"Dustin" <bughunter.dustin@gmail.com> wrote in message
news:Xns9F5C60324EBB9HHI2948AJD832@no...
> "FromTheRafters" <erratic.howard@gmail.com> wrote in
> news:j4fksv$5c3$1@dont-email.me:
>
>> If it can be made unusable by a thief, that is a small measure of
>> success.
>
> I don't think like a thief.The laptop dying as a result of mod chip
> removal counts to me, as a discovery of how not to do something. To
> less enthusiastic people, it means a failure. [g]
Thomas Edison said something similar.
>> The possibility of subversion is worrying though.
>
> Well, you literally are trusting the company not to do anything nasty
> to your machine. And, if it has a working internet connection and you
> have the bios code running, and you allowed the exe to drop and install
> as a service, you do understand it can download more software anytime
> they like. The initial dropper doesn't do all the dirty work on it's
> own. A few more executables are required, depending on computrace's
> intentions. The fact it allows them to access *almost everything* on
> your pc tho, is worrying to me.
Yes, it is a complete and utter compromise and you are expected to
trust them - in fact *pay* them - for the service.)
If you can make known that a device is useless to a thief, the thief
will be less likely to steal it. It would be better if we could cut out the
middleman and activate the self-destruct ourselves.
> I personally wouldn't use the software.
>
>>> However, if I am able to reflash the main bios AND the optionrom2
>>> code, I can still disable lojack. The chip contains code the system
>>> won't be able to use, because I turned it "back off" in the bios
>>> config. It's not a clean situation as I'd prefer, but it works
>>> still.
>>
>> Well, I never thought the software version was worth anything
>> anyway. If you can remove the code, you can defeat the 'protection'.
>> My take was that they were able to put the essential code in a
>> non-flashable location.
>
> It's all software.
> contain the same code as the optionrom which is flashed with your
> permission (I hope you know it's being done). That flashing is seperate
> from a bios update from manufacturer. That only deals with the main
> section code block, not your optionroms. Optionroms don't have to
> physically exist on the bios chip either, they can be present on cards
> present in the computer.
I believe that was the usual case, this 'guest space' on the main BIOS
chip is relatively new to me.
> I have a secondary pci controller card with
> it's own bios. As it presently has no drives connected, it's bios
> doesn't remain in memory. However, a bios dump does reveal my system
> considers it's bios to be an optionrom.
This was how the PCI "rootkit" was suggested, expansion (or option)
ROM gets included in the BIOS image. I had no idea that the main
BIOS chip had extra space to accomodate additional firmware until
recently.
Did you write your own BIOS and Expansion ROM dumping tool? I found
one for each, but not one for both.
> computrace occasionally releases updates; they have to be able to
> reflash on occasion. The modified chip on the high end stuff isn't
> writable, afaik, it's read only code. Likely a permanent serial number
> and such for lojack tracing purposes. My method for disabling still
> works on these systems.
>
> It's just not clean from my hardass point of view, as the chip is still
> present and I can't just snip it free. Yes, it's dead, yes lojack's
> nothing but a memory now, but the chip is still physically present and
> that irks me. [g]
So, you're sure it's only "data" but you just don't like loose
ends?
Is there anything unusual about outgoing packets? Are packets tagged
with that data?
That would suck.
Reply With Quote