Hello,
So, first off thanks for having me. I've been a ways off in the distance observer for quite some time now and figured i'd give this a shot.
So, sparing everyone the gory details i'm in a situation where.. the best way to put it is, my machines are not managed by me. Not a corporation, or place of business either. Think bad guys.
These bad guys have either completely imaged and overwritten a bad guy image to my device(s) and over the course of the past few days and weeks i'm inching closer to smoking these chuckleheads out. Just today i finally gained the initiative with the discovery of "manufacturer mode".
Recently i've been sequestered into using just ISO and DVD's to get an OS running, as USB drives tended to be fraile and easily manipulatable in this context. And with that have founded OpenSUSE as being rock solid and essentially fits my bill for the environment. And OpenSUSE reports that my TPM is nonexistent, my firmware is incorrect, and my manufacturing mode is unlocked (amongst many other things).
Now looking into manufacturing mode it's generally accepted that Alt + (choose whatever F key here) are the open sesame to either locking or unlocking manufacturing bios. Now, to give a little bit more context when i say my devices are managed by some one other than me what i really mean is someone has access to and regularly exercises root privelages over me. They have this privilege across all levels of a machine. From the second i start any of them can even see them configuring them if you have the right equipment. This extends to all operating systems and all scenarios. I'll cut the details here and get down to my question.
I need to find the open sesame or an alternative way into the AMI bios. This is with the serial ports (all of them) seemingly disabled and also with any attempt at flashing the bios nothing but kabuki theater. The only thing that seems to have any effect is just pure tempo, i.e wearing it out.
These jokers like to live in
memory and subvolumes of my installed operating systems and essentially let themselves in at any time. But anything to do with virtual machines or memory fundamentally is that it is effected by entropy. The problem is the next day they literally just reflash the system back to their likint and i'm back at square one.
As i said today i did get s little momentum though. Finding that obnoxiously pressing Alt + F1 and F2 threw off the boot sequence, and then subsequently had me booting to their instance (albeit encrypted, with a one shot chance). I was able to cause some havoc with their config files and delete some modules but that was it; but it was enough to at least bloody a nose as now i can see literally all their little rat tunnels. But, i have no way of capitalizing.
I have tried:
So, how do i regain soverienty back over my own machines? I'm mainly looking for an administrator login secret back door so to speak. Anyone have any insight??
Thanks in advance!
So, first off thanks for having me. I've been a ways off in the distance observer for quite some time now and figured i'd give this a shot.
So, sparing everyone the gory details i'm in a situation where.. the best way to put it is, my machines are not managed by me. Not a corporation, or place of business either. Think bad guys.
These bad guys have either completely imaged and overwritten a bad guy image to my device(s) and over the course of the past few days and weeks i'm inching closer to smoking these chuckleheads out. Just today i finally gained the initiative with the discovery of "manufacturer mode".
Recently i've been sequestered into using just ISO and DVD's to get an OS running, as USB drives tended to be fraile and easily manipulatable in this context. And with that have founded OpenSUSE as being rock solid and essentially fits my bill for the environment. And OpenSUSE reports that my TPM is nonexistent, my firmware is incorrect, and my manufacturing mode is unlocked (amongst many other things).
Now looking into manufacturing mode it's generally accepted that Alt + (choose whatever F key here) are the open sesame to either locking or unlocking manufacturing bios. Now, to give a little bit more context when i say my devices are managed by some one other than me what i really mean is someone has access to and regularly exercises root privelages over me. They have this privilege across all levels of a machine. From the second i start any of them can even see them configuring them if you have the right equipment. This extends to all operating systems and all scenarios. I'll cut the details here and get down to my question.
I need to find the open sesame or an alternative way into the AMI bios. This is with the serial ports (all of them) seemingly disabled and also with any attempt at flashing the bios nothing but kabuki theater. The only thing that seems to have any effect is just pure tempo, i.e wearing it out.
These jokers like to live in
memory and subvolumes of my installed operating systems and essentially let themselves in at any time. But anything to do with virtual machines or memory fundamentally is that it is effected by entropy. The problem is the next day they literally just reflash the system back to their likint and i'm back at square one.
As i said today i did get s little momentum though. Finding that obnoxiously pressing Alt + F1 and F2 threw off the boot sequence, and then subsequently had me booting to their instance (albeit encrypted, with a one shot chance). I was able to cause some havoc with their config files and delete some modules but that was it; but it was enough to at least bloody a nose as now i can see literally all their little rat tunnels. But, i have no way of capitalizing.
I have tried:
- The entire suite of AMI flash utilities and debuggers
Flashing via the bios
Via the OS using a slew of different tools and utilities including flashrom and have even gone as far as building a cool little fleet of arduino's. Nothing has worked.
So, how do i regain soverienty back over my own machines? I'm mainly looking for an administrator login secret back door so to speak. Anyone have any insight??
Thanks in advance!
Comment