Re: [Full-disclosure] Breaking LoJack for Laptops

[Michael Holstein <michael.holstein@xxxxxxxxxxx>]

Lisa,

Oh .. and by the way, in case you're curious,

Lojack for Laptops resides in the BIOS CME area, and in the HPA area on 
the hard drive. It requires Windows be on the computer to work (although 
it does work if Windows is reinstalled without deleting as I mention below).

You can delete the HPA area on the hard drive with something like atapwd 
: http://www.rockbox.org/atapwd.zip

This is well-documented and done to hack a variety of other things, 
notably the iPod and Xbox.

The CME area on the BIOS can be changed with a BIOS repacker :

http://sourceforge.net/projects/awdbedit/
https://forms.phoenix.com/channels/en/forms/ld/eval/default.asp

Granted, both of these require someone with more than "dumb-thug" 
intelligence, and the folks that are smart enough to do the above can 
get a good-paying job in IT and not be out stealing laptops in the first 
place.

~Mike.

PS: CC of this set back to original mailing list full-disclosure.

Lisa Lewis wrote:
> why are you sending me this email about trying to hack
> into computers with or without lojack.  I had my first
> Toshiba laptop stolen and I do know there is a company
> in Houston that builds in the bios a way to trace some
> Toshiba computers because I printed it and read the
> whole article.  However the police do not care to
> locate my investment...  So this new Toshiba I bought
> Lojack for and if anyone steals this from me and hacks
> the code I will prosecute to the fullest extent of the
> law!!!!  How did you get my email do you have my
> laptop????  If so I suggest you return it to the
> rightful owner ME!!!  Sorry to be so rude but I am
> alittle alarmed to see this message in my mailbox or
> less you are trying to locate me for the safe return
> of all of my belongings including everything listed on
> the police report and a $500.00 Sprint phone!!!  I can
> be reached at 972-647-2500 x 3061 or you may also call
> my boss at 972-680-6850 his name is Ken Larch.  He
> would also be very happy if you have my belongings!! 
> Have a great day.  I look forward to your immediate
> response!!!
>
> Lisa Lewis
> Http://www.atsorg.com
> --- Michael Holstein <michael.holstein@xxxxxxxxxxx>
> wrote:
>
>
> > Why can't you just download a new BIOS image from
> > the manufacturer (one 
> > without LoJack .. since they make seperate images
> > with and without that 
> > code, for "consumers" .. and re-flash it.
> >
> > Not having a "lojack" laptop at my disposal, I can't
> > test directly, but 
> > having hacked the BIOS in many other cases to enable
> > things like RAID on 
> > a non-raid motherboard, I suspect that the LoJack
> > code is in one of the 
> > "vendor" areas on the bios, and is easily removed
> > and the image 
> > re-checksummed.
> >
> > Thoughts?
> >
> > Michael Holstein CISSP GCIA
> > Cleveland State University
> >
> > Jay Nevins wrote:
> >
> > > FYI-
> > >
> > > I know this may be a little after-the-fact but I
> >
> > just came upon your 
> >
> > > article posted on 12-24-05 about how to disable
> >
> > LoJack for Laptops.  I 
> >
> > > currently use this product and have tested it in
> >
> > depth for a while.  The 
> >
> > > Notebook I use has Computrace built in to the
> >
> > BIOS.  I have tried to 
> >
> > > disable rpcnet, ctmweb, rpcnetp, and other files
> >
> > associated with Lojack 
> >
> > > as well as blocking these files with my firewall
> >
> > and even blocking 
> >
> > > Computrace's IP.  Needless to say my notebook
> >
> > still manages to call 
> >
> > > out.  If you are still interested in this program
> >
> > you may want to look 
> >
> > > at machines with Computrace enabled BIOS first.
> > >
> > > -Jay
> ------------------------------------------------------------------------
>
> > > _______________________________________________
> > > Full-Disclosure - We believe in it.
> > > Charter:
> http://lists.grok.org.uk/full-disclosure-charter.html
>
> > > Hosted and sponsored by Secunia -
> >
> > http://secunia.com/
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter:
>
> http://lists.grok.org.uk/full-disclosure-charter.html
>
> > Hosted and sponsored by Secunia -
> > http://secunia.com/
>
>
>
> Lisa R Lewis
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam protection around 
> http://mail.yahoo.com 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/