Hi,
I installed flashrom last night and ran the plain command and one with -V just to see what it dumped. I'm a non-pro and was forced into learning linux after having all of my machines infected by an eeprom based rootkit four years ago. It infected eight new motherboards and a few old machines before I gave up (read went broke!) and mutilple peripherals. I was unable to connect to the net between Aug 2006 and Jan 2009.
I was finally able to reconnect after getting OpenSUSE 10.3 to sucessfully install to a hard drive (coincidently, the same time the new linux module, Policykit started trials I believe). Failed after 4 weeks but was able to maintain connection using live distros. I remain infected to this day (only partial root control) as some kind of minimal kernal or control framework using busybox is still in my eeprom and hooks control of all hardware. This prevented me from reflashing my BIOS on any of the boards and believe me, i tried multiple times.
I'm hoping to try and reflash this or one of my three Asus boards that are on the Coreboot approved list. I'll let you know if i succeed, if I can ever figure out what I'm doing. I'm 56, so it's a little tougher especially as I was never in IT until I started building my own machines a couple of years before the malware hit.
I've attached the terminal out as both pdf and txt file (8859-1), and I guess I don't have to warn you to scan them, though i am using gmail.
Cheers,
Mark Capoferri Ardmore, Pennsylvania US
Hi Mark,
On 04.11.2010 19:32, M Capoferri wrote:
I installed flashrom last night and ran the plain command and one with -V just to see what it dumped. I'm a non-pro and was forced into learning linux after having all of my machines infected by an eeprom based rootkit four years ago. It infected eight new motherboards and a few old machines before I gave up (read went broke!) and mutilple peripherals. I was unable to connect to the net between Aug 2006 and Jan 2009.
Wow. I have a information security background and would be extremely interested to see this rootkit. How did you find out about the rootkit and how did you track it down to the flash EEPROM?
I was finally able to reconnect after getting OpenSUSE 10.3 to sucessfully install to a hard drive (coincidently, the same time the new linux module, Policykit started trials I believe). Failed after 4 weeks but was able to maintain connection using live distros. I remain infected to this day (only partial root control) as some kind of minimal kernal or control framework using busybox is still in my eeprom and hooks control of all hardware. This prevented me from reflashing my BIOS on any of the boards and believe me, i tried multiple times.
Are the flash chips on your mainboards soldered or socketed? If they are socketed, I would love to get them for analysis.
I'm hoping to try and reflash this or one of my three Asus boards that are on the Coreboot approved list. I'll let you know if i succeed, if I can ever figure out what I'm doing. I'm 56, so it's a little tougher especially as I was never in IT until I started building my own machines a couple of years before the malware hit.
Before you start writing new flash images to those boards it would be highly appreciated if you could read out the contents of the flash chips and upload them to http://paste.flashrom.org .
I've attached the terminal out as both pdf and txt file (8859-1), and I guess I don't have to warn you to scan them, though i am using gmail.
Plain txt is preferred. It has all the info we need, and makes searching easier.
Regards, Carl-Daniel
-
Carl-Daniel Hailfinger -
M Capoferri