Saludad Cypherpunks!

A while back Coderman posted:
“Fwd: [tor-talk] How does one remove the NSA Virus off the BIOS Chip as describe
d by Snowden in the ANT Program

it should be noted that BIOS exports contain device identifiers, like
HDD serials and so forth...

---------- Forwarded message ----------
On 11/21/15, Flipchan <[1]flipchan@riseup.net> wrote:
> I would like to help in anyway i can , i'm currently developing an anti
> virus and auditing multi platform program , So if u can find out/copy all
> the viruses the nsa have given You and send it i would love to help on
> detecting and protecting ppl from it :)

you say "find out, copy all" like it's so easy, *grin*

here's some fun for you:
 [2]https://peertech.org/files/taobios-v2.tar.bz2

$ sha256sum taobios-v2.tar.bz2
0ba12b0ecf89d109301b619cbc8275e5cd78b6fefd3724fba0b6952186e37779


interesting details in both samples!
( L2 is config only PDoS via UEFI BIOS :)
”
[3]https://lists.cpunks.org/pipermail/cypherpunks/2015-December/011197.html

This appears to reference BIOS recovery exploit to launch malware in SMM. I am t
rying to find a copy of this malware directly, not just the virustotal reports.
The peertech.org domain appears to be taken over.

Checking for old versions in archive.org does not yeild result - [4]https://web.
archive.org/web/20160630/peertech.org/files/taobios-v2.tar.bz2.

After seeing CCC Camp presentation on Sednit UEFI malware - [5]https://media.ccc
.de/v/35c3-9561-first_sednit_uefi_rootkit_unveiled - I am reminded of this.

Does anyone has it?

References

   1. mailto:flipchan@riseup.net
   2. https://peertech.org/files/taobios-v2.tar.bz2
   3. https://lists.cpunks.org/pipermail/cypherpunks/2015-December/011197.html
   4. https://web.archive.org/web/20160630/peertech.org/files/taobios-v2.tar.bz2.
   5. https://media.ccc.de/v/35c3-9561-first_sednit_uefi_rootkit_unveiled