"FromTheRafters" <erratic.howard@gmail.com> wrote in
news:j4h24t$qoe$1@dont-email.me:

> I believe that was the usual case, this 'guest space' on the main
> BIOS chip is relatively new to me.

I've known about it for a really long time. Prior to retiring, I was
experimenting with malicious code for this purpose... ;p I believe I've
been honest on how I know this stuff tho. I've always said my past had
a lot to do with it.

> This was how the PCI "rootkit" was suggested, expansion (or option)
> ROM gets included in the BIOS image. I had no idea that the main
> BIOS chip had extra space to accomodate additional firmware until
> recently.

A lot of people don't know the BIOS has more than just one section.
It's why people are so shocked when I tell them....

> Did you write your own BIOS and Expansion ROM dumping tool? I found
> one for each, but not one for both.

Yes, but the tool is very old and wasn't intended for the legit side of
bios alteration. [g] It just happens to work in this case too. The
technology behind it tho was for another project...

> So, you're sure it's only "data" but you just don't like loose
> ends?

I need another laptop with the extra chip to verify my theory. I
think!? i found the hardware calls the rom image makes to talk to it.
If it can talk to it, so can I.

> Is there anything unusual about outgoing packets? Are packets tagged
> with that data?

You'd see an SSL connection if you packet sniffed. Nothing more. Yea,
you could figure out the destination IP is computrace if you wanted to
bother. But you wouldn't be able to see what the discussion itself is.




--
I am a sinner
Hold my prayers upto the sun
I am a sinner
Heaven's closed for what I've done.