/tech/ - Technology★

>>804850

More like it's running inside (you)r CPU. My shit is spanking fine, AMD FX, nigga. You all laughed at me when I told you it would pay off. You all bitched and moaned about IPC not being on par with Sandy Vagina, but here I am and there (you) are. I'm going to go and enjoy all of my wonderful cores now, faggots.

>>804852

how does 8ch look on templeOS anon?

>>804861

Cry more, bitch nigga. TempleOS running Crysis in text only mode.

>>804852

ignoring the brand loyalty cuckoldry in this post, Id reccomend anyone else who cant afford a TALOS do the same as me(not that poster), and get the newest pre-PSP amd they can.

>>804852

>>804872

You do realize that AMD has this problem too, right? It's called the Platform Security Processor (PSP) on there.

https://libreboot.org/faq.html#amd-platform-security-processor-psp

>>804882

You do realize this doesn't affect the CPUs I mentioned here, right?

>>804883

Wait so FX isn't affected?

>>804884

Only those released Pre-2013 or so. You linked the libreboot page. Says so right there. But your 8350/70 and so on are sage. The phenom line is also fine. As I said, I just replaced a 955 with an fx chip. The 955 will be going to a home server.

>>804882

>>804886

What the fuck did you think I was talking about when I said "pre-PSP" amd?

Chips from before the playstation portable was released?

>>804894

Yeah, and the chips I mentioned fit that bill. I thought you were confused about their status.

If you want to buy AMD FX equipment then you need to hurry. The reason is not that the cpus are getting scarce. The problem is that the mainboards are getting harder and harder to order. Some types are out of order already that could be purchased easily half a year ago. Personally I will keep my current machine and buy 1 mainboard and 1 FX cpu as spare parts in case anything breaks down.

Isn't a IME and AMD's equivalent simply a Mobo firmware problem as in mobo code? Could mobo developers not have the Pozz by not coding it to work?

>>804929

No, it's a physical co-processor embedded in your CPU, and it has privileges above anything you have control over.

>>804913

>If you want to buy AMD FX equipment then you need to hurry. The reason is not that the cpus are getting scarce. The problem is that the mainboards are getting harder and harder to order.

It's like that with Intel X58 (and some newer but still old chipsets). The CPUs are mega cheap but overclocking capable motherboards are insane unless you get lucky.

so if i understand what's going on in that wiki... what me cleaner is doing is writing a custom firmware for the motherboards bios, which fucks up the ME inside of the cpu everytime it boots?

so this is a motherboard mod. you can't take that cpu out afterward and stick it in a new motherboard and have ME still disabled?

Or does it flash the actual ME using the bios chip?

>>804861

> Polluting God's temple with network access to the filthy internet.

>>805005

CPU memory is volatile. That means you have to load ME, AMT, microcode updates on every boot from external source like bios chip or emmc. The me_cleaner script removes all possible ME and AMT partitions from any bios firmware, leaving only basic stuff that initializes processor on boot.

>>805024

my original thought was why not try to sell these. so you wouldn't be selling the processors with nuked ME, you'd be selling motherboards.

>>805039

Purism/Librem company sells laptops with nuked ME and preinstalled Qubes OS. Other major motherboard manufacturers are mostly aimed for Windows users and corporate market, therefore they need to keep all proprietary backdoors from vendors intact.

>>804829 (OP)

Don't do this people. It is against the law and will brick your system.

Also, IME keeps you safe from Russian hacking.

>>805047

i wonder how well those sell. if you don't trust the botnet in the bios why would you trust what some random company puts in there. you could verify it yourself if you had all the shit to do this, but then you wouldn't be buying it from some random company in the first place.

>>805124

Such companies are probably NSA/CIA/FBI joint ventures.

>>805109

I'll brick your window you mealy-mouthed inbred burgerclap

>>804829 (OP)

>>804852

I am coming a long way from /pol/ don't expect me to be a tech god. I am reposting an insider's case on these and that every fucking thing is fucked and they knew about this for decades. Guys better cook up some good security because this is very fucked up:

https://8ch.net/pol/res/10649602.html#10650868

"t.hardwareoldfag here.

Listen up and listen good if you want to know the truth you ignorant hardware niggers

Yes OP, this is old as fuck news to anyone paying attention. I knew about this in 2007 or so when IME was deployed first, even asked this question in the training seminar with some strange looks. Shortly after this they integrated it into the chipsets, it used to be an add in board initially. From that point (and prior) you were fucked either way though.

>>10649623

>thinking firmware and other controller level exploits are stopped by some OS layer faggotry

<don't be this guy

The real truth is IME is just a distraction - it's not just IME or AMDs' own version, it's hardware controllers, incl HDD controllers, LAN controllers etc, hard drive firmware, router firmware etc etc.

CIAniggers, Huweiniggers, Koreaniggers, etc have infected every fucking local industry in every country that shit is made in - it's all in the name of national security. Until the last decade or so, it used to be a requirement in USA for any encrypted tech to have a back door. This is why PGP had to be exported in a book. This is still the case effectively however the official law has changed..

Okay sure, maybe you hypothetically make your own PC with some shit-tier hardware and think it's not pozzed (probably still is as you don't have access to all firmware kek), you load your templetails OS bullshit, run through a gorillion VPN and 10 proxies. Safe eh?

No.

Ancient laptop, that'll be safe right? No, even worse probably.

Because even if you do somehow have a secure hardware platform, they have fibre sniffers e.g. Naurus (go look it up, check out the AT&T secret room leaks before Snowfag came on the scene for the normalfags to believe) (p.s. It was called Echelon before Prism and we knew about it since the 80s in the five eyes).

Naurus sniffers will trawl your packets at any major exchange, they are situated throughout the world and can time your exit and entry points, so they know where/when your data is going by simply timing it and the amount and this can be stored for later analysis. If you think they don't have viable quantum computers and cannot crack almost all encryption if they absolutely need to on case by case basis, I would suggest you re-think that. Sure, joe bloggs doesn't have anything to bother about but if you are e.g. leaking national security secrets on /pol/, be fucking aware of this post and take appropriate measures as outlined below. So even though you put it through all those proxies, if they really want to, they can fuck you good. I'm talking CIAniggers/NSAperves/FBIfaggots level so you'd be up to no fucking good or a kike enemy to have this level of scrutiny.

Basically if you regularly connect to the internet, with the same machine and not on a burner on public wifi, then decide to leak the juicy shit, no matter what you do you are able to be fucked. Period.

At police/taxkike level I wouldn't worry, they finally have extremely restricted access to Echelon/Prism, certainly they are not going to be have access to black project/quantum high level encryption cracking.

How to avoid this?

Public wifi, cashie burner PC, one time use, no CCTV cameras, no plates, no faces, no GPS tracking, no traces, no cellphones, no nothing, that applies to both sourcing burner and using it - only takes one mistake and you're fucked.

Be fucking careful anons, leak, but please leak responsibly and stay safe. Anyone who tells you contrary to the above has not done their homework or is a CIAnigger/shill. Do not trust anyone including me, do your own research to prove it to yourself - the resources are out there. Cheers"

>>805678

Also one more thing.

Check the post itself and check the counter-arguments there too because this is NOT a full picture. This could just as well be scaremongering and it's good to question it. That is why I am posting this here so I can take this on a debate.

-Are things really this bad?

-Are there really no way around?

-Small criminal cases are in the "no one cares" bucket for agencies right?

-Are all things on record or are there "triggering datas/words" that raises a flag for the ABC soup?

-Is the quantum fuckery even usable at this current technology?

(I know I replied to myself. Who cares)

>>805678

Stick to /pol/, faggot, and don't come back. You think this guy has insider knowledge because he types like an asshole, tells you to check his claims (which ensures you won't), and claims to have insider knowledge? You're a dumbass.

> I knew about this in 2007 or so when IME was deployed first,

Every fucking sysadmin in the world knew what ME was. The thing is, this is how you know he's chatting shit. He did not know the ME was compromised, because at the time, it wasn't. Even if it is/was backdoored, that is not what the OP is implying by compromised, i.e., this poster is trying to mislead you.

>>thinking firmware and other controller level exploits are stopped by some OS layer faggotry

Unfortunately, they are. I'm assume in context he's talking about HDD firmware exploits similar to SpriteTM's... the decryption is done after the encrypted data leaves the HDD, i.e. HDD firmware isn't reading decrypted data.

>The real truth is IME is just a distraction

It is not a "distraction", it's a piece of hardware designed for a purpose.

>Until the last decade or so, it used to be a requirement in USA for any encrypted tech to have a back door.

This is just a lie.

>Ancient laptop, that'll be safe right? No, even worse probably.

This is also a lie. Maybe not a lie, just plain wrong.

>fibre sniffers, traffic analysis etc

Do not decrypt traffic (i.e. between you and a VPN, Tor traffic etc)

Most of it is just word salad.

>>805678

>from /pol/

This pretty much ensures that any information you received is wrong. /pol/ is technologically illiterate, mostly due to the fact that they are all NEETs, hiki, or simply underage. I know you've said you're not a tech god, and that's fine, but you need to lurk more and pay attention, because some guy coming in and claiming credentials on the internet shouldn't cut it as evidence. Trust me, I work at Nintendo.

>>805704

Fibre sniffers are not for decryption, they are for traffic confirmation, sybil, or whatever you call it. If some state actor has taps on every single ISP, exchange and datacentre in your country, then you're fucked kiddo. John Doe connects to VPN in Russia, at the same time VPN in Russia connects to 8ch.net/tech/. Coincidence? I think not. Then there are backdoors in network equipment around the world, confirmed or not. The equipment runs proprietary software, so it is equal of malice. Cisco for muricans, Huawei for chinks, etc. This is how they deanonymize Tor, not by running every single node themselves, but by controlling every channel these nodes connect to. Let's say there are 150 nodes in France, CIA taps all 3 France's exchanges and sniffs for Tor packets only, easy as that. When needed, backdoors can be activated with magic packets, the equipment itself also might store logs in secret cold storage for later use, those are not visible on surface and can not be flushed from console by hackers/admins.

>>805722

Great, but they don't, thanks to Tor and i2p randomised delays.

Magic backdoors don't decrypt packets,

>>805723

that's what me and psp are for

>>805723

just for clarifying both tor and i2p use randomized delays

>>805753

Oh, so the CPU can decrypt packets?

Do you know how ridiculous that would be to implement

>>805857

it doesn't need to decrypt the packets it just needs the decryption key stored in the ram that it has full access to

>>805753

Except the post posted from the /pol/faggot claimed that PSP and IME were a distraction and not the thing that basically makes all hardware insecure, retard. Honestly, do you niggers ever stop and think for a second.

So has anybody tried this or not? Did it work? I need confirmation!

>>805904

>he doesn't realise all hardware is backdoored or compromised at a hardware level

lurk moar

>>806994

Yes, just did one a couple weeks ago. Works good.

>>805005

>what me cleaner is doing is writing a custom firmware for the motherboards bios

No, it's just stripping away some of the firmware that's held on the BIOS chip. The way it works is that more than just the BIOS resides on that EEPROM. Some sections are reserved for the tiny operating system that makes the Intel ME work. The ME turns off the 30 minute watchdog which reboots the CPU every 30 minutes. The ME firmware itself is highly modular which allows flexibility for motherboard manufacturers. So what this ME Cleaner program does is take the entire ME firmware after you make a copy of it by dumping the ROM, either with an external clip or with a tool called flashrom. Then it modifies that copy to remove the parts of the firmware that are responsible for networking and DMA and all that nasty stuff. Then you write that modified image to your BIOS ROM and you should be left with a management engine which is completely local, as in isolated from any networks, and it shouldn't be able to access your RAM, hard disks, or CPU cache or any of your other devices.

>so this is a motherboard mod.

Yes. You are only modifying your motherboard components.

>you can't take that cpu out afterward and stick it in a new motherboard and have ME still disabled?

You can replace the CPU with anything that works with that socket and the ME will always be disabled, since the ME itself will (usually) only change versions between CPU generations.

I've done it on several laptops and under Fedora 26 the ME no longer shows up in my PCI devices, which means that it's been neutralized.

>>805678

>there are many attacks

>therefore you shouldn't bother with closing off the most obvious ones

total cianiggerdom detected

No.

Use a processor without ME/PSP/etc etc.

>>804829 (OP)

We need an OS that breaks ME as part of the boot process.

>>808942

First make an OS that escapes virtual machine as a part of boot process.

Reminder all post-2013 AMD is compromised

Guys, no offense, but:

1. I'm an europoor that can't afford a fucking TALOS II.

2. I bet my arse you guys for simply trying to avoid so much botnet end up being the most searched of us by the ISPs/Securiy Agencies. Or even that some of you "paranoids" are actually NSAfags.

3. Yes, it sounds romantic to avoid all that botnet. I get you. I hate a lot of the shit nowadays for being so slow and Windows fucking 95 moving faster than many of them. But you can't live under a fucking rock.

Please prove me wrong.

>>809736

I'm living under a rock right now and things are going okay. It's easier if you hate people.

Then buy an Atari ST, or Commodore 128. Or maybe even a pre-Lenovo IBM Thinkpad with i386 cpu. Or something else like that. If you really need 64-bit there's always PowerPC and SPARC. If you "need" Web 2.0 you're probably fucked anyway with regards to botnet, so might as well just suck down the ciannigger Intel crap at that point.

Anyway it's not about romantic, it's about being able to trust and have control over the hardware you paid for. If you're not the master of it, then why should you be paying money? They should pay you instead, and by the hour, because they're enforcing their will on you and that has to be compensated or it's not a fair transaction.

And it shouldn't be a surprise that a lot of people in open-source world are upset that the hardware layer is compromised. That pretty much invalidates all the open-source code, since even the OS can't control wtf the machine is doing at any given time.

>>809736

Why do all the TLA shills use a variant of this line of attack?

It's too late, people are tired of the botnet, and we've seen where your masters want to take us so we're taking steps now.

>>809941

>me being an NSA shill

are you fucking retarded

I bet my arse you use Xorg/systemd with a shitton of botnet inside it on your Linux/FreeBSD machine, and yet complain like a fucking bitch about botnet whilst still having a shitton vulnerabilities on your machine

Yet you have an uncorrupted CPU. Wow, it really takes a certain kind of retard to say something like this. You are truly one special kind of a cuck.