lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <001101c67921$09274cd0$6b01a8c0@worknotebook>
Date: Tue May 16 23:50:35 2006
From: jay.nevins at earthlink.net (Jay Nevins)
Subject: Breaking LoJack for Laptops

I can only speak for Dell since thats what I use will let you re-flash the 
BIOS
and even with a non-lojack one.  However, once Lojack is activated in the 
BIOS
it will reinstall itself with the new image.  I by no means am a computer 
guru (the last language I
used was ada) but I have tried to disable lojack every possible way I can 
think and it wont go away.
If you can find something contrary please let me know.

thanks, Jay
----- Original Message ----- 
From: "Michael Holstein" <michael.holstein@...ohio.edu>
To: "Jay Nevins" <jay.nevins@...thlink.net>
Cc: <full-disclosure@...ts.grok.org.uk>
Sent: Tuesday, May 16, 2006 9:34 AM
Subject: Re: [Full-disclosure] Breaking LoJack for Laptops


> Why can't you just download a new BIOS image from the manufacturer (one 
> without LoJack .. since they make seperate images with and without that 
> code, for "consumers" .. and re-flash it.
>
> Not having a "lojack" laptop at my disposal, I can't test directly, but 
> having hacked the BIOS in many other cases to enable things like RAID on a 
> non-raid motherboard, I suspect that the LoJack code is in one of the 
> "vendor" areas on the bios, and is easily removed and the image 
> re-checksummed.
>
> Thoughts?
>
> Michael Holstein CISSP GCIA
> Cleveland State University
>
> Jay Nevins wrote:
>> FYI-
>>  I know this may be a little after-the-fact but I just came upon your 
>> article posted on 12-24-05 about how to disable LoJack for Laptops.  I 
>> currently use this product and have tested it in depth for a while.  The 
>> Notebook I use has Computrace built in to the BIOS.  I have tried to 
>> disable rpcnet, ctmweb, rpcnetp, and other files associated with Lojack 
>> as well as blocking these files with my firewall and even blocking 
>> Computrace's IP.  Needless to say my notebook still manages to call out. 
>> If you are still interested in this program you may want to look at 
>> machines with Computrace enabled BIOS first.
>>  -Jay
>>
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ