alt Hacker NewsI have a slow burn project where I simulate a supply chain attack on my own motherboard. You can source (now relatively old) Intel PCH chips off Aliexpress that are “unfused” and lack certain security features like Boot Guard (simplified explanation). I bought one of these chips and I intend to desolder the factory one on my motherboard and replace it with the Aliexpress one. This requires somewhat difficult BGA reflow but I have all the tools to do this.
I want to make a persistent implant/malware that survives OS reinstalls. You can also disable Intel (CS)ME and potentially use Coreboot as well, but I don’t want to deal with porting Coreboot to a new platform. I’m more interested in demonstrating how important hardware root of trust is.
Replies
> persistent implant/malware that survives OS reinstalls
Try attacking NIC, server BMC or SSD firmware. You will achieve your goal without any hardware replacement needed.
Death approaches. Slow burn until. When Death arrives, what you are doing now will be obviously irrelevant.
> I want to make a persistent implant/malware that survives OS reinstalls.
You want to look into something called "Windows Platform Binary Table" [1]. Figure out a way to reflash the BIOS or the UEFI firmware for your target device ad-hoc and there you have your implant.
I don't want Boot Guard or any of that DRM crap. I want freedom.
I want to make a persistent implant/malware that survives OS reinstalls.
Look up Absolute Computrace Persistence. It's there by default in a lot of BIOS images, but won't survive a BIOS reflash with an image that has the module stripped out (unless you have the "security" of Boot Guard, which will effectively make this malware mandatory!)
I’m more interested in demonstrating how important hardware root of trust is.
You mean more interested in toeing the line of corporate authoritarianism.