Aleks Napisano Jun 12, 2020 Share #991 Napisano Jun 12, 2020 Ma samo Intel. Iz 18-godišnjeg iskustva, ne pitajte me šta nisam radio, od obrade zvuka, preko 3D i video produkcije/post produkcije, do evo danas FE developmenta. Samo Intel, ako je do posla. Ostalo nebitno, igrice mogu da se igraju i bez procesora, npr Ne ljuti se čoveče ili domine. Pa evo sada radim na 2 računara, na poslu i kući, sve ista konfiguracija, poštene ploče, dobre grafike, SSD-i i 16G rama na oba mesta, kući AMD na poslu i5. Guess who's the winner? Rekao sam neću više da kupujem AMD sve ne imao kompjuter. pre 17 minuta, gluv_i_udaren reče I garantujem da bi isto radio i da je i5 ili nekakav AMD Jednostavno, na muci se poznaju junaci. Sve to što kažeš, sve radi lepo, ne glavi se nigde, leti sve, i onda kada dođe do momenta da zatreba "mišića" za nešto - AMD zaštucne, odradi on ali zastane, ponekad to potraje, sačekaš ali bude. Intel ne staje, ne štuca, ne muca. Link to comment Podeli na ovim sajtovima More sharing options...
gluv_i_udaren Napisano Jun 12, 2020 Share #992 Napisano Jun 12, 2020 Istina, mada jedina operacija gde mi treba CPU je ispravka checksuma na nekim motornim kompjuterima. Na i7 ume da potraje i po 15-20 minuta. Ali melje i ne staje nikad Link to comment Podeli na ovim sajtovima More sharing options...
Mikorist Napisano Jun 12, 2020 Share #993 Napisano Jun 12, 2020 I ja sam na Intel.... ali skup hobi. 82K i9-10900X....ali stvarno MELJE. čak i igrice Link to comment Podeli na ovim sajtovima More sharing options...
vinko Napisano Jun 12, 2020 Share #994 Napisano Jun 12, 2020 Intel je podobro zajebao sa svesnim propustom u dizajnu. Da bi dobio na brzini, dok AMD nije to radio, nego je radio po specifikaciji. Intel sada nema resenje, i nema ga ni u pipelaline-u za proizvodnju, koji je par godina. Ne nisu ga niti ce ga resiti firmware-om, nece ga resiti niti software-ski, jednostavno svesno su uradili dizajn takav da se ne nadje lako a da dobiju na brzini. Al google-ovi istrazivacki timovi nasli. Ozbiljan exploit za napade, i to nebrojano mnogo rupa. Link to comment Podeli na ovim sajtovima More sharing options...
Mikorist Napisano Jun 12, 2020 Share #995 Napisano Jun 12, 2020 Ja sam poskidao na svemu firmware. Odnosno Intel ME engine... Skinem BIOS chip duvaljkom - pa na programator.... Link to comment Podeli na ovim sajtovima More sharing options...
Mikorist Napisano Jun 12, 2020 Share #996 Napisano Jun 12, 2020 pre 14 minuta, vinko reče Ozbiljan exploit za napade, i to nebrojano mnogo rupa. evo kako se uklanja Citat Shutting the ubiquitous backdoor a.k.a Intel ME with a programmer and some guts Published May 12, 2018 by Sundaram RamaswamyUpdated Oct 4, 2019 I believe resistance is futile if someone is bent on spying on you; there’re both serious and creative ways to go about it. Talking to your processor, behind your back, isn’t the primary or only means. Our’s is a golden age where corporates and government agencies stoop low enough to pry into bedrooms. Did you know that almost all machines1 you own have a processor aside from the one you paid for? It controls your processor (host) and won’t listen to you. Unbeknownst to the host, it runs out-of-band, on a separate chip It has unfettered access to any memory region; it runs at ring level −32 It can run even when your machine is in stand-by It runs an OS and a TCP/IP server on certain ports bypassing any firewall in the host You would never know even if you’re spied on Can’t be terminated It controls the host’s boot cycle A processor inside your processor, having its own operating system3, running services, buried very deep within and can’t be switched completely off – it’s needed to even bring up your processor during boot. I’m talking about the Intel ME — a backdoor that’s built into Intel processors; it’s inner workings known only to Intel who refuses divulging anything about it in the name of security4. What’s that? Yeah, I too went “I’m lucky! I own an AMD machine”. Well, look up PSP; it’s AMD’s ME. I think it’s clear by now such back doors would exist even on mobile and server processors. It is just matter of time before they’re exposed. Motive Some bright minds have found a way to neutralize Intel’s backdoor5 i.e. not completely kill it, but make it harmless. Now neutralizing just your MEs isn’t going to stop your other machines from prying. Security experts and the paranoids will rightfully suggest If you really want to be secure, go back to the cave. Use pen and paper; burn it, when you’re done! Knowing it’s beyond me, why am I still doing it? Well definitely not for security6, but the hacker in me would like to own his toys – a reasonable expectation. A stranger shouldn’t tell you how to use your pen; even worse, use it behind your back routinely. It’s as simple as that. It’s probably one of the reasons7 I’m a FOSS loyalist. I don’t want some processor, I didn’t pay for, to drain my laptop power, or steal data for some merchant who wants to sell stuff that I don’t want. If this makes sense then you should clean your machine too, but at your own risk. Make sure you read the ME Cleaner guides, check versions and compatibilities then proceed cautiously. Basically, we’re going to do a BIOS firmware update8. Just that it’s not done internally using software but externally with a cheap BIOS programmer. How come re-programming the BIOS firmware shuts the backdoor? When you cold boot your processor, it starts with an amnesia and so it always starts with the BIOS boot program. In this program, there’s a hidden kill-switch for the back door: the HAP/AltMeDisable bit. If set, ME will just boot the host and halt. Let’s get on with it! Connect You should just be able to physically access your motherboard; no soldering involved. Tools USB Programmer CH341A (left), SOP8 clip (bottom), SOP16/8-DIP8 board (top) CH341A (Black) is a cheap9 USB SPI chip programmer. The SOP8 clip – that saves you from removing and re-soldering the BIOS chip – is sold separately. Make sure you buy the clip that comes with a SOP16/8-DIP8 board; this proxies as the BIOS chip going into the programmer’s slot. Take note The first bit is denoted on the BIOS chip-top with a circle marking. Make sure the clip’s red line, denoting the first bit, matches with this circle i.e. first on chip is connect to the first on clip when clipping. Connect the wire end of the clip to the board such that the first bits match – the board has all bit pins marked. Usually a 10-bit bus cable is used as the connector; notice that bits 9 and 10 are cut out. Look at the CH341A programmer board for a drawing about the 25 SPI BIOS chip layout. This should also have the circle marking. Connect the board-end of the clip such that its first and the SPI’s first bits match. My Setup Connect the programmer’s USB to a Linux machine; I used a Xubuntu bootable USB to convert my old Windows 10 laptop. You’re all set hardware-wise. Run lsusb on the terminal and make sure you see something like BUS 008 Device 012: ID 1a86:5512 QinHeng Electronics CH341 in EPP/MEM/I2C mode, EPP/I2C adapter This means your Linux machine successfully detects the programmer. Backup Install flashrom; your distro’s package repository will definitely have this nifty tool. Make sure the chip is recognized by it: $ sudo flashrom --programmer ch341a_spi -r BIOS_org.bin flashrom v0.9.9-r1954 on Linux 4.15.0-20-generic (x86_64) flashrom is free software, get the source code at https://flashrom.org Calibrating delay loop... OK. Found GigaDevice flash chip "GD25Q64(B)" (8192 kB, SPI) on ch341a_spi. Reading flash... done. It should be able to auto-detect the chip and give you a full dump of the chip contents. If it says no devices were found, re-connect the clip; loose-contacts are common with these clips. Get two dumps and binary-compare them to make sure the connection was fine and the images are valid. If there’re multiple SPI chips on your motherboard, make sure you get the right one i.e. the BIOS image you get from your OEM should have around the same size as the dump you just made. Eeny, meeny, miny, moe 1 MiB Winbond EEPROM chip (left-bottom) was a red herring. 8 MiB GigaDevice GD25Q64(B) BIOS chip (centre) was the one. Run me_cleaner on the dump to verify it: $ ./me_cleaner.py -c BIOS_org.bin You should get a valid output. You might also check it with the ifdtool from the coreboot repo: ifdtool -d BIOS_org.bin. Clean Run me_cleaner with the soft-clean option. It’s the safest; others wipe out the Intel ME module regions from the firmware; this one simply sets the bit. $ ./me_cleaner.py -s -O BIOS_clean.bin BIOS_org.bin Full image detected The ME/TXE region goes from 0x1000 to 0x200000 Found FPT header at 0x1010 Found 11 partition(s) Found FTPR header: FTPR partition spans from 0x1000 to 0xa8000 Found FTPR manifest at 0x1448 ME/TXE firmware version 11.6.10.1196 Public key match: Intel ME, firmware versions 11.x.x.x The HAP bit is NOT SET Setting the HAP bit in PCHSTRP0 to disable Intel ME... Checking the FTPR RSA signature... VALID Done! Good luck! It should set the AltMeDisable (or HAP) bit and wish you luck! Flash Flash the cleaned image back on to the SPI chip $ sudo flashrom --programmer ch341a_spi -w BIOS_clean.bin flashrom v0.9.9-r1954 on Linux 4.15.0-20-generic (x86_64) flashrom is free software, get the source code at https://flashrom.org Calibrating delay loop... OK. Found GigaDevice flash chip "GD25Q64(B)" (8192 kB, SPI) on ch341a_spi. Reading old flash chip contents... done. Erasing and writing flash chip... Erase/write done. Verifying flash... VERIFIED. It will first take a back-up for disaster-recovery. It’ll also see if it could optimize by not writing portions that don’t differ. Then it’ll write and verify if the image and the chip contents match! Quite a thorough piece of software; nice Verify Now for the moment of truth! Disconnet the clip, restart your machine. The machine should boot in to the OS normally. That isn’t all: make sure you use it for more than 40 mins and if nothing goes wrong, yay! You’ve successfully neutralized the backdoor! ? On *nix, /dev/mei0 would no longer exist. Also the MEI entry should no longer show up for lspci. A more through way is intelmetool -s. For Windows, get the right version of Intel ME System Tools $ MEInfoWin64.exe -FWSTS Intel(R) MEInfo Version: 11.8.50.3460 Copyright(C) 2005 - 2017, Intel Corporation. All rights reserved. FW Status Register1: 0x80022004 FW Status Register2: 0x304D0116 FW Status Register3: 0x00000020 FW Status Register4: 0x00086000 FW Status Register5: 0x00000000 FW Status Register6: 0x40000004 CurrentState: Disabled ManufacturingMode: Disabled FlashPartition: Valid OperationalState: Transitioning InitComplete: Initializing BUPLoadState: Success ErrorCode: Disabled ModeOfOperation: Alt Disable Mode SPI Flash Log: Not Present FPF HW Source value: FPF HW Not Set ME FPF Fusing Patch Status: ME FPF Fusing patch NOT supported in this FW Version Phase: BringUp ICC: Valid OEM data, ICC programmed ME File System Corrupted: No PhaseStatus: UNKNOWN FPF and ME Config Status: Match You can also verify that in the Device Manager, under System devices, the Intel(R) Management Engine Interface no longer shows up. Make sure you uninstall any ME-related software10. Finally, be a good team player and report your success! References Intel x86s hide another CPU that can take over your machine The Intel Management Engine: an attack on computer users’ freedom Deep dive into Intel Management Engine Disablement Disabling Intel ME 11 via undocumented mode Sakaki’s EFI Install Guide/Disabling the Intel Management Engine How to become the sole owner of your PC Intel ME Myths and Reality Me Cleaner’s external flashing guide P.S. This machine has CSME 11 since it is a Kaby Lake. Processors with older ME versions have much lesser security that this external flashing isn’t needed but is a lot cleaner. The OEM’s BIOS firmware upgrade utility usually works. I had a fun time cleaning my older laptop having ME 8. the ones with micro-processor(s) ↩︎ Negative ring levels are below the kernel which is at 0. Lesser is deeper. ↩︎ MINIX OS, written by the same guy who flamed Linus Torvalds for writing a monolithic kernel. In some sense the microkernel design won since it’s now the most used OS ? ↩︎ Security by obscurity – the worst form of security, as opined by security experts. ↩︎ Sorry AMD owners; a consoling factor, however, is apparently PSP is much less capable than ME. ↩︎ Heck! I wouldn’t be blogging about it if that’s the case, would I now? ↩︎ Another reason is, of course, its superior engineering, better science and execution that stands the test of time, despite contributors not being paid engineers. Beat that corporates! ↩︎ Just that it’ll be a non-OEM update this time. ↩︎ Decent quality ones costed around $15 together ↩︎ There are reports of ME software resetting the bit and resurructing the parasite ↩︎ https://legends2k.github.io/note/clean_me/ Link to comment Podeli na ovim sajtovima More sharing options...
vinko Napisano Jun 12, 2020 Share #997 Napisano Jun 12, 2020 Mislio sam na branche prediction optimizacije i Intelove prevare, pa proistekle Spectre I, II i III(Meltdown), i posle Zombi i jos nekoliko, a Grac univerzitet i GoogleZero su rekli da takvih rupa ima zilion zbog dizajna, tj prevare. Jedan text: https://www.digitaltrends.com/computing/intel-ice-lake-wont-rid-spectre/ vladd je reagovao/la na ovo 1 Link to comment Podeli na ovim sajtovima More sharing options...
Mikorist Napisano Jun 12, 2020 Share #998 Napisano Jun 12, 2020 Pa sve idu kroz Intel Me.... Kad skineš skroz nema ništa. Radi kao Komodor 64 Nema Intel Me nema ni rupa ni zakrpa... 4 megabajta mi manji BIOS.... odnosno free space Link to comment Podeli na ovim sajtovima More sharing options...
Spachek Napisano Jun 12, 2020 Share #999 Napisano Jun 12, 2020 Mikorist, evo Gujin uradak Link to comment Podeli na ovim sajtovima More sharing options...
Mentok Napisano Jun 12, 2020 Share #1000 Napisano Jun 12, 2020 Intel, Amd, kanta ko kanta, nema tu šta da se lemi secka i prepravlja. Next Miko, rekni, čime si merio toppinga, one grafike za 1KHz i harmonike da ne tražim sad po internetu, bolje tebe da pitam nego da kucam u google vladd je reagovao/la na ovo 1 Link to comment Podeli na ovim sajtovima More sharing options...
Mikorist Napisano Jun 12, 2020 Share #1001 Napisano Jun 12, 2020 pre 57 minuta, Spachek reče Mikorist, evo Gujin uradak super. ja ću to dočekati negde 202X godine Link to comment Podeli na ovim sajtovima More sharing options...
Mikorist Napisano Jun 12, 2020 Share #1002 Napisano Jun 12, 2020 U suštini BOžija volja što sam ubacio linearni sa BUZ10 .... tako treba da bude Link to comment Podeli na ovim sajtovima More sharing options...
shonne Napisano Jun 12, 2020 Autor Share #1003 Napisano Jun 12, 2020 I ja sam na Intel.... ali skup hobi. 82K i9-10900X....ali stvarno MELJE. čak i igrice Kad pre nabavi 10 generaciju, to se skoro pojavilo. Nista ne verujem dok ne vidim uslikan procesor uz topping [emoji3] Link to comment Podeli na ovim sajtovima More sharing options...
Mikorist Napisano Jun 12, 2020 Share #1004 Napisano Jun 12, 2020 Nema Topping... Ne postoji više. Menja oblik Link to comment Podeli na ovim sajtovima More sharing options...
Zen Mod Napisano Jun 12, 2020 Share #1005 Napisano Jun 12, 2020 TransformerS Link to comment Podeli na ovim sajtovima More sharing options...
Mikorist Napisano Jun 12, 2020 Share #1006 Napisano Jun 12, 2020 Kaže Leo da je još uvek u šumi Link to comment Podeli na ovim sajtovima More sharing options...
Mikorist Napisano Jun 12, 2020 Share #1007 Napisano Jun 12, 2020 pre 43 minuta, Mentok reče Intel, Amd, kanta ko kanta, nema tu šta da se lemi secka i prepravlja. Next Miko, rekni, čime si merio toppinga, one grafike za 1KHz i harmonike da ne tražim sad po internetu, bolje tebe da pitam nego da kucam u google http://www.artalabs.hr/ Mentok je reagovao/la na ovo 1 Link to comment Podeli na ovim sajtovima More sharing options...
Mentok Napisano Jun 13, 2020 Share #1008 Napisano Jun 13, 2020 uh, al sam izduvao, koristio sam Artu za merenje zvučnika, čak sam imao negde neki sklepani jig, skroz sam zaboravio mislim jasno mi je da kad meriš jednu "zvučnu" (DAC) sa drugom "zvučnom" više ne znaš šta si izmerio ali da imam referencu neku sačuvanu za poređenje pre nego što ga očerupam Link to comment Podeli na ovim sajtovima More sharing options...
Mikorist Napisano Jun 13, 2020 Share #1009 Napisano Jun 13, 2020 pre 2 časa, Mentok reče meriš jednu "zvučnu" (DAC) sa drugom "zvučnom" ne znam da postoji drugi način preko Arte Link to comment Podeli na ovim sajtovima More sharing options...
Mikorist Napisano Jun 13, 2020 Share #1010 Napisano Jun 13, 2020 Naručio VDH SCS-18 za ožičenje - kad je bal nek je maskenbal.... Beli_Ninja je reagovao/la na ovo 1 Link to comment Podeli na ovim sajtovima More sharing options...
gluv_i_udaren Napisano Jun 13, 2020 Share #1011 Napisano Jun 13, 2020 Kad je bal, nek se hebe i princeza Link to comment Podeli na ovim sajtovima More sharing options...
Mikorist Napisano Jun 14, 2020 Share #1012 Napisano Jun 14, 2020 Link to comment Podeli na ovim sajtovima More sharing options...
Preporučeni Komentari
Kreiraj nalog ili se prijavi da daš komentar
Potrebno je da budeš član DiyAudio.rs-a da bi ostavio komentar
Kreiraj nalog
Prijavite se za novi nalog na DiyAudio.rs zajednici. Jednostavno je!
Registruj novi nalogPrijavi se
Već imaš nalog? Prijavi se ovde
Prijavi se odmah