Full Disclosure mailing list archives

Re: Breaking LoJack for Laptops

From: Michael Holstein <michael.holstein () csuohio edu>
Date: Wed, 07 Jun 2006 14:41:43 -0400

Lisa,

Oh .. and by the way, in case you're curious,

Lojack for Laptops resides in the BIOS CME area, and in the HPA area onthe hard drive. It requires Windows be on the computer to work (althoughit does work if Windows is reinstalled without deleting as I mention below).

You can delete the HPA area on the hard drive with something like atapwd: http://www.rockbox.org/atapwd.zip

This is well-documented and done to hack a variety of other things,notably the iPod and Xbox.


The CME area on the BIOS can be changed with a BIOS repacker :

http://sourceforge.net/projects/awdbedit/
https://forms.phoenix.com/channels/en/forms/ld/eval/default.asp

Granted, both of these require someone with more than "dumb-thug"intelligence, and the folks that are smart enough to do the above canget a good-paying job in IT and not be out stealing laptops in the firstplace.


~Mike.

PS: CC of this set back to original mailing list full-disclosure.

Lisa Lewis wrote:

why are you sending me this email about trying to hack
into computers with or without lojack.  I had my first
Toshiba laptop stolen and I do know there is a company
in Houston that builds in the bios a way to trace some
Toshiba computers because I printed it and read the
whole article.  However the police do not care to
locate my investment...  So this new Toshiba I bought
Lojack for and if anyone steals this from me and hacks
the code I will prosecute to the fullest extent of the
law!!!!  How did you get my email do you have my
laptop????  If so I suggest you return it to the
rightful owner ME!!!  Sorry to be so rude but I am
alittle alarmed to see this message in my mailbox or
less you are trying to locate me for the safe return
of all of my belongings including everything listed on
the police report and a $500.00 Sprint phone!!!  I can
be reached at 972-647-2500 x 3061 or you may also call
my boss at 972-680-6850 his name is Ken Larch.  He

would also be very happy if you have my belongings!!Have a great day. I look forward to your immediate

response!!!

Lisa Lewis
Http://www.atsorg.com
--- Michael Holstein <michael.holstein () csuohio edu>
wrote:

Why can't you just download a new BIOS image from
the manufacturer (onewithout LoJack .. since they make seperate imageswith and without thatcode, for "consumers" .. and re-flash it.
Not having a "lojack" laptop at my disposal, I can't
test directly, buthaving hacked the BIOS in many other cases to enablethings like RAID ona non-raid motherboard, I suspect that the LoJackcode is in one of the"vendor" areas on the bios, and is easily removedand the imagere-checksummed.
Thoughts?

Michael Holstein CISSP GCIA
Cleveland State University

Jay Nevins wrote:
FYI-

I know this may be a little after-the-fact but I
just came upon your
article posted on 12-24-05 about how to disable
LoJack for Laptops. I
currently use this product and have tested it in
depth for a while. The
Notebook I use has Computrace built in to the
BIOS. I have tried to
disable rpcnet, ctmweb, rpcnetp, and other files
associated with Lojack
as well as blocking these files with my firewall
and even blocking
Computrace's IP.  Needless to say my notebook
still manages to call
out.  If you are still interested in this program
you may want to look
at machines with Computrace enabled BIOS first.

-Jay

------------------------------------------------------------------------

_______________________________________________
Full-Disclosure - We believe in it.
Charter:

http://lists.grok.org.uk/full-disclosure-charter.html

Hosted and sponsored by Secunia -


http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter:


http://lists.grok.org.uk/full-disclosure-charter.html

Hosted and sponsored by Secunia -
http://secunia.com/




Lisa R Lewis

__________________________________________________
Do You Yahoo!?

Tired of spam? Yahoo! Mail has the best spam protection aroundhttp://mail.yahoo.com


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: Breaking LoJack for Laptops Michael Holstein (Jun 07)