Jump to content

Secure boot PK, KEK, db and dbx file decoder

Secure Boot PK KEK db dbx UEFI

  • Please log in to reply
3 replies to this topic

#1
Andy Vandijck

Andy Vandijck

    InsanelyMac Deity

  • Coders
  • 1,640 posts
  • Gender:Male
  • Location:Tienen
  • Interests:Programming stuff for Mac OS X...
    Hacking...
    Hard rock (also really big Metallica...

I made a little tool to dump the info and certificates from the PK, KEK, db and dbx databases.

You can save the files through your BIOS in the UEFI BIOS menu and then get the info with this app.

 

Download below

Source is included ;)

 

EDIT:

Added Win32 and Win64 versions of the app... :D

Code slightly rewritten to silence some MSVC complaints...

 

Example of my KEK decoded:

<== Variable Authentication 2 header ==>
<- Time Data ->
Date: 18/1/2013
Time: 10:26:45
Nanotime: 0
Timezone: 0
Daylight: 0
<- End of time data ->
<- Certificate data ->
Certificate length: 0x18
Certificate revision: 0x200
Certificate type: 0xEF1
Certificate type EFI GUID: {0x4AAFD29D, 0x68DF, 0x49EE, {0x8A, 0xA9, 0x34, 0x7D, 0x37, 0x56, 0x65, 0xA7}}
<- End of certificate data ->
<== End of Variable Authentication 2 header ==>

<== Signature list 1 ==>
<- Signature list header ->
Signature type EFI GUID: {0xA5C059A1, 0x94E4, 0x4AA7, {0x87, 0xB5, 0xAB, 0x15, 0x5C, 0x2B, 0xF0, 0x72}}
Signature list size: 0x379
Signature header size: 0x0
Signature size: 0x35D
<- End of signature list header ->
<- Signature data ->
Signature owner EFI GUID: {0x3B053091, 0x6C9F, 0x04CC, {0xB1, 0xAC, 0xE2, 0xA5, 0x1E, 0x3B, 0xE5, 0xF5}}
<-Signature ->
3082034930820231A0030201020210311E46C51600A1A440F1C150E217C27130
0D06092A864886F70D01010B0500302E312C302A060355040313234153555354
654B204D6F74686572426F617264204B454B204365727469666963617465301E
170D3131313232363233333435395A170D3331313232363233333435385A302E
312C302A060355040313234153555354654B204D6F74686572426F617264204B
454B20436572746966696361746530820122300D06092A864886F70D01010105
000382010F003082010A0282010100890984DEA721161B454D9C21738084F6D1
13E792A4B51D0AE34BC5A3009F64B9800FC21416D8D79E1EACA42FD8E8E23723
D47580FAA32ADE8C352575F8C67736F21074A98E0849C7D536AB82FC266B53A2
AB75A63EC223FB054B51D173CEBFDE88E5960C4A1F679A81E846A80945122F0F
2939E9B1292BAC0C73AAFB784BD5297E352CAA842CE36279D35129D6ECF2E540
45A09F174EB2F0DC3834C3C77CF605E827A1469B068C6F230A6A97EA22579969
D37FEB2FD9592126065B367D1FB387056AA5FEE2AA4D8EC8365763BDB8ECDC8B
8BA0252A4ACC839F05552B644BDF1006E56A0A7DD60C9EEDA9A7AEF126A6314C
4B771DEB8D50CFA8D5176805973ADB0203010001A3633061305F0603551D0104
58305680105915D5B5698AB89D28C872DB3F5A9CF0A130302E312C302A060355
040313234153555354654B204D6F74686572426F617264204B454B2043657274
696669636174658210311E46C51600A1A440F1C150E217C271300D06092A8648
86F70D01010B050003820101002158304F95F59F66E6020C685EFC2824A78A33
B7318126653D5BC0BAA348E5A0E81AC9A956E10685875697F32679CCB198DB74
1D954C3EF9DD91977633DBB2699571F25E8B9AEC370D367C306C5C99171049C8
6DB7CE17F30C2E0A728C32D0108F8B76DAC506B75B11CD393C68716F2AB167B4
6DAEC8852D8CAE9D45B7E1E171088F7699DDBCF8EEA7B75907DBF5CA56988F9F
793BC33812F70C6DAD834C49938F829004E300E7DF677984FEAA4072E1370B71
5AFE9496D1F24C5B3B3BFCD71BA74DE276E6CA63F9C94B4AE7922CE4B1754692
D7916B213D38E01D7E322A282A08E5F9ED14F23C589C4852E08343A809FE3A35
FB26BC7B87CA51E52424305CDC
<- End of signature ->
<- End of signature data ->
<== End of signature list 1 ==>

<== Signature list 2 ==>
<- Signature list header ->
Signature type EFI GUID: {0xA5C059A1, 0x94E4, 0x4AA7, {0x87, 0xB5, 0xAB, 0x15, 0x5C, 0x2B, 0xF0, 0x72}}
Signature list size: 0x618
Signature header size: 0x0
Signature size: 0x5FC
<- End of signature list header ->
<- Signature data ->
Signature owner EFI GUID: {0x77FA9ABD, 0x0359, 0x4D32, {0xBD, 0x60, 0x28, 0xF4, 0xE7, 0x8F, 0x78, 0x4B}}
<-Signature ->
308205E8308203D0A003020102020A610AD188000000000003300D06092A8648
86F70D01010B0500308191310B30090603550406130255533113301106035504
08130A57617368696E67746F6E3110300E060355040713075265646D6F6E6431
1E301C060355040A13154D6963726F736F667420436F72706F726174696F6E31
3B3039060355040313324D6963726F736F667420436F72706F726174696F6E20
5468697264205061727479204D61726B6574706C61636520526F6F74301E170D
3131303632343230343132395A170D3236303632343230353132395A30818031
0B3009060355040613025553311330110603550408130A57617368696E67746F
6E3110300E060355040713075265646D6F6E64311E301C060355040A13154D69
63726F736F667420436F72706F726174696F6E312A3028060355040313214D69
63726F736F667420436F72706F726174696F6E204B454B204341203230313130
820122300D06092A864886F70D01010105000382010F003082010A0282010100
C4E8B58ABFAD5726B026C3EAE7FB577A44025D070DDA4AE5742AE6B00FEC6DEB
EC7FB9E35A63327C11174F0EE30BA73815938EC6F5E084B19A9B2CE7F5B791D6
09E1E2C004A8AC301CDF48F306509A64A7517FC8854F8F2086CEFE2FE19FFF82
C0EDE9CDCEF4536A623A0B43B9E225FDFE05F9D4C414AB11E223898D70B7A41D
4DECAEE59CFA16C2D7C1CBD4E8C42FE599EE248B03EC8DF28BEAC34AFB431112
0B7EB547926CDCE60489EBF53304EB10012A71E5F983133CFF25092F687646FF
BA4FBEDCAD712A58AAFB0ED2793DE49B653BCC292A9FFC7259A2EBAE92EFF635
1380C602ECE45FCC9D76CDEF6392C1AF79408479877FE352A8E89D7B07698F15
0203010001A382014F3082014B301006092B0601040182371501040302010030
1D0603551D0E0416041462FC43CDA03EA4CB6712D25BD955AC7BCCB68A5F3019
06092B0601040182371402040C1E0A00530075006200430041300B0603551D0F
040403020186300F0603551D130101FF040530030101FF301F0603551D230418
3016801445665243E17E5811BFD64E9E2355083B3A226AA8305C0603551D1F04
5530533051A04FA04D864B687474703A2F2F63726C2E6D6963726F736F66742E
636F6D2F706B692F63726C2F70726F64756374732F4D6963436F725468695061
724D6172526F6F5F323031302D31302D30352E63726C306006082B0601050507
010104543052305006082B060105050730028644687474703A2F2F7777772E6D
6963726F736F66742E636F6D2F706B692F63657274732F4D6963436F72546869
5061724D6172526F6F5F323031302D31302D30352E637274300D06092A864886
F70D01010B05000382020100D48488F514941802CA2A3CFB2A921C0CD7A0D1F1
E85266A8EEA2B5757A9000AA2DA4765AEA79B7B9376A517B1064F6E164F20267
BEF7A81B78BDBACE8858640CD657C819A35F05D6DBC6D069CE484B32B7EB5DD2
30F5C0F5B8BA7807A32BFE9BDB345684EC82CAAE4125709C6BE9FE900FD7961F
E5E7941FB22A0C8D4BFF2829107BF7D77CA5D176B905C879ED0F90929CC2FEDF
6F7E6C0F7BD4C145DD345196390FE55E56D8180596F407A642B3A077FD0819F2
7156CC9F8623A487CBA6FD587ED4696715917E81F27F13E50D8B8A3C8784EBE3
CEBD43E5AD2D84938E6A2B5A7C44FA52AA81C82D1CBBE052DF0011F89A3DC160
B0E133B5A388D165190A1AE7AC7CA4C182874E38B12F0DC514876FFD8D2EBC39
B6E7E6C3E0E4CD2784EF9442EF298B9046413B811B67D8F9435965CB0DBCFD00
924FF4753BA7A924FC50414079E02D4F0A6A27766E52ED96697BAF0FF78705D0
45C2AD5314811FFB3004AA373661DA4A691B34D868EDD602CF6C940CD3CF6C22
79ADB1F0BC03A24660A9C407C22182F1FDF2E8793260BFD8ACA522144BCAC1D8
4BEB7D3F5735B2E64F75B4B060032253AE91791DD69B411F15865470B2DE0D35
0F7CB03472BA97603BF079EBA2B21C5DA216B887C5E91BF6B597256F389FE391
FA8A7998C3690EB7A31C200597F8CA14AE00D7C4F3C01410756B34A01BB59960
F35CB0C5574E36D23284BF9E
<- End of signature ->
<- End of signature data ->
<== End of signature list 2 ==>

<== Signature list 3 ==>
<- Signature list header ->
Signature type EFI GUID: {0xA5C059A1, 0x94E4, 0x4AA7, {0x87, 0xB5, 0xAB, 0x15, 0x5C, 0x2B, 0xF0, 0x72}}
Signature list size: 0x464
Signature header size: 0x0
Signature size: 0x448
<- End of signature list header ->
<- Signature data ->
Signature owner EFI GUID: {0x6DC40AE4, 0x2EE8, 0x9C4C, {0xA3, 0x14, 0x0F, 0xC7, 0xB2, 0x00, 0x87, 0x10}}
<-Signature ->
308204343082031CA003020102020900B94124A0182C9267300D06092A864886
F70D01010B0500308184310B3009060355040613024742311430120603550408
0C0B49736C65206F66204D616E3110300E06035504070C07446F75676C617331
173015060355040A0C0E43616E6F6E6963616C204C74642E3134303206035504
030C2B43616E6F6E6963616C204C74642E204D61737465722043657274696669
6361746520417574686F72697479301E170D3132303431323131313235315A17
0D3432303431313131313235315A308184310B30090603550406130247423114
301206035504080C0B49736C65206F66204D616E3110300E06035504070C0744
6F75676C617331173015060355040A0C0E43616E6F6E6963616C204C74642E31
34303206035504030C2B43616E6F6E6963616C204C74642E204D617374657220
436572746966696361746520417574686F7269747930820122300D06092A8648
86F70D01010105000382010F003082010A0282010100BF5B3A1674EE215DAE61
ED9D56ACBDDEDE72F3DD7E2D4C620FACC06D480811CF8D8BFB611F27CC116ED9
553D3954EB403BB1BBE2853479CAF77BBFBA7AC8102D197DAD59CFA6D4E94E0F
DAAE52EA4C9E90CEC6990D4E6765785DF9D1D5384A4A7A8F939C7F1AA385DBCE
FA8BF7C2A2212D9B5441351057138D6CBC2906504A7EEA99A968A73BC7071B32
9EA019870E79BB68992D7E9352E5F6EBC99BF92BEDB86849BCD99550405BC5B2
71AAEB5C57DE71F9400ADD5BAC1E842D501A52D6E1F36B6E90644F5BB4EB20E4
6110DA5AF0EAE442D701C4FE211FD9B9C05495428152721F49647AC86C24F108
700B4DA5A032D1A01C57A84DE3AFA58E05053E1043A10203010001A381A63081
A3301D0603551D0E04160414AD91990BC22AB1F517048C23B6655A268E345A63
301F0603551D23041830168014AD91990BC22AB1F517048C23B6655A268E345A
63300F0603551D130101FF040530030101FF300B0603551D0F04040302018630
430603551D1F043C303A3038A036A0348632687474703A2F2F7777772E63616E
6F6E6963616C2E636F6D2F7365637572652D626F6F742D6D61737465722D6361
2E63726C300D06092A864886F70D01010B050003820101003F7DF676A5B383B4
2B7AD06D521A0383C412A7509C4792CCC0947782D2AE57B39904F5323AC6551D
07DB12A956FAD8D47620EBE4C351DB9A5C9C923F1873DA946AA199388CA4886D
C1FC3971D0747616033E562335D555475B1A1D41C2D3124CDCFFAE0A929C620A
17019C73E05EB1FDBCD6B519117A7ECD3E037E66DB5BA8C9394851FF53E19C31
53911B3B10750317BAE681028094704C46B794B03D15CD1F8E02E068028FFBF9
471D7DA201C60751C49ACCEDDDCFA35DED92BBBED1FDE6EC1F33517304BE3C72
B07D08F801FF987DCB9CE069397725477188B18D27A52EA8F73F5F8069973EA9
F49914DBCE030E0B66C41C6DBDB82777C14294BDFC6A0ABC
<- End of signature ->
<- End of signature data ->
<== End of signature list 3 ==>

Attached Files



#2
bronxteck

bronxteck

    InsanelyMac Protégé

  • Members
  • PipPip
  • 62 posts

looks like it will dump dell bios as well. so how would you use the info?



#3
Andy Vandijck

Andy Vandijck

    InsanelyMac Deity

  • Coders
  • 1,640 posts
  • Gender:Male
  • Location:Tienen
  • Interests:Programming stuff for Mac OS X...
    Hacking...
    Hard rock (also really big Metallica...

Added Windows versions of the app + slightly updated source.

It now builds with MSVC too...

Made Win32 and Win64 versions with MSVC 2010.

Made Win32 version with MinGW32 too...

I have no Linux installed or I would compile it there too ;)



#4
bronxteck

bronxteck

    InsanelyMac Protégé

  • Members
  • PipPip
  • 62 posts

i looked in my bios and have the option to manipulate these keys. i can dump them and write to them as an option. this is an Dell Optiplex 9010








0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

© 2014 InsanelyMac  |   News  |   Forum  |   Downloads  |   OSx86 Wiki  |   Mac Netbook  |   PHP hosting by CatN  |   Designed by Ed Gain  |   Logo by irfan  |   Privacy Policy