Couple Can Sue Laptop-Tracking Company (LoJack) for Spying on Sex Chats

[David H. Lipman]

From: "Dustin" <bughunter.dustin@gmail.com>

> "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in
> news:j46lig02i2d@news3.newsguy.com:
>
>> It may be used w/o Internet access.
>
> For a period of time. You paid for the software and the monitoring
> service which comes with it. You are understanding that you will provide
> it a way to check in every so often, or it will, for your protection,
> bios lock the boot process.
>
>> It may be used on a closed network.
>
> Actually, the dropped exe brags about being able to call home regardless
> of firewall presence and network configuration.
>
>> It may be used as a tool or lab device.
>
> A tool for what?
>

You aren't getting it. When I say a closed network I mean a "closed network" as in a
closed loop without any Internet access at all. A private network. Two come to mind.

There are times when a notebook will be used as an instrument or toolo to setup other
equipment such as programming radios. The notebook has specialty software and via USB
hooks up to the equipment and the notebook's software is used to setup and programme the
device.



--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp

[FromTheRafters]

"Dustin" <bughunter.dustin@gmail.com> wrote in message
news:Xns9F58E660F562EHHI2948AJD832@no...
> "FromTheRafters" <erratic.howard@gmail.com> wrote in
> news:j3uamv$94a$1@dont-email.me:
>
>> "Dustin" <bughunter.dustin@gmail.com> wrote in message
>> news:Xns9F558CA9A208AHHI2948AJD832@no...
>>> "David W. Hodgins" <dwhodgins@nomail.afraid.org> wrote in
>>> newsp.v07k0xqda3w0dxdave@hodgins.homeip.net:
>>>
>>>> On Fri, 02 Sep 2011 18:50:54 -0400, Dustin
>>>> <bughunter.dustin@gmail.com> wrote:
>>>>
>>>>> Oh, and switching to linux still ****s you, when the optionrom2
>>>>> calls home on your internet connection and finds out she's
>>>>> stolen. Which it will do, when it cannot drop the exe file. LOL.
>>>>> Whan happens next is a
>>>>
>>>> If it's using a windows executable, to phone home, that won't
>>>> work.
>>>
>>> You seem to be missing something important. It can use the windows
>>> executable, but in the event it cannot drop it in a specified
>>> amount of time, it halts the boot process.
>>>
>>>> Are you saying the option rom can establish an internet connection
>>>> before the operating system boots?
>>>
>>> I'm not only saying that, but, being as I've extracted a viable
>>> sample of the option rom and have since learned how to remove it, I
>>> *know* the company is lying about the products limitations and
>>> abilities.
>>
>> Have you been analyzing the OEM partnered persistence version or
>> just the software CD loadable version?
>
> One from CD loading, one from OEM. They don't have much difference in
> code, and both can be remotely updated.

Hmmm ... if it is all software and flashable firmware, then why is there
any need to partner with the manufacturer? Surely they don't need any
such partnership to make use of the 'guest room' on the BIOS chip.

I read a little on the Toshiba forums where there is expressed concern
over the ability of black hats to use this as their own personal rootkit
by changing the 'phone home' address. Computrace's reply was that
they have firmware installed by the manufacturer.

http://forums.toshiba.com/t5/Satelli...ity/td-p/45947

Why would they need the manufacturer to do something that they can
do from the software environment (i.e., flashing)?

I can't help thinking that there must be *something* that is untouchable
from the software environment.

[Dustin]

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in
news:j47jmm01ben@news4.newsguy.com:

> From: "Dustin" <bughunter.dustin@gmail.com>
>
>> "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in
>> news:j46lig02i2d@news3.newsguy.com:
>>
>>> It may be used w/o Internet access.
>>
>> For a period of time. You paid for the software and the monitoring
>> service which comes with it. You are understanding that you will
>> provide it a way to check in every so often, or it will, for your
>> protection, bios lock the boot process.
>>
>>> It may be used on a closed network.
>>
>> Actually, the dropped exe brags about being able to call home
>> regardless of firewall presence and network configuration.
>>
>>> It may be used as a tool or lab device.
>>
>> A tool for what?
>>
>
> You aren't getting it. When I say a closed network I mean a "closed
> network" as in a closed loop without any Internet access at all. A
> private network. Two come to mind.
>
> There are times when a notebook will be used as an instrument or
> toolo to setup other equipment such as programming radios. The
> notebook has specialty software and via USB hooks up to the
> equipment and the notebook's software is used to setup and programme
> the device.

I gotcha. In those cases, Lojack probably wouldn't fit the bill. It has
to be able to call home every so often. To ehh, check in.


--
I am a sinner
Hold my prayers upto the sun
I am a sinner
Heaven's closed for what I've done.

[Dustin]

"FromTheRafters" <erratic.howard@gmail.com> wrote in
news:j47o8d$utf$1@dont-email.me:

> "Dustin" <bughunter.dustin@gmail.com> wrote in message
> news:Xns9F58E660F562EHHI2948AJD832@no...
>> "FromTheRafters" <erratic.howard@gmail.com> wrote in
>> news:j3uamv$94a$1@dont-email.me:
>>
>>> "Dustin" <bughunter.dustin@gmail.com> wrote in message
>>> news:Xns9F558CA9A208AHHI2948AJD832@no...
>>>> "David W. Hodgins" <dwhodgins@nomail.afraid.org> wrote in
>>>> newsp.v07k0xqda3w0dxdave@hodgins.homeip.net:
>>>>
>>>>> On Fri, 02 Sep 2011 18:50:54 -0400, Dustin
>>>>> <bughunter.dustin@gmail.com> wrote:
>>>>>
>>>>>> Oh, and switching to linux still ****s you, when the optionrom2
>>>>>> calls home on your internet connection and finds out she's
>>>>>> stolen. Which it will do, when it cannot drop the exe file.
>>>>>> LOL. Whan happens next is a
>>>>>
>>>>> If it's using a windows executable, to phone home, that won't
>>>>> work.
>>>>
>>>> You seem to be missing something important. It can use the
>>>> windows executable, but in the event it cannot drop it in a
>>>> specified amount of time, it halts the boot process.
>>>>
>>>>> Are you saying the option rom can establish an internet
>>>>> connection before the operating system boots?
>>>>
>>>> I'm not only saying that, but, being as I've extracted a viable
>>>> sample of the option rom and have since learned how to remove it,
>>>> I *know* the company is lying about the products limitations and
>>>> abilities.
>>>
>>> Have you been analyzing the OEM partnered persistence version or
>>> just the software CD loadable version?
>>
>> One from CD loading, one from OEM. They don't have much difference
>> in code, and both can be remotely updated.
>
> Hmmm ... if it is all software and flashable firmware, then why is
> there any need to partner with the manufacturer? Surely they don't
> need any such partnership to make use of the 'guest room' on the
> BIOS chip.

Customized hardware options. They don't need the partnership, as long
as your bios as the room. But, from a would be purchasing point of view
; it gives them credibility.

> I read a little on the Toshiba forums where there is expressed
> concern over the ability of black hats to use this as their own
> personal rootkit by changing the 'phone home' address. Computrace's
> reply was that they have firmware installed by the manufacturer.

Yes, in some systems they do.

> http://forums.toshiba.com/t5/Satelli...r/LoJack-vulne
> rability/td-p/45947
>
> Why would they need the manufacturer to do something that they can
> do from the software environment (i.e., flashing)?

Depending on the expense of the product (The high end stuff only,
basically); it actually has an extra chip soldered onto the mainboard;
and you can see this was added later, not part of the original design.
That chip I can do nothing with. If I remove it, the laptop dies.

However, if I am able to reflash the main bios AND the optionrom2 code,
I can still disable lojack. The chip contains code the system won't be
able to use, because I turned it "back off" in the bios config. It's
not a clean situation as I'd prefer, but it works still.

However, anybody good with cmos coding can always flip the bit and turn
it back on, without the user knowing. When that ******* is re-
activated, my work gets undone pretty quick.

> I can't help thinking that there must be *something* that is
> untouchable from the software environment.

That chip. You can see if your box might have it, by entering cmos
setup and looking for lojack options.



--
I am a sinner
Hold my prayers upto the sun
I am a sinner
Heaven's closed for what I've done.

[David H. Lipman]

From: "Dustin" <bughunter.dustin@gmail.com>

> "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in
> news:j47jmm01ben@news4.newsguy.com:
>
>> From: "Dustin" <bughunter.dustin@gmail.com>
>>
>>> "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in
>>> news:j46lig02i2d@news3.newsguy.com:
>>>
>>>> It may be used w/o Internet access.
>>>
>>> For a period of time. You paid for the software and the monitoring
>>> service which comes with it. You are understanding that you will
>>> provide it a way to check in every so often, or it will, for your
>>> protection, bios lock the boot process.
>>>
>>>> It may be used on a closed network.
>>>
>>> Actually, the dropped exe brags about being able to call home
>>> regardless of firewall presence and network configuration.
>>>
>>>> It may be used as a tool or lab device.
>>>
>>> A tool for what?
>>>
>>
>> You aren't getting it. When I say a closed network I mean a "closed
>> network" as in a closed loop without any Internet access at all. A
>> private network. Two come to mind.
>>
>> There are times when a notebook will be used as an instrument or
>> toolo to setup other equipment such as programming radios. The
>> notebook has specialty software and via USB hooks up to the
>> equipment and the notebook's software is used to setup and programme
>> the device.
>
> I gotcha. In those cases, Lojack probably wouldn't fit the bill. It has
> to be able to call home every so often. To ehh, check in.
>
>

Right and those cases can be "exploited" (so to speak) to prevent LE from using LoJack
recovery successfully.

Lets say that the ROM code is able to communicate directly to the NIC. It isn't far
fetched. The ROM code would be hard coded for the embedded NIC and use Crynwar Packet
Drivers or NDIS2 stack. Disable the embedded NIC and install your own NIC. Thus the ROM
code for the embedded NIC would fail and wouldn't be able to use the installed NIC (e.g.,
PCMCIA, USB, etc). Install Linux and drivers for the new NIC and the whole process is
thwarted. Of course the thief has to be tech savvy to use thwarting techniques which,
initially, would low incidence occurrence.

--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp

[G. Morgan]

David H. Lipman wrote:

> Thus the ROM
>code for the embedded NIC would fail and wouldn't be able to use the installed NIC (e.g.,
>PCMCIA, USB, etc). Install Linux and drivers for the new NIC and the whole process is
>thwarted.

What about after Linux is loaded and the new NIC starts working, don't
you think the ROM code will detect an active TCP/IP session and do it's
thing?

[Dustin]

G. Morgan <G_Morgan@easy.com> wrote in
news:mtqf671feomr77fqa49boj5fe4722bgtqv@Osama-is-dead.net:

> David H. Lipman wrote:
>
>> Thus the ROM
>>code for the embedded NIC would fail and wouldn't be able to use the
>>installed NIC (e.g., PCMCIA, USB, etc). Install Linux and drivers
>>for the new NIC and the whole process is thwarted.
>
> What about after Linux is loaded and the new NIC starts working,
> don't you think the ROM code will detect an active TCP/IP session
> and do it's thing?

The versions I've seen presently don't, no. However, a future update
might. I think the updates depend on the upcoming court case tho. [g]


--
I am a sinner
Hold my prayers upto the sun
I am a sinner
Heaven's closed for what I've done.

[David H. Lipman]

From: "G. Morgan" <G_Morgan@easy.com>

> David H. Lipman wrote:
>
>> Thus the ROM
>> code for the embedded NIC would fail and wouldn't be able to use the installed NIC
>> (e.g.,
>> PCMCIA, USB, etc). Install Linux and drivers for the new NIC and the whole process is
>> thwarted.
>
> What about after Linux is loaded and the new NIC starts working, don't
> you think the ROM code will detect an active TCP/IP session and do it's
> thing?
>

It doesn't like Linux and won't communicate through this OS to use the new NIC.


--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp

[G. Morgan]

Dustin wrote:

>G. Morgan <G_Morgan@easy.com> wrote in
>news:mtqf671feomr77fqa49boj5fe4722bgtqv@Osama-is-dead.net:
>
>> David H. Lipman wrote:
>>
>>> Thus the ROM
>>>code for the embedded NIC would fail and wouldn't be able to use the
>>>installed NIC (e.g., PCMCIA, USB, etc). Install Linux and drivers
>>>for the new NIC and the whole process is thwarted.
>>
>> What about after Linux is loaded and the new NIC starts working,
>> don't you think the ROM code will detect an active TCP/IP session
>> and do it's thing?
>
>The versions I've seen presently don't, no. However, a future update
>might. I think the updates depend on the upcoming court case tho. [g]

Hmmm. Are you going to reveal everything you have learned about the
code here? I'd be interested in your findings.

[G. Morgan]

David H. Lipman wrote:

>From: "G. Morgan" <G_Morgan@easy.com>
>
>> David H. Lipman wrote:
>>
>>> Thus the ROM
>>> code for the embedded NIC would fail and wouldn't be able to use the installed NIC
>>> (e.g.,
>>> PCMCIA, USB, etc). Install Linux and drivers for the new NIC and the whole process is
>>> thwarted.
>>
>> What about after Linux is loaded and the new NIC starts working, don't
>> you think the ROM code will detect an active TCP/IP session and do it's
>> thing?
>>
>
>It doesn't like Linux and won't communicate through this OS to use the new NIC.

Ah..