Re: Strange Lenovo x121e

[halfdog <me () halfdog net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

xD 0x41 wrote:
> Hrm this one is tricky, but smells so bad of preuse, specially when
> you said this;
>
> * Inside seal on plastic bag also intact, but glue is suboptimal,
> I opened the bag without damaging the seal
>
> Thats a clear sign of tamperage...thats when they tell you "do not
> buy" ... so i wonder :s

Yeah, but I've also got trained fingers. And applying stickers on
completely fresh plastic surfaces can be tricky, especially when
plastic foil was surface-treated, so that it does not stick to itself
before being manufactured to plastic bags.

> I know it could ..... Is it perhaps something being leftover, from
> some badly warezd ISO Windows install...wich can lay dormant, even
> after a format but, not after fdisk usually... strange, i cannot
> figure this one. It smells of pre-use, or ex-demo, but, i have got,
> 3 ibm netvista 2cpu boxes,1 3.3gig awesome IBM thinkcentre,fastest
> box i have as in loading/swap access,and IBM Blade,IBM laptop, and
> not one has those files...i even paid for ex-demo on the laptop,
> and it was installed...

I think, I have a good explanation: I looked through the files and
found quite a mess, even for MS-system. Even c:\ is loaded with
various nonstandard files. Many of these files are around testing
(testplan xy, fantest, modemtest, mark3d, ..) and test orchestration
scripts, one of them setting the clock back to 2010-01-01, so file mod
dates should be meaningless.

It seems, that the machine contains at least 13G of windows-OS and
testing software. I found some test reports (dated 2010-01-01), that
contain the hardware tag of the machine. The BIOS seems to be
2011-06-21, that is also proof for clock manipulation during testing.

What could be interesting: Although I found some tools via google,
e.g. rw-everything, a "hardware configuration reader/dumper", there
are also some tools I do not know, that might deal about branding or
special hardware initialization, e.g.

./WWAN/Leadcore/BAK/IMEI.TXT
./WWAN/Leadcore/IMEI.TXT

with different IMEI in it. Perhaps the disk contains some new tools
that allow to reset broken hardware/firmware internals to any state
you like, e.g. perhaps the imei of your modem.


> i can only see *no* good reason for .exe to be on the drive, after
> a sale. It should have always been wiped/fdisk/shredded, as I know
> i have had done withthe ex demos i have here, and, they are part
> lenovo and part IBM and still, not one of those files exits on any
> box, and the laptop wich, i thought would forsure have something,
> if any of them did... but nope. I dont know this one, but, i will
> try and ask a friend who works with IBM and see theyre practices,
> and try get his own quotes.

I do not know, if all systems have this "testing" image on it or if
just one device was lost during quality control, but to me it seems
highly likely, that somehow a test-branded disk made it out of the
lenovo (or partner) production site.

I've put a file-list at
http://www.halfdog.net/TmpData/sda1-filelist.bz2, so that you can make
up your own picture, if you want to.

hd

- -- 
http://www.halfdog.net/
PGP: 156A AE98 B91F 0114 FE88  2BD8 C459 9386 feed a bee
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFOjP7UxFmThv7tq+4RAkIEAJ9V+Pk3tr/CifsSpePixMwBvpyxkACgkL7z
jQK7GokYe5ki5pzRhi/725A=
=6sCw
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/