# Sonic Screwdriver

Some quick thoughts after reviewing some of the "Dark Matter" vault7 documents on wikileaks, with the caveat that these documents are all fairly old and almost certainly don't reflect the state of the art. The Sonic Screwdriver attracted my attention since many reports compared it to Thundestrike: they both use the Apple Thunderbolt gigabit ethernet adapter and store their code in its Option ROM. Sonic Screwdriver predates Thunderstrike 1 by at least a year and based on the dates, however, I am assuming they saw snare's 2012 Black Hat presentation and then took six months to weaponize and package it for use.

### Sonic Screwdriver

The functonality of Sonic Screwdriver appears to be at the same level as presented in snare's slides -- the Option ROM code is loaded before firmware passwords are checked, which allows it to bypass this password and boot from an alternate media device with a more extensive exploit, but does not have any flash level persistence. Based on the documentation, as far as I can tell it does not carry any payload of its own:

The intended CONOP for Sonic Screwdriver is to be able to install EDG/AED tools on a Mac even if a firmware password was enabled.

The key contribution of Thunderstrike over snare's work was that it allowed a proximate attacker to use the Thunderbolt adapter to overwrite the motherboard boot flash, which provided better persistence than a boot.efi implant on the harddrive. The specific vulnerability in Apple's firmware update routine used was closed as part of the software update that coincided with my 31C3 presentation. Thunderstrike 2 found additional vulnerabilities and added software-only attacks that allowed the flash to be unlocked from software and also added a viral mode in which new Thunderbolt devices would be infected. Most of the vulnerabilities that allowed the Thunderbolt device to write to the bootflash were closed as part of a coordinated disclosure prior to BH2015. Note that neither Sonic Screwdriver, snare's rootkit, nor any of the Thunderstrike vulnerabilities used DMA over PCIe.

Apple did not disable OptionROMs after snare's 2012 talk, nor after either of the Thunderstrike talks. Even though the vulnerabilities that allowed flash writes from the Option ROM were closed by Apple, it was still possible to use the code in the Option ROM to bypass or reset firmware passwords, change boot devices, etc. Apple finally added an option to disable them for good in December 2015, as noted by Xeno in this tweet (crediting snare and our work). This is what the security community had been asking for since 2012 and can now be set via the command line:

sudo firmwarepasswd -setpasswd -setmode command