Jump to content

IT razno.


Mikorist

Preporučeni Komentari

Ima li ko u nasem ataru da moz mi doda ili zameni ram na tabletu (ima 1gb, a ja bi bar duplo) u pitanju je  Asus Transformer Prime TF700T

Link to comment
Podeli na ovim sajtovima

7 hours ago, Mikorist said:

na tom se ne menja ram švajsovan je na matičnu.

Znam da je svajsovan, zato i pitam. Moze da se zasvajsuje drugi, samo da ima ko

Link to comment
Podeli na ovim sajtovima

još malo podataka o Intel ME

Citat

Shutting the ubiquitous backdoor

a.k.a Intel ME with a programmer and some guts ;)

Published  by Updated 

I believe resistance is futile if someone is bent on spying on you; there’re both serious and creative ways to go about it. Talking to your processor, behind your back, isn’t the primary or only means. Our’s is a golden age where corporates and government agencies stoop low enough to pry into bedrooms. Did you know that almost all machines1 you own have a processor aside from the one you paid for? It controls your processor (host) and won’t listen to you.

  • Unbeknownst to the host, it runs out-of-band, on a separate chip
  • It has unfettered access to any memory region; it runs at ring level −32
  • It can run even when your machine is in stand-by
  • It runs an OS and a TCP/IP server on certain ports bypassing any firewall in the host
    • You would never know even if you’re spied on
  • Can’t be terminated
    • It controls the host’s boot cycle

A processor inside your processor, having its own operating system3, running services, buried very deep within and can’t be switched completely off – it’s needed to even bring up your processor during boot. I’m talking about the Intel ME — a backdoor that’s built into Intel processors; it’s inner workings known only to Intel who refuses divulging anything about it in the name of security4. What’s that? Yeah, I too went “I’m lucky! I own an AMD machine”. Well, look up PSP; it’s AMD’s ME. I think it’s clear by now such

back doors would exist even on mobile and server processors. It is just matter of time before they’re exposed.

Motive

Some bright minds have found a way to neutralize Intel’s backdoor5 i.e. not completely kill it, but make it harmless. Now neutralizing just your MEs isn’t going to stop your other machines from prying. Security experts and the paranoids will rightfully suggest

If you really want to be secure, go back to the cave. Use pen and paper; burn it, when you’re done!

Knowing it’s beyond me, why am I still doing it? Well definitely not for security6, but the hacker in me would like to own his toys – a reasonable expectation. A stranger shouldn’t tell you how to use your pen; even worse, use it behind your back routinely. It’s as simple as that. It’s probably one of the reasons7 I’m a FOSS loyalist.

I don’t want some processor, I didn’t pay for, to drain my laptop power, or steal data for some merchant who wants to sell stuff that I don’t want.

If this makes sense then you should clean your machine too, but at your own risk. Make sure you read the ME Cleaner guides, check versions and compatibilities then proceed cautiously. Basically, we’re going to do a BIOS firmware update8. Just that it’s not done internally using software but externally with a cheap BIOS programmer. How come re-programming the BIOS firmware shuts the backdoor? When you cold boot your processor, it starts with an amnesia and so it always starts with the BIOS boot program. In this program, there’s a hidden kill-switch for the back door: the HAP/AltMeDisable bit. If set, ME will just boot the host and halt.

Let’s get on with it!

Connect

You should just be able to physically access your motherboard; no soldering involved.

USB Programmer CH341A (left), SOP8 clip (bottom), SOP16/8-DIP8 board (top)

Tools

USB Programmer CH341A (left), SOP8 clip (bottom), SOP16/8-DIP8 board (top)

CH341A (Black) is a cheap9 USB SPI chip programmer. The SOP8 clip – that saves you from removing and re-soldering the BIOS chip – is sold separately. Make sure you buy the clip that comes with a SOP16/8-DIP8 board; this proxies as the BIOS chip going into the programmer’s slot. Take note

  1. The first bit is denoted on the BIOS chip-top with a circle marking.
  2. Make sure the clip’s red line, denoting the first bit, matches with this circle i.e. first on chip is connect to the first on clip when clipping.
  3. Connect the wire end of the clip to the board such that the first bits match – the board has all bit pins marked.
    • Usually a 10-bit bus cable is used as the connector; notice that bits 9 and 10 are cut out.
  4. Look at the CH341A programmer board for a drawing about the 25 SPI BIOS chip layout. This should also have the circle marking.
  5. Connect the board-end of the clip such that its first and the SPI’s first bits match.
setup.jpg

My Setup

Connect the programmer’s USB to a Linux machine; I used a Xubuntu bootable USB to convert my old Windows 10 laptop. You’re all set hardware-wise. Run lsusb on the terminal and make sure you see something like


BUS 008 Device 012: ID 1a86:5512 QinHeng Electronics CH341 in EPP/MEM/I2C mode, EPP/I2C adapter

This means your Linux machine successfully detects the programmer.

Backup

Install flashrom; your distro’s package repository will definitely have this nifty tool. Make sure the chip is recognized by it:


$ sudo flashrom --programmer ch341a_spi -r BIOS_org.bin
flashrom v0.9.9-r1954 on Linux 4.15.0-20-generic (x86_64)
flashrom is free software, get the source code at https://flashrom.org

Calibrating delay loop... OK.
Found GigaDevice flash chip "GD25Q64(B)" (8192 kB, SPI) on ch341a_spi.
Reading flash... done.

It should be able to auto-detect the chip and give you a full dump of the chip contents. If it says no devices were found, re-connect the clip; loose-contacts are common with these clips. Get two dumps and binary-compare them to make sure the connection was fine and the images are valid.

If there’re multiple SPI chips on your motherboard, make sure you get the right one i.e. the BIOS image you get from your OEM should have around the same size as the dump you just made.

1 MiB Winbond EEPROM chip (left-bottom) was a red herring.  8 MiB GigaDevice GD25Q64(B) BIOS chip (centre) was the one.

Eeny, meeny, miny, moe

1 MiB Winbond EEPROM chip (left-bottom) was a red herring. 8 MiB GigaDevice GD25Q64(B) BIOS chip (centre) was the one.

Run me_cleaner on the dump to verify it:


$ ./me_cleaner.py -c BIOS_org.bin

You should get a valid output. You might also check it with the ifdtool from the coreboot repo: ifdtool -d BIOS_org.bin.

Clean

Run me_cleaner with the soft-clean option. It’s the safest; others wipe out the Intel ME module regions from the firmware; this one simply sets the bit.


$ ./me_cleaner.py -s -O BIOS_clean.bin BIOS_org.bin
Full image detected
The ME/TXE region goes from 0x1000 to 0x200000
Found FPT header at 0x1010
Found 11 partition(s)
Found FTPR header: FTPR partition spans from 0x1000 to 0xa8000
Found FTPR manifest at 0x1448
ME/TXE firmware version 11.6.10.1196
Public key match: Intel ME, firmware versions 11.x.x.x
The HAP bit is NOT SET
Setting the HAP bit in PCHSTRP0 to disable Intel ME...
Checking the FTPR RSA signature... VALID
Done! Good luck!

It should set the AltMeDisable (or HAP) bit and wish you luck!

Flash

Flash the cleaned image back on to the SPI chip


$ sudo flashrom --programmer ch341a_spi -w BIOS_clean.bin
flashrom v0.9.9-r1954 on Linux 4.15.0-20-generic (x86_64)
flashrom is free software, get the source code at https://flashrom.org

Calibrating delay loop... OK.
Found GigaDevice flash chip "GD25Q64(B)" (8192 kB, SPI) on ch341a_spi.
Reading old flash chip contents... done.
Erasing and writing flash chip... Erase/write done.
Verifying flash... VERIFIED.

It will first take a back-up for disaster-recovery. It’ll also see if it could optimize by not writing portions that don’t differ. Then it’ll write and verify if the image and the chip contents match! Quite a thorough piece of software; nice :)

Verify

Now for the moment of truth! Disconnet the clip, restart your machine. The machine should boot in to the OS normally. That isn’t all: make sure you use it for more than 40 mins and if nothing goes wrong, yay! You’ve successfully neutralized the backdoor! ?

On *nix, /dev/mei0 would no longer exist. Also the MEI entry should no longer show up for lspci. A more through way is intelmetool -s.

For Windows, get the right version of Intel ME System Tools


$ MEInfoWin64.exe -FWSTS

Intel(R) MEInfo Version: 11.8.50.3460
Copyright(C) 2005 - 2017, Intel Corporation. All rights reserved.

FW Status Register1: 0x80022004
FW Status Register2: 0x304D0116
FW Status Register3: 0x00000020
FW Status Register4: 0x00086000
FW Status Register5: 0x00000000
FW Status Register6: 0x40000004

  CurrentState:                               Disabled
  ManufacturingMode:                          Disabled
  FlashPartition:                             Valid
  OperationalState:                           Transitioning
  InitComplete:                               Initializing
  BUPLoadState:                               Success
  ErrorCode:                                  Disabled
  ModeOfOperation:                            Alt Disable Mode
  SPI Flash Log:                              Not Present
  FPF HW Source value:                        FPF HW Not Set
  ME FPF Fusing Patch Status:                 ME FPF Fusing patch NOT supported in this FW Version
  Phase:                                      BringUp
  ICC:                                        Valid OEM data, ICC programmed
  ME File System Corrupted:                   No
  PhaseStatus:                                UNKNOWN
  FPF and ME Config Status:                   Match

You can also verify that in the Device Manager, under System devices, the Intel(R) Management Engine Interface no longer shows up. Make sure you uninstall any ME-related software10.

Finally, be a good team player and report your success!

References

  1. Intel x86s hide another CPU that can take over your machine
  2. The Intel Management Engine: an attack on computer users’ freedom
  3. Deep dive into Intel Management Engine Disablement
  4. Disabling Intel ME 11 via undocumented mode
  5. Sakaki’s EFI Install Guide/Disabling the Intel Management Engine
  6. How to become the sole owner of your PC
  7. Intel ME Myths and Reality
  8. Me Cleaner’s external flashing guide

P.S.

This machine has CSME 11 since it is a Kaby Lake. Processors with older ME versions have much lesser security that this external flashing isn’t needed but is a lot cleaner. The OEM’s BIOS firmware upgrade utility usually works. I had a fun time cleaning my older laptop having ME 8.


  1. the ones with micro-processor(s) ↩︎

  2. Negative ring levels are below the kernel which is at 0. Lesser is deeper. ↩︎

  3. MINIX OS, written by the same guy who flamed Linus Torvalds for writing a monolithic kernel. In some sense the microkernel design won since it’s now the most used OS ? ↩︎

  4. Security by obscurity – the worst form of security, as opined by security experts. ↩︎

  5. Sorry AMD owners; a consoling factor, however, is apparently PSP is much less capable than ME. ↩︎

  6. Heck! I wouldn’t be blogging about it if that’s the case, would I now? ↩︎

  7. Another reason is, of course, its superior engineering, better science and execution that stands the test of time, despite contributors not being paid engineers. Beat that corporates! ↩︎

  8. Just that it’ll be a non-OEM update this time. ↩︎

  9. Decent quality ones costed around $15 together ↩︎

  10. There are reports of ME software resetting the bit and resurructing the parasite ↩︎

https://legends2k.github.io/note/clean_me/

Link to comment
Podeli na ovim sajtovima

  • 2 months later...
Citat

The Twitter accounts of major companies and individuals have been compromised in one of the most widespread and confounding hacks the platform has ever seen, all in service of promoting a bitcoin scam that appears to be earning its creator quite a bit of money.

We don’t know how it’s happened or even to what extent Twitter’s own systems may have been compromised. The hack is ongoing, with new tweets posting to verified accounts on a regular basis starting shortly after 4PM ET. Twitter acknowledged the situation after more than an hour of silence, writing on its support account, “We are aware of a security incident impacting accounts on Twitter. We are investigating and taking steps to fix it. We will update everyone shortly.”

The company also took the unprecedented measure of preventing verified accounts from tweeting at all starting sometime around 6PM ET. This would seem to be the first time Twitter has ever done this in the company’s history.

The chaos began when Elon Musk’s Twitter account was seemingly compromised by a hacker intent on using it to run a bitcoin scam. Microsoft co-founder Bill Gates’ account was also seemingly accessed by the same scammer, who posted a similar message with an identical bitcoin wallet address. Both accounts continued to post new tweets promoting the scam almost as fast as they were deleted, and Musk’s account in particular appears to still be under the control of the hacker as of 5:56PM ET.

A spokesperson for Gates tells Recode’s Teddy Schleifer, “We can confirm that this tweet was not sent by Bill Gates. This appears to be part of a larger issue that Twitter is facing. Twitter is aware and working to restore the account.”

Shortly after the initial wave of tweets from Gates and Musk’s accounts, the accounts of Apple, Uber, former President Barack Obama, Amazon CEO Jeff Bezos, Democratic presidential candidate Joe Biden, hip-hop mogul Kanye West, and former New York City mayor and billionaire Mike Bloomberg, among others, were also compromised and began promoting the scam.

It’s unclear how widespread the operation is, but it appears to be affecting numerous major companies and extremely high-profile individuals. That suggests someone, or a group, has either found a severe security loophole in Twitter’s login process or third-party app or that the perpetrator has somehow gained access to a Twitter employee’s admin privileges.

Screen_Shot_2020_07_15_at_1.40.07_PM.png

The origin of the scam appears to be when Musk’s account issued a mysterious tweet at 4:17PM ET reading, “I‘m feeling generous because of Covid-19. I’ll double any BTC payment sent to my BTC address for the next hour. Good luck, and stay safe out there!” The tweet also contained a bitcoin address, presumably one associated with the hacker’s crypto wallet.

The tweet was then deleted and replaced by another one more plainly laying out the fake promotion. “Feeling grateful doubling all payments sent to my BTC address! You send $1,000, I send back $2,000! Only doing this for the next 30 minutes,” it read before also getting deleted. The tweet posted to Gates’ account echoed the last Musk tweet, with an identical BTC address attached. It was also deleted shortly after posting, only for a similar message to take its place a few minutes later.

Square’s Cash App appears to be one of the other company accounts compromised. However, it’s not clear if the culprit is the same or if this is some form of a coordinated scam on behalf of a group, as the tweet contained a different BTC address than the ones posted to the other accounts. In addition to the Cash App, popular crypto Twitter accounts, including those of Cameron and Tyler Winklevoss’ Gemini cryptocurrency exchange and widely used wallet app Coinbase, were also compromised. Cameron Winklevoss claims the Gemini account was protected by two-factor authentication and used a strong password, and the company is now investigating how it was hit.

Some people are falling for the scam and sending money to the associated BTC addresses, as records of the transactions are public due to the nature of the blockchain-based cryptocurrency. So far, the scammer appears to have earned nearly $110,000, although it seems as if the account owner is indeed sending money back out as the daily final balance appears to be fluctuating up and down.

Musk has long been the target of bitcoin scammers on Twitter, many of whom create fake accounts designed to look like the entrepreneur and respond to his tweets promoting the scams so that they appear legitimate. Twitter even went so far as to start locking some accounts that change their name to “Elon Musk,” and the company singled out cryptocurrency scammers in spring 2018 as a source of known manipulation and deception that it was aiming to root out through bans and other moderation strategies.

 

https://www.theverge.com/2020/7/15/21326200/elon-musk-bill-gates-twitter-hack-bitcoin-scam-compromised

Link to comment
Podeli na ovim sajtovima

  • 1 month later...
  • 2 nedelje kasnije...
pre 32 minuta, Nesic reče

Apple raskinuo sa nVidia, prešao na ARM, a eto sada... :D

ma samo nek vrate nazad nVidiu i njihove graficke - taman bili uslovljeni kroz procesore ...  da krenu ponovo drajveri za MacOS...a podrsku za intel mora da ima OS svakako sledecih 10 godina;)

p.s.

nekako su mi najpouzdanije nVidia graficke.....

Link to comment
Podeli na ovim sajtovima

ma samo nek vrate nazad nVidiu i njihove graficke - taman bili uslovljeni kroz procesore ...  da krenu ponovo drajveri za MacOS...a podrsku za intel mora da ima OS svakako sledecih 10 godina[emoji6]
p.s.
nekako su mi najpouzdanije nVidia graficke.....
Miko, tu ima nešto gadno, što mi ni ne možemo da pretpostavimo.
Poznato Vam je da svi koji se bave AI koriste isključivo nVidia zato što na njima jedino rade (valjda su oni sa saradnicima ih i razvili) biblioteke za AI.
Pošto je AI apsolutni trend a Apple najveća IT kompanija sumnjam da su predvideli ovu prednost nVidia kartica u odnosu na sve ostale (brzina i kvalitet manje vise) nego bih pre rekao da je nVidia toliko moćna da je više Apple ne može da ucenjuje poput drugih; pa su izgleda oni bili ti koji su "oladili" Apple i oterali ga Intelu.
Kako sada stvari stoje i kojim tempom raste oblast AI pre će Apple moliti nego nVidia.
Link to comment
Podeli na ovim sajtovima

29 minutes ago, Mikorist said:

mozda je jeftinije bilo da kupe ceo Apple - ej 40 Bilona :smesna:

A to je sad ona fora sto i nije 40velikih. Kada je M$ kupio GitHub bilo je isto 7.5 milijarde a kasnije saznas da je to $7.5 milijarde u stock-ovima. Sto ajde sad nije bas isto.

Link to comment
Podeli na ovim sajtovima

Pre sat vremena, Srecko reče

Miko, tu ima nešto gadno, što mi ni ne možemo da pretpostavimo.
Poznato Vam je da svi koji se bave AI koriste isključivo nVidia zato što na njima jedino rade (valjda su oni sa saradnicima ih i razvili) biblioteke za AI.
Pošto je AI apsolutni trend a Apple najveća IT kompanija sumnjam da su predvideli ovu prednost nVidia kartica u odnosu na sve ostale (brzina i kvalitet manje vise) nego bih pre rekao da je nVidia toliko moćna da je više Apple ne može da ucenjuje poput drugih; pa su izgleda oni bili ti koji su "oladili" Apple i oterali ga Intelu.
Kako sada stvari stoje i kojim tempom raste oblast AI pre će Apple moliti nego nVidia.

I 3D renderingom kao i SFX efekte za Holivudske filmove - DAKLE - pronaci CUDA pojam na guglu...znaci enormne pare se zaradjuju od ovoga - bilo da si programer i/ili dizajner...

sto je najbolje *(sad ispade najgore) za MacOS imaju najbolji programi za 3D obradu...i sta se sad dogadja? Posto je podrska za CUDA na macOS High Sierra

niko ne moze da apdejtuje MacOS na zadnju verziju jer gubi podrsku za drajvere....:smesna:

Link to comment
Podeli na ovim sajtovima

Stalno zavitlavam sina zbog Mac Book Pro, upravo zbog toga pošto se bavi isključivo AI-om[emoji16].
Na kraju je morao da kupi neko čudo (Windows) sa nekim posebnom hlađenjima i najboljom nVidia karticom (3-4000 £ ako sam dobro razumeo).
To je kupio pre par meseci i sad kuka jer je ranije najbolja nVidia bila u rangu ili čak malo brža od najslabije nVidia nove generacije, a sada je i ta najslabija valjda 2X brža od te ranije najbolje; pa su jadni bankari malo odlepili (nije samo on kupio, uvek zanavljaju nVidia svi što pre mogu)[emoji16].
Baš mi ih je žao[emoji16].

Znate onaj fazon kad otac i sin vampiri uđu u neko selo, posisaju krv od 5-6% stanovništva i tata kaže sinu idemo u naredno selo.
Pred jutro sin vampir, umoran od tih poseta raznim selima pita tatu vampira što to rade, što jednostavno ne popiju krv svima iz jednog sela?
Tata vampir mu na to kaže, e sine nadao sam se da me to nećeš ni pitati, NISMO MI BANKARI, već pošteni vampiri.

Link to comment
Podeli na ovim sajtovima

Kreiraj nalog ili se prijavi da daš komentar

Potrebno je da budeš član DiyAudio.rs-a da bi ostavio komentar

Kreiraj nalog

Prijavite se za novi nalog na DiyAudio.rs zajednici. Jednostavno je!

Registruj novi nalog

Prijavi se

Već imaš nalog? Prijavi se ovde

Prijavi se odmah
  • Članovi koji sada čitaju   0 članova

    • Nema registrovanih članova koji gledaju ovu stranicu
×
×
  • Kreiraj novo...