On Monday 20 September 2021 14:38:14 Daniel Dadap wrote: > On 9/20/21 12:55 PM, Pali Rohár wrote: > > Just one check, has bmf2mof showed some warning on stderr? I see > > "instance" in class definition and bmf2mof does not support decompiling > > MOF instances yet, it shows warning. > > > None of bmf2mof, bmfdec, nor bmfparse print anything to stderr, and all exit > with status 0 when I feed them the BMF data from this system. I am using > bmfdec from your GitHub repository at 7f47b073... which is the current > commit at the top of the master branch. I have attached the raw bmof dump in > case it is of any use to you. This is from a commercially available system, > so I don't believe there ought to be anything sensitive in there, as anybody > who purchases the same system should be able to retrieve the same data. Ok, seems that there is really nothing more. I run also just decompression phase './bmfdec < /tmp/bmof | strings -el' to check. That raw bmof binary should contain only compiled MOF code which has corresponding 1:1 text variant, just my bmf2mof does not support decompiling of all features and properties, specially instances yet. There should not be anything secret. On windows system with right tool (some WMI o WBEM browser) you should be able to view it. And moreover access to it is available directly from userspace and no (nt kernel) driver is required. So if vendor put there something sensitive it already has some big problem and new vector for malware...
