Jump to content











Photo
- - - - -

Disabling the spy CPU on Intel-based computers


  • Please log in to reply
7 replies to this topic

#1 Nuno Brito

Nuno Brito

    Platinum Member

  • Team Reboot
  • 10424 posts
  • Location:boot.wim
  • Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..
  •  
    European Union

Posted 11 January 2017 - 08:55 PM

As you might have noted, there is a second CPU included with each machine that runs Intel.

 

This CPU seems capable of doing a quite a lot on its own and at the same much is left undocumented to the public. When we talk about securing our machines, you can have the best antivirus in the world but still have this one CPU with unrestricted access to your machine.

 

There was recently a presentation that helps to disable the co-processor, you find the PDF at: https://github.com/p... of your PC.pdf

 

Anyone willing to give it a try? :)

 

 



#2 TheHive

TheHive

    Platinum Member

  • .script developer
  • 4128 posts

Posted 12 January 2017 - 08:13 AM

Wondering! If AMD includes something similar. If not, seems to be a real alternative in the future.

 

Just like when Sony was at top, once upon a Time, but they just had to add things to their equipment to keep the end user from using their newly bought item the way they want. Rootkit! Anyone.



#3 wean_irdeh

wean_irdeh

    Newbie

  • Members
  • 19 posts
  •  
    Vietnam

Posted 12 January 2017 - 12:11 PM

Wondering! If AMD includes something similar. If not, seems to be a real alternative in the future.
 
Just like when Sony was at top, once upon a Time, but they just had to add things to their equipment to keep the end user from using their newly bought item the way they want. Rootkit! Anyone.


AMD also includes PSP, it's basically an ARM TrustZone core with complete access to entire RAM, thus it's impossible to run without any proprietary blobs

The only x86 left is VIA, wondering if anybody could run libreboot in it

The rootkit actually happen inside BMG, by the time the rootkit was discovered, Sony is still merging with BMG, thus when the merging completed, Sony had to pay amy consequences that BMG caused
  • Nuno Brito likes this

#4 homes32

homes32

    Gold Member

  • .script developer
  • 1021 posts
  • Location:Minnesota
  •  
    United States

Posted 12 January 2017 - 07:13 PM

I disagree with the presentation calling it "Hidden". intel makes no effort to hide the fact and the management engine isn't anything new, servers and higher end MB have had remote management for years ILO (HP), IMM2 (IBM), iDRAC (Dell). vPro was meant for increased management of clients in an enterprise environment (imagine 100's of PC's to manage across a geographically diverse area). I don't like the whole DRM thing with the audio and video pathways being wedged in there but honestly, how do you expect stuff like lojack, remote wipe, and remote startup/management to work without a processor with access to low level functions and active even when the main CPU is powered down?



#5 homes32

homes32

    Gold Member

  • .script developer
  • 1021 posts
  • Location:Minnesota
  •  
    United States

Posted 12 January 2017 - 07:19 PM

here is another interesting artical of disabling.

http://hackaday.com/...agement-engine/

 

Really the takeaway on stuff like ME is that yes, it is useful and has legitimate purpose, but the fact that it is so closed off and you can't disable it is a problem. What happens after a couple years and intel stops supporting/patching that specific CPU and an exploit is discovered? You have no option to disable it and are forced to accept the risk or buy a new CPU and supporting hardware.


  • Nuno Brito likes this

#6 Nuno Brito

Nuno Brito

    Platinum Member

  • Team Reboot
  • 10424 posts
  • Location:boot.wim
  • Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..
  •  
    European Union

Posted 12 January 2017 - 08:09 PM

What happens after a couple years and intel stops supporting/patching that specific CPU and an exploit is discovered?

 

True. You are actually the first person that I see making such accurate remark. Not that home laptops will mater, but hospitals and other infrastructure don't update their hardware. They will be completely open for attack.



#7 Wonko the Insane

Wonko the Insane

    Frequent Member

  • Advanced user
  • 458 posts
  • Location:The Inside of the Asylum (gate is wide open)
  • Interests:Oh, so you hate me too? Well, join the club! There are weekly meetings at the corner of Fuck You St. and Kiss My Ass Blvd.
  •  
    United States

Posted 13 January 2017 - 12:07 AM

But of course Intel is collaborating with the US govt to spy on average people. Corporations have been doing it for years, from Intel to Microsoft to Google to Apple, etc. The US govt is deeply dug into almost every business of major significance in America.

 

I wouldn't be surprised if AMD isn't doing something similar, at least Intel isn't trying to hide that they do this, while AMD steadfastly denies it.

 

Of all the methods listed in the PDF, soft disable looks safest, and can be reversed if necessary. Any idea how to do this particular method in layman's terms?


  • Nuno Brito likes this

#8 homes32

homes32

    Gold Member

  • .script developer
  • 1021 posts
  • Location:Minnesota
  •  
    United States

Posted 13 January 2017 - 03:08 PM


Of all the methods listed in the PDF, soft disable looks safest, and can be reversed if necessary. Any idea how to do this particular method in layman's terms?

Use the BIOS option if it exists.

The other option is to write directly to the MI register before POST is finished, which means you will most likley be using a serial debugger attached to the MB. Not really a laymans undertaking.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users