Intel ME potentially neutralized

>libreboot.org/faq/#intelme
Do you have any sources which aren't fear mongering/shilling?

I mean basically my question is how is this chip going to know how to send out packets over my wifi card properly? Does it come packaged with wifi drivers for every card? Will it need to get them from the OS? If so how does it know where to find the driver? Etc.

I do believe that different mobo vendors have different Intel ME versions, tied to the bios version on the mobo. So laptops are all pozzed. Also, reminder that Lenovo (and likely others) intentionally blacklist non-approved internal wifi cards, system won't boot with one inserted.

But ultimately, it's a ring -3 backdoor. Does it matter when it has direct memory access and you can (clearly) write to it through the OS? Gigantic security hole.

Do you have a source on that? If that's true then it makes the problems of the ME 10x worse as you not only have to trust Intel and their implementation but the maker of your motherboard and their implementation as well (which is a complete no go when companies like Lenovo have already used malicious UEFI firmware to install the software that they want on your computer).

Mm the wiki page does mention that a laptop's wireless can be used, but makes no mention of the same on desktop pcs. That's at least slightly reassuring.

Goddamn though, free hardware movement when?

addendum:
we should really have a law along the lines of;
it's against the law to remotely execute code on someone's machine without explicit consent of the owner which must be sought and given every single time.

win-raid.com/t1379f39-Yoga-Pro-shutdowns-every-minutes.html

Actually am seeing a number of threads about Lenovos rebooting after exactly 30 minutes after a BIOS update. Could be a good source of some cheap hardware.

Since I left off the other relevant part of the quote.

Reminds me of that guy on halfchan who scammed a eBay seller by saying the TP he brought was passworded, except the buyer did set the PW.

I don't support the tranny if that's your implying.

But libreboot isn't his (the tranny) project and more than this faggot work on it.

In the mean time go read
apress.com/gp/book/9781430265719

want to know more shit ?
see the work of Joanna Rutkowska "x86 harmful" you'll loose your shit.

You didn't post a link user-kun.
blog.invisiblethings.org/papers/2015/x86_harmful.pdf

Thanks user.
Fortunately no pajeet tier has found this (or isn't smart enough) to exploit that shit right now on big scales.

I should turn this into a business.

This is amazing news actually

why bother with botnet free devices when FBI and NSA can hack shit around world?

Fuck off with your defeatist attitude.

If it works, not only will I report the CPU, god damn, I'll donate my rebates straight to Federico Amedeo Izzo.
The only thing the CPU needs cover:

Some of us work where "privacy" is not needed. Endgame is way past: thehackernews.com/2016/02/gchq-hacking-news.html
legalinsurrection.com/2016/11/uk-government-can-ask-internet-providers-for-citizens-browsing-history/

He's right, whether it be USA, Russia, China, UK, Whocares, malware will always be ahead of the "most secure computer in the 'world'". Never mind the backbone is vulnerable, as it is tapped, using any computer, you will never be really be safe.

The question is: how do you mitigate the current risks?

We can wade through millions and billions of scenarios, but what you do with those risks is what consequently determines the future.

If you want to control your computer, make it. The only real advice I can make. If not, you are borrowing from some else's knowledge. IoW, even if you don't make your computer from scratch, you can borrow from another, as long as you learn it completely!

With that, have you learned x86 yet?

You're right about building your own.
But is that not a good thing too to take the most "free hardware" computer available, like the x200 with libreboot, and then understand how the whole works and then make the accurate modification?

I mean, how could you build your own CPU?

Hey, Marisa, how young are these new IP addresses? Are they like fresh fresh new, or like sitting on cave of since the httpweb began?

So you consider x200/libreboot as not a good alternative?

And yeah, I know that I showed my ignorance by saying how could you build your own cpu, but still.

Even if it's lets say not feasible it's still interesting

See this guy (very simple to understand):
web.cecs.pdx.edu/~harry/Relay/index.html

I'm about to head back to work, but why is your head not working? Is because you didn't have parents,mentors,or guardians? Or is it because you feel you don't need to work?

You see, the reason why I ask, is vey simple, but only a undeveloped brain would ask ask egocentrically why I should bother answering a question an AI can instantly answer with the return of paraphrase before you can even mutter to think a blink is required to read this very exact sy m b l.

If you don't have the conviction to search, ask, and investigate on your own, you won't make it for when the UN declares itself the government of the world.

So please, stop posting, and read a book. Plenty free at a library or your local engine.

toodles!

You're right. I'm not a tech literate, so I'm falling into the easy way of asking directly to the people who knows. I'll search.

bump

My dreams dashed before they even began.

I got saved!

Yeah, I'm looking forward to the ability to upgrade from my Core 2 at some point.

Still going to take the first opportunity to ditch x86 altogether should a viable actually trustworthy architecture come along.

So I have a 4690k which it says should work. Am I able to just run the python script directly on my computer, or am I supposed to flash it to the BIOS somehow?
Or is this a project that's still a WIP?

Right now it looks like they're using a Beaglebone with an interface chip of some sort. I didn't look too deep, but I didn't see documentation, just reference to which gear they used in the hackaday article. There were some links to the coreboot mailing list in there, that may be helpful.

wait another few months, it took them years to get to this stage, another year wouldn't hurt - don't rush

Yeah I got impatient. I just saw the script and assumed it was ready to run. Is there anything else coreboot would need in order to run on a bios to run a modern AMD/Intel chip? Or is this the biggest hurdle Intel-wise?

It has firmware for intel integrated wired/wi-fi nics. Use a pci-e lan card and this OOB network control is disabled. There then remains the rest of the ME ring level power - but if you mistrust ME you really ought to mistrust all intel silicon, so I don't see the significance.

Should work with a raspi as well or anything with gpio pins.

Pretty sure Intel ME features only ever worked if you had an Intel networking card or chipset. The main audience for these "features" are corporate offices so they can "manage" their workers with less effort.

Not everyone is in on the conspiracy, the people who actually work on these CPUs genuinely think it's a good feature.

It wasnt discovered a few years ago, they advertised this feature since it came out. Let me guess, you've never worked in a IT department of a large corporation and you cant see any legitimate use for this or other management technologies.

Also how to disable it has been known for years. It transmits traffic on a untagged VLAN. So if you just setup your ethernet connection as a trunk port and configure a VACL to prevent traffic between devices on the untagged VLAN, the ME is in effect disabled.

That just means they're incompetent in one or more ways.

Hell yeah. Can't wait to see how this will be combined with coreboot. I already have coreboot running on X220 and its awesome; laptop boots up really fast. Now if this can disable ME I'd be in heaven, since this would enable newer hardware to be used with fast BIOS - no longer need to necessarily hunt down older Thinkpads and libreboot. Although older hardware did have nice build quality.

this is very vague however.

for example: every time you visit a web site, it remotely executes some code on your computer (in order to draw text and images, etc)

It's an interpreted language, user. Just install Python, it comes with the interpreter.

I'm a little worried (((Intel))) will do something about this now that it's out in the open
But I guess it's better that people find out

Noob here.

Can I just run the code without having my bios running on coreboot or libreboot? my laptop can't install any of these free bios because it's incompatible. But one thing for sure that my cpu is a Sandy bridge architecture which able to wipe out the intelME according to this me cleaner description.

I can't tell either way if you need a flasher to try it, but saw this comment in the Issues section:

I'd wait to try it until more victims have first. If you want to workaround it in the meantime, see if there's a non-intel wireless card available for your laptop, like .

I'm getting a new laptop in a few days, should I sacrifice my old one to the gods of no ME?

If you can afford it then sure, I'm kind of curious to know how well it works too. Many BIOSes let you make a backup of them, make a copy on 2 usb drives. Hopefully it won't fubar it completely if it breaks and you'll be able to restore the backup to flash if you need to.

Alright, I'll attempt it on both my sager and thinkpad yoga.

Is that a good thing or what I don't understand.

Think that user is just saying he's happy he saw that in the README.

I'm retarded, how do I use this assuming I'm on Win7? I've got Python installed.

Oh god

How about serious help instead of shitposting? The hell am I supposed to do, download BIOS update for the mobo, run that script on the BIOS firmware and then flash it? Don't act like a douche, there are no fucking instructions for that script on github.

Lurk more and use Linux for 6 months before you post anything related to SBCs, that's my serious help

Dude you need physical access to the mobo

that's the one case where you're not meant to read

Oh, and for running, use Powershell. It's trash compared to the native Linux command line, but it's better than command prompt. Uses the MS-DOS nav commands, which in turn borrowed them from Unix, so you should be fine there.

IF he's using Windows 10 he can just install Windows Subsystems for Linux straight from Microsoft by going to "Turn Windows features on or off" on Windows itself. That should give him python as well as an entire Linux environment. I'd prefer that to to using the Python Windows binary since things like python-pip are much easier to use. Plus you get native 64-bit Linux binary support in Windows as a bonus. This is, again, assuming he's using Wanglows 10.

Also apparently Microsoft is already planning on completely dumping the MS-DOS command prompt finally in a later version of 10 to make Powershell the default prompt

I think I vomited in my mouth a little.

...

Where can I find a ME image to test the script out? I have an i5 4590 W7 PC I can test out.

The script doesn't make it clear but if you read OP's first link you'll see it needs more than that:
If you're just looking for an offline image, if I understand it right any recent BIOS update would include it so just download one from Dell or Lenovo or whatever.

On second thought, that doesn't make sense because if you could just flash it you wouldn't need a Beaglebone. Not sure how that explains though.
Saging my useless idea.

I did find this github.com/skochinsky/me-tools but I still didn't get it working. I didn't understand the commands to feed it on startup and it also asks for an image.bin

If it was designed for user control instead of (((their))) control it actually would be.

Yeah you have to dump the flash with an external programmer, gut ME from it, then write it back. Not sure then if it's possible to make the entire flash writeable from the OS like you can with the X200.

Also depending on your system it will have a different flash chip so you'll need a different clip (if one exists, you can't get 'em for WSON-8 for example like X200T systems use), or soldering.

Also, disabling ME is only half the job. You'll still want an open BIOS to partner it with.

...