User Controls

I've got a theory why Darth Beaver self destructed & left.

  1. aldra JIDF Controlled Opposition
    Originally posted by Totse 2001 this ability allows some hackers to modify CPU fan functions and burn out a computer that doesn't monitor such activities

    no it doesn't, it only presents your battery level/heat data, it doesn't allow a remote user to modify it

    also, this seems like as good a thread as any to test my new shortcuts:

    totse2001 is a proper . he suffers from extreme and as such, is terminally ic.
  2. aldra JIDF Controlled Opposition
    shit, close enough I guess
  3. -SpectraL coward [the spuriously bluish-lilac bushman]
    Originally posted by aldra totse2001 is a proper he suffers from extreme and as such, is terminally
  4. Sorry.. there is an ability for hackers to adjust cpu fan functions remotely (I believe in bios).
    You're just attacking me because You're afraid to channel to those that want to speak with you.

    Don't attack the messenger; Bruh!
  5. Originally posted by Totse 2001 this ability allows some hackers to modify CPU fan functions and burn out a computer that doesn't monitor such activities

    No.
  6. aldra JIDF Controlled Opposition
    pls explain how2access bios remotely
  7. Originally posted by Totse 2001 Sorry.. there is an ability for hackers to adjust cpu fan functions remotely (I believe in bios).
    You're just attacking me because You're afraid to channel to those that want to speak with you.

    Don't attack the messenger; Bruh!

    You are mentally ill.
  8. Originally posted by aldra pls explain how2access bios remotely
  9. -SpectraL coward [the spuriously bluish-lilac bushman]
    System Management Mode

    System Management Mode (SMM, sometimes called ring -2[1][2]) is an operating mode of x86 central processor units (CPUs) in which all normal execution, including the operating system, is suspended. A special separate software, which is usually part of the firmware or a hardware-assisted debugger, is then executed with high privileges.

    It was first released with the Intel 386SL.[3] While initially special SL versions were required for SMM, Intel incorporated SMM in its mainline 486 and Pentium processors in 1993. AMD implemented Intel's SMM with the Enhanced Am486 processors in 1994. It is available in all later microprocessors in the x86 architecture.

    SMM is a special-purpose operating mode provided for handling system-wide functions like power management, system hardware control, or proprietary OEM designed code. It is intended for use only by system firmware, not by applications software or general-purpose systems software. The main benefit of SMM is that it offers a distinct and easily isolated processor environment that operates transparently to the operating system or executive and software applications.

    In order to achieve transparency, SMM imposes certain rules. The SMM can only be entered through SMI (System Management Interrupt). The processor executes the SMM code in a separate address space that has to be made inaccessible to other operating modes of the CPU by the firmware.[4]
  10. Originally posted by -SpectraL System Management Mode

    System Management Mode (SMM, sometimes called ring -2[1][2]) is an operating mode of x86 central processor units (CPUs) in which all normal execution, including the operating system, is suspended. A special separate software, which is usually part of the firmware or a hardware-assisted debugger, is then executed with high privileges.

    It was first released with the Intel 386SL.[3] While initially special SL versions were required for SMM, Intel incorporated SMM in its mainline 486 and Pentium processors in 1993. AMD implemented Intel's SMM with the Enhanced Am486 processors in 1994. It is available in all later microprocessors in the x86 architecture.

    SMM is a special-purpose operating mode provided for handling system-wide functions like power management, system hardware control, or proprietary OEM designed code. It is intended for use only by system firmware, not by applications software or general-purpose systems software. The main benefit of SMM is that it offers a distinct and easily isolated processor environment that operates transparently to the operating system or executive and software applications.

    In order to achieve transparency, SMM imposes certain rules. The SMM can only be entered through SMI (System Management Interrupt). The processor executes the SMM code in a separate address space that has to be made inaccessible to other operating modes of the CPU by the firmware.[4]

    You are fucking retarded. Please shut the fuck up. You drop the IQ of the whole block by 5 points every time you pretend to understand anything about computers.
  11. -SpectraL coward [the spuriously bluish-lilac bushman]
    SMM is entered via the SMI (system management interrupt), which is caused by:

    Motherboard hardware or chipset signaling via a designated pin SMI# of the processor chip.[10] This signal can be an independent event.
    Software SMI triggered by the system software via an I/O access to a location considered special by the motherboard logic (port 0B2h is common).[11]
    An I/O write to a location which the firmware has requested that the processor chip act on.
    By entering SMM, the processor looks for the first instruction at the address SMBASE (SMBASE register content) + 8000H (by default 38000H), using registers CS = 3000H and EIP = 8000H. The CS register value (3000H) is due to the use of real mode memory addresses by the processor when in SMM. In this case, the CS is internally appended with 0H on its rightmost end .

    By design, the operating system cannot override or disable the SMI. Due to this fact, it is a target for malicious rootkits to reside in,[12][13][14] including NSA's "implants"[15] which have individual code names for specific hardware, like SOUFFLETROUGH for Juniper Networks firewalls,[16] SCHOOLMONTANA for J-series routers of the same company,[17] DEITYBOUNCE for DELL,[18] or IRONCHEF for HP Proliant servers.[19]

    Improperly designed and insufficiently tested SMM BIOS code can make the wrong assumptions and not work properly when interrupting some other modes like PAE or 64-bit long mode. According to the documentation of the Linux kernel, around 2004, such buggy implementations of the USB legacy support feature were a common cause of crashes, for example on motherboards based on the Intel E7505 chipset.[6]

    Since the SMM code (SMI handler) is installed by the system firmware (BIOS), the OS and the SMM code may have expectations about hardware settings that are incompatible, such as different ideas of how the Advanced Programmable Interrupt Controller (APIC) should be set up.

    Operations in SMM take CPU time away from the applications, operating system kernel and hypervisor, with the effects magnified for multicore processors since each SMI causes all cores to switch modes.[20] There is also some overhead involved with switching in and out of SMM, since the CPU state must be stored to memory (SMRAM) and any write-back caches must be flushed. This can destroy real-time behavior and cause clock ticks to get lost. The Windows and Linux kernels define an ‘SMI Timeout’ setting a period within which SMM handlers must return control to the operating system or it will ‘hang’ or ‘crash’.

    The SMM may disrupt the behavior of real-time applications with constrained timing requirements.

    A digital logic analyzer may be required to determine if the CPU has entered SMM (checking state of SMIACT# pin of CPU).[10] Recovering the SMI handler code to analyze it for bugs, vulnerabilities and secrets requires a logic analyzer or disassembly of the system firmware.
  12. Originally posted by -SpectraL SMM is entered via the SMI (system management interrupt), which is caused by:

    Motherboard hardware or chipset signaling via a designated pin SMI# of the processor chip.[10] This signal can be an independent event.
    Software SMI triggered by the system software via an I/O access to a location considered special by the motherboard logic (port 0B2h is common).[11]
    An I/O write to a location which the firmware has requested that the processor chip act on.
    By entering SMM, the processor looks for the first instruction at the address SMBASE (SMBASE register content) + 8000H (by default 38000H), using registers CS = 3000H and EIP = 8000H. The CS register value (3000H) is due to the use of real mode memory addresses by the processor when in SMM. In this case, the CS is internally appended with 0H on its rightmost end .

    By design, the operating system cannot override or disable the SMI. Due to this fact, it is a target for malicious rootkits to reside in,[12][13][14] including NSA's "implants"[15] which have individual code names for specific hardware, like SOUFFLETROUGH for Juniper Networks firewalls,[16] SCHOOLMONTANA for J-series routers of the same company,[17] DEITYBOUNCE for DELL,[18] or IRONCHEF for HP Proliant servers.[19]

    Improperly designed and insufficiently tested SMM BIOS code can make the wrong assumptions and not work properly when interrupting some other modes like PAE or 64-bit long mode. According to the documentation of the Linux kernel, around 2004, such buggy implementations of the USB legacy support feature were a common cause of crashes, for example on motherboards based on the Intel E7505 chipset.[6]

    Since the SMM code (SMI handler) is installed by the system firmware (BIOS), the OS and the SMM code may have expectations about hardware settings that are incompatible, such as different ideas of how the Advanced Programmable Interrupt Controller (APIC) should be set up.

    Operations in SMM take CPU time away from the applications, operating system kernel and hypervisor, with the effects magnified for multicore processors since each SMI causes all cores to switch modes.[20] There is also some overhead involved with switching in and out of SMM, since the CPU state must be stored to memory (SMRAM) and any write-back caches must be flushed. This can destroy real-time behavior and cause clock ticks to get lost. The Windows and Linux kernels define an ‘SMI Timeout’ setting a period within which SMM handlers must return control to the operating system or it will ‘hang’ or ‘crash’.

    The SMM may disrupt the behavior of real-time applications with constrained timing requirements.

    A digital logic analyzer may be required to determine if the CPU has entered SMM (checking state of SMIACT# pin of CPU).[10] Recovering the SMI handler code to analyze it for bugs, vulnerabilities and secrets requires a logic analyzer or disassembly of the system firmware.

    Nice pasta. Tell me how you think someone would access it remotely without the end user being a fucking retard.
  13. aldra JIDF Controlled Opposition
    I wasn't going to respond at all, but it's presently not public knowledge (ie. either nobody's worked it out yet or someone's been keeping it secret) how to access the processor's management engine even locally, legitimately or otherwise.
  14. mmQ Lisa Turtle
    I've always wanted Spec to just prove his skills by taking Sophie's challenge to set out his P.I.

    Sophie gave permission.

    I think it's time spectral.
  15. -SpectraL coward [the spuriously bluish-lilac bushman]
    SMIs are similar to NMIs in that they use a special electrical signalling line directly into the CPU.
  16. Originally posted by aldra I wasn't going to respond at all, but it's presently not public knowledge (ie. either nobody's worked it out yet or someone's been keeping it secret) how to access the processor's management engine even locally, legitimately or otherwise.

    I didnt know that, but I know for damn sure that you're not getting to SMM remotely, lol.
  17. Originally posted by mmQ I've always wanted Spec to just prove his skills by taking Sophie's challenge to set out his P.I.

    Sophie gave permission.

    I think it's time spectral.

    These bluffs are always less exciting when you know for a fact that the poster is 100% bullshitting, lol.
  18. -SpectraL coward [the spuriously bluish-lilac bushman]
    https://www.theregister.co.uk/2017/05/05/intel_amt_remote_exploit/

    Code dive You can remotely commandeer and control computers that use vulnerable Intel chipsets by sending them empty authentication strings.

    You read that right. When you're expected to send a password hash, you send zero bytes. Nothing. Nada. And you'll be rewarded with powerful low-level access to a vulnerable box's hardware from across the network – or across the internet if the management interface faces the public web.

    Remember that the next time Intel, a $180bn international semiconductor giant, talks about how important it treats security.

    To recap: Intel provides a remote management toolkit called AMT for its business and enterprise-friendly processors; this software is part of Chipzilla's vPro suite and runs at the firmware level, below and out of sight of Windows, Linux, or whatever operating system you're using. The code runs on Intel's Management Engine, a tiny secret computer within your computer that has full control of the hardware and talks directly to the network port, allowing a device to be remotely controlled regardless of whatever OS and applications are running, or not, above it.

    Thus, AMT is designed to allow IT admins to remotely log into the guts of computers so they can reboot a knackered machine, repair and tweak the operating system, install a new OS, access a virtual serial console, or gain full-blown remote desktop access via VNC. It is, essentially, god mode.

    Normally, AMT is password protected. This week it emerged this authentication can be bypassed, potentially allowing miscreants to take over systems from afar or once inside a corporate network. This critical security bug was designated CVE-2017-5689. While Intel has patched its code, people have to pester their hardware suppliers for the necessary updates before they can be installed.

    Today we've learned it is trivial to exploit this flaw, allowing anyone to gain control of vulnerable systems without a password.

    AMT is accessed over the network via a bog-standard web interface: the service listens on ports 16992 and 16993. Visiting this with a browser brings up a prompt for a password, and this passphrase is sent using standard HTTP Digest authentication: the username and password are hashed using a nonce from the AMT firmware plus a few other bits of metadata. This scrambled response is checked by the AMT software to be valid, and if so, access is granted to the management interface.

    But if you send an empty response, the firmware is fooled into thinking this is correct and lets you through. This means if you use a proxy to change the response to an empty string, or otherwise set up your browser to send empty HTTP Digest authentication responses, you can bypass the password checks.

    Essentially, behind the scenes, your browser would normally send something like this to the AMT service, which includes the hashed response string containing the username, password and server nonce:

    GET /index.htm HTTP/1.1
    Host: 192.168.1.2:16992
    User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
    Firefox/45.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Referer: http://192.168.1.2:16992/logon.htm
    Connection: keep-alive
    Authorization: Digest username=»admin»,
    realm=»Digest:048A0000000000000000000000000000»,
    nonce=»Q0UGAAQEAAAV4M4iGF4+Ni5ZafuMWy9J», uri=»/index.htm»,
    response=»d3d4914a43454b159a3fa6f5a91d801d», qop=auth, nc=00000001,
    cnonce=»9c5beca4011eea5c»
  19. Originally posted by -SpectraL SMM is entered via the SMI (system management interrupt), which is caused by:

    Motherboard hardware or chipset signaling via a designated pin SMI# of the processor chip.[10] This signal can be an independent event.
    Software SMI triggered by the system software via an I/O access to a location considered special by the motherboard logic (port 0B2h is common).[11]
    An I/O write to a location which the firmware has requested that the processor chip act on.
    By entering SMM, the processor looks for the first instruction at the address SMBASE (SMBASE register content) + 8000H (by default 38000H), using registers CS = 3000H and EIP = 8000H. The CS register value (3000H) is due to the use of real mode memory addresses by the processor when in SMM. In this case, the CS is internally appended with 0H on its rightmost end .

    By design, the operating system cannot override or disable the SMI. Due to this fact, it is a target for malicious rootkits to reside in,[12][13][14] including NSA's "implants"[15] which have individual code names for specific hardware, like SOUFFLETROUGH for Juniper Networks firewalls,[16] SCHOOLMONTANA for J-series routers of the same company,[17] DEITYBOUNCE for DELL,[18] or IRONCHEF for HP Proliant servers.[19]

    Improperly designed and insufficiently tested SMM BIOS code can make the wrong assumptions and not work properly when interrupting some other modes like PAE or 64-bit long mode. According to the documentation of the Linux kernel, around 2004, such buggy implementations of the USB legacy support feature were a common cause of crashes, for example on motherboards based on the Intel E7505 chipset.[6]

    Since the SMM code (SMI handler) is installed by the system firmware (BIOS), the OS and the SMM code may have expectations about hardware settings that are incompatible, such as different ideas of how the Advanced Programmable Interrupt Controller (APIC) should be set up.

    Operations in SMM take CPU time away from the applications, operating system kernel and hypervisor, with the effects magnified for multicore processors since each SMI causes all cores to switch modes.[20] There is also some overhead involved with switching in and out of SMM, since the CPU state must be stored to memory (SMRAM) and any write-back caches must be flushed. This can destroy real-time behavior and cause clock ticks to get lost. The Windows and Linux kernels define an ‘SMI Timeout’ setting a period within which SMM handlers must return control to the operating system or it will ‘hang’ or ‘crash’.

    The SMM may disrupt the behavior of real-time applications with constrained timing requirements.

    A digital logic analyzer may be required to determine if the CPU has entered SMM (checking state of SMIACT# pin of CPU).[10] Recovering the SMI handler code to analyze it for bugs, vulnerabilities and secrets requires a logic analyzer or disassembly of the system firmware.

    Look at this nigga going all ham while sober on like outdated computer chips and shit bahahaha dis nigga FRIED yall.



  20. aldra JIDF Controlled Opposition
    that is only the remote-deployment component of the management engine which is disabled by default; when enabled it's used by enterprise sysadmins to remotely deploy the operating system

    it's more a case of dumbass admins not setting a password initially from the look of it
Jump to Top