2* @description Intel(R) AMT Setup.bin Parser
3* @author Ylian Saint-Hilaire
7// Intel(R) AMT Setup.bin GUID's
8var AmtSetupBinSetupGuids = [
9 "\xb5\x16\xfb\x71\x87\xcb\xf9\x4a\xb4\x41\xca\x7b\x38\x35\x78\xf9", // Version 1
10 "\x96\xb2\x81\x58\xcf\x6b\x72\x4c\x8b\x91\xa1\x5e\x51\x2e\x99\xc4", // Version 2
11 "\xa7\xf7\xf6\xc6\x89\xc4\xf6\x47\x93\xed\xe2\xe5\x02\x0d\xa5\x1d", // Version 3
12 "\xaa\xa9\x34\x52\xe1\x29\xa9\x44\x8d\x4d\x08\x1c\x07\xb9\x63\x53" // Version 4
15// Notes about version 2 of setup.bin:
16// - Default "admin" must be followed by a new MEBx password
17// - ME_VARIABLE_IDENTIFIER_MANAGEABILITY_FEATURE_SELECTION may not appear after any CM settings
18// - CM_VARIABLE_IDENTIFIER_USER_DEFINED_CERT_ADD must be preceded by setting CM_VARIABLE_IDENTIFIER_USER_DEFINED_CERTS_CONFIG to (TODO!)
21// - Setup.bin should always start with "CurrentMEBx Pwd", "newMebx Pwd", "manageability selection" (if present).
23// Intel(R) AMT variable identifiers
24// Type: 0 = Binar Stringy, 1 = Char, 2 = Short, 3 = Int
25var AmtSetupBinVarIds =
28 1: [0, "Current MEBx Password"],
29 2: [0, "New MEBx Password"],
30 3: [1, "Manageability Feature Selection"],
31 4: [1, "Firmware Local Update", // 0 = Disabled, 1 = Enabled, 2 = Password Protected
32 { 0: "Disabled", 1: "Enabled", 2: "Password Protected" }],
33 5: [1, "Firmware Update Qualifier", // 0 = Always, 1 = Never, 2 = Restricted
34 { 0: "Always", 1: "Never", 2: "Restricted" }],
35 6: [0, "Power Package"] // GUID Length (16 bytes), Intel AMT version 2.1, 3 and 4
38 1: [0, "Provisioning Preshared Key ID (PID)"],
39 2: [0, "Provisioning Preshared Key (PPS)"],
40 3: [0, "PKI DNS Suffix"], // 255 bytes max length
41 4: [0, "Configuration Server FQDN"], // 255 bytes max length
42 5: [1, "Remote Configuration Enabled (RCFG)", // 0 = Off, 1 = On
43 { 0: "Off", 1: "On" }],
44 6: [1, "Pre-Installed Certificates Enabled", // 0 = Off, 1 = On
45 { 0: "Off", 1: "On" }],
46 7: [1, "User Defined Certificate Configuration", // 0 = Disabled, 1 = Enabled, 2 = Delete
47 { 0: "Disabled", 1: "Enabled", 2: "Delete" }],
48 8: [0, "User Defined Certificate Addition"], // 1 byte hash algo, 20 to 48 bytes hash, 1 byte name length, up to 32 bytes friendly name, 1 = SHA1 (20 bytes), 2 = SHA256 (32 bytes), 3 = SHA384 (48 bytes). Algo 2 & 3 are for version 3 and up.
49 10: [1, "SOL/IDER Redirection Configuration"],
50 11: [0, "Hostname"], // 63 bytes max length
51 12: [0, "Domain Name"], // 255 bytes max length
53 14: [1, "Secure Firmware Update (SFWU)", // 0 = Disabled, 1 = Enabled
54 { 0: "Disabled", 1: "Enabled" }],
56 16: [1, "Provisioning Mode (PM)", // 1 = Enterprise, 2 = Small Buisness (SMB)
57 { 0: "Enterprise", 1: "Small Buisness"}],
58 17: [0, "Provisioning Server Address"],
59 18: [2, "Provision Server Port Number (PSPO)"],
60 19: [0, "Static PV4 Parameters"],
62 21: [0, "PASS Policy Flag"],
63 22: [0, "IPv6"], // Length is 204 bytes old format, 84 bytes new format, Version 3+ only
64 23: [1, "Shared/Dedicated FQDN", // 0 = Dedicated, 1 = Shared. This option is valid only if configuring the hostname as well
65 { 0: "Dedicated", 1: "Shared" }],
66 24: [1, "Dynamic DNS Update", // 0 = Disabled, 1 = Enabled
67 { 0: "Disabled", 1: "Enabled" }],
68 25: [1, "Remote Desktop (KVM) State", // 0 = Disabled, 1 = Enabled
69 { 0: "Disabled", 1: "Enabled" }],
70 26: [1, "Opt-in User Consent Option", // 0 = Disabled, 1 = KVM, 0xFF = ALL
71 { 0 : "Disabled", 1 : "KVM", 255 : "All" }],
72 27: [1, "Opt-in Remote IT Consent Policy", // 0 = Disabled, 1 = Enabled. Allows user consent to be configured remotely.
73 { 0 : "Disabled", 1 : "Enabled"} ],
74 28: [1, "ME Provision Halt Active", // 0 = Stop, 1 = Start. The "ME provisioning Halt/Activate" command must appear in the file only after "PKIDNSSuffix", "ConfigServerFQDN" and "Provisioning Server Address"
75 { 0 : "Stop", 1 : "Start"}],
76 29: [1, "Manual Setup and Configuration", // 0 = Automated, 1 = Manual
77 { 0 : "Automated", 1 : "Manual"}],
78 30: [3, "Support Channel Identifier"], // 4 bytes length. Support channel identifier (valid values: 1-65535)
79 31: [0, "Support Channel Description"], // 60 bytes max. Friendly name used to describe the party representedby the support channel identifier.
80 32: [0, "Service Account Number"], // 32 bytes max. Unique string identifier given to the end user by the service provider.
81 33: [0, "Enrollement Passcode"], // 32 bytes max
82 34: [3, "Service Type"], // 4 bytes length. 1 = Reactive, 2 = Proactive, 4 = One Time Session
83 35: [0, "Service Provider Identifier"] // GUID Length (16 bytes)
88// Parse the Setup.bin file
89var AmtSetupBinCreate = function (version, flags) {
91 obj.fileType = version;
92 obj.recordChunkCount = 0;
93 obj.recordHeaderByteCount = 0;
95 obj.majorVersion = version;
98 obj.dataRecordsConsumed = 0;
99 obj.dataRecordChunkCount = 0;
105// Parse the Setup.bin file
106var AmtSetupBinDecode = function (file) {
108 // Format of the setup file header:
109 // FileTypeUUID(16) - uniquely identifies the file type. This identifier will remain valid and constant across all versions of the file type.
110 // RecordChunkCount(2) - indicates the number of 512-byte chunks occupied by this record, including all header, body, and reserved fields.
111 // RecordHeaderBytes(2) - indicates the length of the record header in bytes.
112 // RecordNumber(4) - uniquely identifies the record among all records in the file. The field contains a non-negative ordinal value. The value of this field is always zero in the Local Provisioning File Header Record.
113 // MajorVersion(1) - identifies the major version of the file format specification. This is a positive integer that is greater than or equal to 1. The Major Version number is incremented to indicate that changes have been introduced that will cause code written against a lower Major Version number to fail.
114 // MinorVersion(1) - identifies the minor version of the file format specification. This is an integer that is greater than or equal to 0. The Minor Version number is incremented to indicate that changes have been introduced that will not cause code written against the same Major Version and a lower Minor Version number to fail. The purpose of this behavior is to allow a single local provisioning file to be used for multiple generations of Intel® AMT platform.
115 // DataRecordCount(4) - indicates the total number of data records written in the file when it was created.
116 // DataRecordsConsumed(4) - is a counter value that begins at 0 and is incremented by 1 by each platform BIOS when it consumes a data record from the file. This value is used to determine the offset of the next data record in the file.
117 // DataRecordChunkCount(2) - contains the number of 512-byte chunks in each data record. All data records are the same length.
118 // ModuleList - contains a list of module identifiers. A module’s identifier appears in the list if and only if the data records contain entries for that module. Each module identifier is two bytes in length. The list is terminated by an identifier value of 0.
120 var obj = {}, UUID = file.substring(0, 16);
122 for (var i in AmtSetupBinSetupGuids) { if (UUID == AmtSetupBinSetupGuids[i]) obj.fileType = (+i + 1); }
123 if (obj.fileType == 0) return; // Bad header
124 obj.recordChunkCount = ReadShortX(file, 16);
125 obj.recordHeaderByteCount = ReadShortX(file, 18);
126 obj.recordNumber = ReadIntX(file, 20);
127 obj.majorVersion = file.charCodeAt(24);
128 obj.minorVersion = file.charCodeAt(25);
129 obj.flags = ReadShortX(file, 26); // Flags: 1 = Do not consume records
130 var dataRecordCount = ReadIntX(file, 28);
131 obj.dataRecordsConsumed = ReadIntX(file, 32);
132 obj.dataRecordChunkCount = ReadShortX(file, 36);
136 while (ptr + 512 <= file.length) {
138 // Format of a data record header:
139 // RecordTypeIdentifier(4) - identifies the type of record (in this case a data record). Record Identifiers: Invalid - 0, Data Record - 1
140 // RecordFlags(4) - contains a set of bit flags that characterize the record.
141 // RecordChunkCount(2) - contains the number of 512-byte chunks occupied by the record including all header, body, and reserved fields.
142 // RecordHeaderByteCount(2) - indicates the length of the record header in bytes.
143 // RecordNumber(4) - uniquely identifies the record among all records in the file, including invalid as well as valid records. The identifier is a non-negative integer.
146 r.typeIdentifier = ReadIntX(file, ptr);
147 r.flags = ReadIntX(file, ptr + 4); // Flags: 1 = Valid, 2 = Scrambled
148 r.chunkCount = ReadShortX(file, ptr + 8);
149 r.headerByteCount = ReadShortX(file, ptr + 10);
150 r.number = ReadIntX(file, ptr + 12);
153 var ptr2 = 0, recbin = file.substring(ptr + 24, ptr + 512);
154 if ((r.flags & 2) != 0) { recbin = AmtSetupBinDescrambleRecordData(recbin); } // De-Scramble the record
157 // Format of a data record entry:
158 // ModuleIdentifier(2) - identifies the target ME module for the entry.
159 // VariableIdentifier(2) - an enumeration value that identifies the variable. Variable identifiers are unique to each ModuleIdentifier.
160 // VariableLength(2) - is the length of the variable value in bytes.
161 // VariableValue - is the value to be assigned to the variable.
164 v.moduleid = ReadShortX(recbin, ptr2);
165 v.varid = ReadShortX(recbin, ptr2 + 2);
166 if (v.moduleid == 0 || v.varid == 0) break;
167 if (AmtSetupBinVarIds[v.moduleid][v.varid]) {
168 v.length = ReadShortX(recbin, ptr2 + 4);
169 v.type = AmtSetupBinVarIds[v.moduleid][v.varid][0];
170 v.desc = AmtSetupBinVarIds[v.moduleid][v.varid][1];
171 v.value = recbin.substring(ptr2 + 8, ptr2 + 8 + v.length);
172 if (v.type == 1 && v.length == 1) v.value = v.value.charCodeAt(0);
173 else if (v.type == 2 && v.length == 2) v.value = ReadShortX(v.value, 0);
174 else if (v.type == 3 && v.length == 4) v.value = ReadIntX(v.value, 0);
177 ptr2 += (8 + (Math.floor((v.length + 3) / 4) * 4));
180 // Sort the variables
181 r.variables.sort(AmtSetupBinVariableCompare);
187 if (dataRecordCount != obj.records.length) return; // Mismatch record count
191// Construct a Setup.bin file
192var AmtSetupBinEncode = function (obj) {
193 if (obj.fileType < 1 && obj.fileType > AmtSetupBinSetupGuids.length) return null;
194 var out = [], r = AmtSetupBinSetupGuids[obj.fileType - 1], reccount = 0;
195 r += ShortToStrX(obj.recordChunkCount);
196 r += ShortToStrX(obj.recordHeaderByteCount);
197 r += IntToStrX(obj.recordNumber);
198 r += String.fromCharCode(obj.majorVersion, obj.minorVersion);
199 r += ShortToStrX(obj.flags); // Flags: 1 = Do not consume records
200 r += IntToStrX(obj.records.length);
201 r += IntToStrX(obj.dataRecordsConsumed);
202 r += ShortToStrX(obj.dataRecordChunkCount);
203 while (r.length < 512) { r += "\0"; } // Pad the header
207 for (var i in obj.records) {
208 var r2 = "", rec = obj.records[i];
209 r2 += IntToStrX(rec.typeIdentifier);
210 r2 += IntToStrX(rec.flags);
211 r2 += IntToStrX(0); // Reserved
212 r2 += IntToStrX(0); // Reserved
213 r2 += ShortToStrX(1); // rec.chunkCount
214 r2 += ShortToStrX(24); // rec.headerByteCount
215 r2 += IntToStrX(++reccount);
217 // Sort the variables
218 rec.variables.sort(AmtSetupBinVariableCompare);
221 // Change variable priority
222 AmtSetupBinMoveToTop(r.variables, 1, 3); // Manageability Feature Selection
223 AmtSetupBinMoveToTop(r.variables, 1, 2); // New MEBx password
224 AmtSetupBinMoveToTop(r.variables, 1, 1); // Current MEBx password
227 // Write each variable
228 for (var j in rec.variables) {
229 var r3 = "", v = rec.variables[j], data = v.value;
230 v.type = AmtSetupBinVarIds[v.moduleid][v.varid][0]; // Set the correct type if not alreay connect
231 if (v.type > 0) { // If this is a numeric value, encode it correctly
232 data = parseInt(data);
233 if (v.type == 1) data = String.fromCharCode(data);
234 if (v.type == 2) data = ShortToStrX(data);
235 if (v.type == 3) data = IntToStrX(data);
237 r3 += ShortToStrX(v.moduleid); // Module Identifier
238 r3 += ShortToStrX(v.varid); // Variable Identifier
239 r3 += ShortToStrX(data.length); // Variable Length
240 r3 += ShortToStrX(0); // Reserved
241 r3 += data; // Variable Data
242 while (r3.length % 4 != 0) { r3 += "\0"; } // Pad the variable
246 while (r2.length < 512) { r2 += "\0"; } // Pad the record
247 if ((rec.flags & 2) != 0) { r2 = r2.substring(0, 24) + AmtSetupBinScrambleRecordData(r2.substring(24)); } // Scramble the record starting at byte 24, after the header
253// Used to sort variables
254function AmtSetupBinVariableCompare(a, b) {
255 if (a.moduleid > b.moduleid) return 1;
256 if (a.moduleid < b.moduleid) return -1;
257 if (a.varid > b.varid) return 1;
258 if (a.varid < b.varid) return -1;
262// Scramble and un-scramble records
263function AmtSetupBinScrambleRecordData(data) { var out = ""; for (var i = 0; i < data.length; i++) { out += String.fromCharCode((data.charCodeAt(i) + 17) & 0xFF); } return out; }
264function AmtSetupBinDescrambleRecordData(data) { var out = ""; for (var i = 0; i < data.length; i++) { out += String.fromCharCode((data.charCodeAt(i) + 0xEF) & 0xFF); } return out; }
266// Find a moduleid/varid in the variable list, if found, move it to the top
267//function AmtSetupBinMoveToTop(variables, moduleid, varid) { var i = -1; for (var j in variables) { if ((variables[j].moduleid == moduleid) && (variables[j].varid == varid)) { i = j; } } if (i > 1) { ArrayElementMove(variables, i, 0); } }
1.14.0