[flashrom] info test run for socket 939 board mATX MSI 6100-939
Carl-Daniel Hailfinger
c-d.hailfinger.devel.2006 at gmx.net
Fri Nov 5 02:11:03 CET 2010
Hi Mark,
On 04.11.2010 19:32, M Capoferri wrote:
> I installed flashrom last night and ran the plain command and one with -V
> just to see what it dumped. I'm a non-pro and was forced into learning linux
> after having all of my machines infected by an eeprom based rootkit four
> years ago. It infected eight new motherboards and a few old machines before
> I gave up (read went broke!) and mutilple peripherals. I was unable to
> connect to the net between Aug 2006 and Jan 2009.
>
Wow. I have a information security background and would be extremely
interested to see this rootkit. How did you find out about the rootkit
and how did you track it down to the flash EEPROM?
> I was finally able to reconnect after getting OpenSUSE 10.3 to sucessfully
> install to a hard drive (coincidently, the same time the new linux module,
> Policykit started trials I believe). Failed after 4 weeks but was able to
> maintain connection using live distros. I remain infected to this day (only
> partial root control) as some kind of minimal kernal or control framework
> using busybox is still in my eeprom and hooks control of all hardware. This
> prevented me from reflashing my BIOS on any of the boards and believe me, i
> tried multiple times.
>
Are the flash chips on your mainboards soldered or socketed? If they are
socketed, I would love to get them for analysis.
> I'm hoping to try and reflash this or one of my three Asus boards that are
> on the Coreboot approved list. I'll let you know if i succeed, if I can ever
> figure out what I'm doing. I'm 56, so it's a little tougher especially as I
> was never in IT until I started building my own machines a couple of years
> before the malware hit.
>
Before you start writing new flash images to those boards it would be
highly appreciated if you could read out the contents of the flash chips
and upload them to http://paste.flashrom.org .
> I've attached the terminal out as both pdf and txt file (8859-1), and I
> guess I don't have to warn you to scan them, though i am using gmail.
>
Plain txt is preferred. It has all the info we need, and makes searching
easier.
Regards,
Carl-Daniel
--
http://www.hailfinger.org/
More information about the flashrom
mailing list