UEFI bootkit:
This diagram illustrates the structure and flow of the RedLotus.efi UEFI bootkit (RedLotus.sys is the Windows kernel driver):
Usage:
Download
1. Extract the downloaded EFI shell and rename the file Shell.efi (should be in the folder UefiShell/X64) to bootx64.efi.
2. Format a USB drive to FAT32.
3. Create the following folder structure on the USB drive:
Code:
- For VMware Workstation:
- Go to VM -> Settings -> Hardware -> Add -> Hard Disk -> Next -> SCSI or NVMe (Recommended) -> Next -> Use a physical disk (for advanced users) -> Next -> Device: PhysicalDrive1 and Usage: Use entire disk -> Next -> Finish.
- Start the VM by clicking Power On to Firmware.
- Select "Internal Shell (Unsupported option)" or "EFI Vmware Virtual SCSI Hard Drive (1.0)".
5. A UEFI shell should start. Change the directory to the same location as the Windows Boot Manager (e.g., FS0). Please note that the file system could be different for your machine.
Code:
Code:
Code:
PoC
Tested on
- Microsoft Windows 10 Home 10.0.19045 N/A Build 19045
- Microsoft Windows 11 Home 10.0.22621 N/A Build 22621
Please be aware that this bootkit has not been tested against any anti-cheat systems. Use it responsibly and at your own risk.
This project is inspired by the following:
Umap:
Bootlicker:
BlackLotus:
ESPecter:
UEFI-Bootkit:
EfiGuard:
Bootkitting Windows Sandbox: https://[censored]/2022/08/29/bootkitting-windows-sandbox.html
Rootkits and Bootkits:
Bağlantıları görmek için lütfen
Giriş Yap
using Rust purely for the purpose of fun and learning. This bootkit performs manual mapping of a Windows kernel driver prior to the kernel loading process, effectively bypassing DSE (Driver Signature Enforcement). It adopts a similar approach to
Bağlantıları görmek için lütfen
Giriş Yap
and utilizes a UEFI runtime driver (EFI_RUNTIME_DRIVER). I am excited to share this project here with like-minded individuals who are interested in exploring and experimenting with such techniques.This diagram illustrates the structure and flow of the RedLotus.efi UEFI bootkit (RedLotus.sys is the Windows kernel driver):
Usage:
Download
Bağlantıları görmek için lütfen
Giriş Yap
or
Bağlantıları görmek için lütfen
Giriş Yap
and follow these steps:1. Extract the downloaded EFI shell and rename the file Shell.efi (should be in the folder UefiShell/X64) to bootx64.efi.
2. Format a USB drive to FAT32.
3. Create the following folder structure on the USB drive:
Code:
- USB:.
- │ redlotus.efi
- │
- └───EFI
- └───Boot
- bootx64.efi
- For VMware Workstation:
- Go to VM -> Settings -> Hardware -> Add -> Hard Disk -> Next -> SCSI or NVMe (Recommended) -> Next -> Use a physical disk (for advanced users) -> Next -> Device: PhysicalDrive1 and Usage: Use entire disk -> Next -> Finish.
- Start the VM by clicking Power On to Firmware.
- Select "Internal Shell (Unsupported option)" or "EFI Vmware Virtual SCSI Hard Drive (1.0)".
5. A UEFI shell should start. Change the directory to the same location as the Windows Boot Manager (e.g., FS0). Please note that the file system could be different for your machine.
Code:
- FS0:
Code:
- cp fs2:redlotus.efi fs0:
Code:
- load redlotus.efi
PoC
Tested on
- Microsoft Windows 10 Home 10.0.19045 N/A Build 19045
- Microsoft Windows 11 Home 10.0.22621 N/A Build 22621
Please be aware that this bootkit has not been tested against any anti-cheat systems. Use it responsibly and at your own risk.
This project is inspired by the following:
Umap:
Bağlantıları görmek için lütfen
Giriş Yap
Bootlicker:
Bağlantıları görmek için lütfen
Giriş Yap
BlackLotus:
Bağlantıları görmek için lütfen
Giriş Yap
ESPecter:
Bağlantıları görmek için lütfen
Giriş Yap
UEFI-Bootkit:
Bağlantıları görmek için lütfen
Giriş Yap
EfiGuard:
Bağlantıları görmek için lütfen
Giriş Yap
Bootkitting Windows Sandbox: https://[censored]/2022/08/29/bootkitting-windows-sandbox.html
Rootkits and Bootkits:
Bağlantıları görmek için lütfen
Giriş Yap