |    16 | 0x3e6b20 |  0x18790 |         DRIVER_ENTRIES~0x28 |     $PS1 |   0.8.2.59 |  verified(60BB), encrypted |
|  |   |    17 | 0x3ff320 | 0x16e988 |                        0x29 |          |   1.20.8.1 |                     no_key |
|  |   |    18 | 0x56dd20 |   0x3100 |            S0I3_DRIVER~0x2d |     $PS1 |    0.7.0.1 |             verified(60BB) |
|  |   |    19 | 0x570e20 |    0xdd0 |                   ABL0~0x30 |     AW0B | 18.12.10.0 | compressed, verified(60BB) |
|  |   |    20 | 0x571c20 |   0xcbb0 |                   ABL1~0x31 |     AW1B | 18.12.10.0 | compressed, verified(60BB) |
|  |   |    21 | 0x57e820 |   0x8dc0 |                   ABL2~0x32 |     AW2B | 18.12.10.0 | compressed, verified(60BB) |
|  |   |    22 | 0x587620 |   0xbb90 |                   ABL3~0x33 |     AW3B | 18.12.10.0 | compressed, verified(60BB) |
|  |   |    23 | 0x593220 |   0xcca0 |                   ABL4~0x34 |     AW4B | 18.12.10.0 | compressed, verified(60BB) |
|  |   |    24 | 0x59ff20 |   0xc910 |                   ABL5~0x35 |     AW5B | 18.12.10.0 | compressed, verified(60BB) |
|  |   |    25 | 0x5ac920 |   0x9ef0 |                   ABL6~0x36 |     AW6B | 18.12.10.0 | compressed, verified(60BB) |
|  |   |    26 | 0x5b6820 |   0xc710 |                   ABL7~0x37 |     AW7B | 18.12.10.0 | compressed, verified(60BB) |
|  |   |    27 | 0x5c3020 |  0x20830 |   PSP_SMU_FN_FIRMWARE~0x108 |          |    0.0.0.0 | compressed, verified(60BB) |
|  |   |    28 | 0x5e3920 |   0x5010 |    !SMU_OFF_CHIP_FW_3~0x112 |          |    0.0.0.0 | compressed, verified(60BB) |
+--+---+-------+----------+----------+-----------------------------+----------+------------+----------------------------+


+--+-----------+----------+------+-------+---------------------+
|  | Directory |   Addr   | Type | Magic | Secondary Directory |
+--+-----------+----------+------+-------+---------------------+
|  |     2     | 0x34eb20 | BIOS |  $BHD |       0x3ef000      |
+--+-----------+----------+------+-------+---------------------+
+--+---+-------+-----------+---------+-------------------------------+----------+-----------+----------------------------+
|  |   | Entry |   Address |    Size |                          Type | Magic/ID |   Version |                       Info |
+--+---+-------+-----------+---------+-------------------------------+----------+-----------+----------------------------+
|  |   |     0 |  0x34ef20 |   0x340 |           BIOS_PUBLIC_KEY~0x5 |     3FC7 |         1 |             verified(60BB) |
|  |   |     1 |  0x34fb20 |  0x2000 |                   FW_IMC~0x60 |          |           |                            |
|  |   |     2 |  0x351b20 |  0x2000 |                      0x100060 |          |           |                            |
|  |   |     3 |  0x353b20 |  0x2000 |
相关项目
项目侧边栏1项目侧边栏2
推荐项目
Project Cover

豆包MarsCode

豆包 MarsCode 是一款革命性的编程助手,通过AI技术提供代码补全、单测生成、代码解释和智能问答等功能,支持100+编程语言,与主流编辑器无缝集成,显著提升开发效率和代码质量。

Project Cover

AI写歌

Suno AI是一个革命性的AI音乐创作平台,能在短短30秒内帮助用户创作出一首完整的歌曲。无论是寻找创作灵感还是需要快速制作音乐,Suno AI都是音乐爱好者和专业人士的理想选择。

Project Cover

有言AI

有言平台提供一站式AIGC视频创作解决方案,通过智能技术简化视频制作流程。无论是企业宣传还是个人分享,有言都能帮助用户快速、轻松地制作出专业级别的视频内容。

Project Cover

Kimi

Kimi AI助手提供多语言对话支持,能够阅读和理解用户上传的文件内容,解析网页信息,并结合搜索结果为用户提供详尽的答案。无论是日常咨询还是专业问题,Kimi都能以友好、专业的方式提供帮助。

Project Cover

阿里绘蛙

绘蛙是阿里巴巴集团推出的革命性AI电商营销平台。利用尖端人工智能技术,为商家提供一键生成商品图和营销文案的服务,显著提升内容创作效率和营销效果。适用于淘宝、天猫等电商平台,让商品第一时间被种草。

Project Cover

吐司

探索Tensor.Art平台的独特AI模型,免费访问各种图像生成与AI训练工具,从Stable Diffusion等基础模型开始,轻松实现创新图像生成。体验前沿的AI技术,推动个人和企业的创新发展。

Project Cover

SubCat字幕猫

SubCat字幕猫APP是一款创新的视频播放器,它将改变您观看视频的方式!SubCat结合了先进的人工智能技术,为您提供即时视频字幕翻译,无论是本地视频还是网络流媒体,让您轻松享受各种语言的内容。

Project Cover

美间AI

美间AI创意设计平台,利用前沿AI技术,为设计师和营销人员提供一站式设计解决方案。从智能海报到3D效果图,再到文案生成,美间让创意设计更简单、更高效。

Project Cover

AIWritePaper论文写作

AIWritePaper论文写作是一站式AI论文写作辅助工具,简化了选题、文献检索至论文撰写的整个过程。通过简单设定,平台可快速生成高质量论文大纲和全文,配合图表、参考文献等一应俱全,同时提供开题报告和答辩PPT等增值服务,保障数据安全,有效提升写作效率和论文质量。

使用协议隐私政策广告服务
投诉举报邮箱: service@vectorlightyear.com
@2024 懂AI·鲁ICP备2024100362号-6·鲁公网安备37021002001498号