Full Disclosure mailing list archives
Re: Breaking LoJack for Laptops
From: Michael Holstein <michael.holstein () csuohio edu>
Date: Wed, 07 Jun 2006 14:41:43 -0400
Lisa, Oh .. and by the way, in case you're curious,Lojack for Laptops resides in the BIOS CME area, and in the HPA area on the hard drive. It requires Windows be on the computer to work (although it does work if Windows is reinstalled without deleting as I mention below).
You can delete the HPA area on the hard drive with something like atapwd : http://www.rockbox.org/atapwd.zip
This is well-documented and done to hack a variety of other things, notably the iPod and Xbox.
The CME area on the BIOS can be changed with a BIOS repacker : http://sourceforge.net/projects/awdbedit/ https://forms.phoenix.com/channels/en/forms/ld/eval/default.aspGranted, both of these require someone with more than "dumb-thug" intelligence, and the folks that are smart enough to do the above can get a good-paying job in IT and not be out stealing laptops in the first place.
~Mike. PS: CC of this set back to original mailing list full-disclosure. Lisa Lewis wrote:
why are you sending me this email about trying to hack into computers with or without lojack. I had my first Toshiba laptop stolen and I do know there is a company in Houston that builds in the bios a way to trace some Toshiba computers because I printed it and read the whole article. However the police do not care to locate my investment... So this new Toshiba I bought Lojack for and if anyone steals this from me and hacks the code I will prosecute to the fullest extent of the law!!!! How did you get my email do you have my laptop???? If so I suggest you return it to the rightful owner ME!!! Sorry to be so rude but I am alittle alarmed to see this message in my mailbox or less you are trying to locate me for the safe return of all of my belongings including everything listed on the police report and a $500.00 Sprint phone!!! I can be reached at 972-647-2500 x 3061 or you may also call my boss at 972-680-6850 his name is Ken Larch. Hewould also be very happy if you have my belongings!! Have a great day. I look forward to your immediateresponse!!! Lisa Lewis Http://www.atsorg.com --- Michael Holstein <michael.holstein () csuohio edu> wrote:Why can't you just download a new BIOS image fromthe manufacturer (one without LoJack .. since they make seperate images with and without that code, for "consumers" .. and re-flash it.Not having a "lojack" laptop at my disposal, I can'ttest directly, but having hacked the BIOS in many other cases to enable things like RAID on a non-raid motherboard, I suspect that the LoJack code is in one of the "vendor" areas on the bios, and is easily removed and the image re-checksummed.Thoughts? Michael Holstein CISSP GCIA Cleveland State University Jay Nevins wrote:FYI- I know this may be a little after-the-fact but Ijust came upon yourarticle posted on 12-24-05 about how to disableLoJack for Laptops. Icurrently use this product and have tested it indepth for a while. TheNotebook I use has Computrace built in to theBIOS. I have tried todisable rpcnet, ctmweb, rpcnetp, and other filesassociated with Lojackas well as blocking these files with my firewalland even blockingComputrace's IP. Needless to say my notebookstill manages to callout. If you are still interested in this programyou may want to lookat machines with Computrace enabled BIOS first. -Jay------------------------------------------------------------------------_______________________________________________ Full-Disclosure - We believe in it. Charter:http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia -http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter:http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/Lisa R Lewis __________________________________________________ Do You Yahoo!?Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Breaking LoJack for Laptops Michael Holstein (Jun 07)