On 27 Jun 2001, at 16:53, mmotyka@lsil.com wrote:
I'd be steamed if I had a laptop stolen. Recovering stolen property sounds good but the little zTrace widget is probably in the flash or on the hdd - reflash bios, reinstall os. Might want to use a pcmcia nic to get a new mac address, I have seen an enet chip that uses a small eeprom for the mac and can be reprogrammed in circuit, use Linux to avoid the cpuid sneaking out. Now how does it phone home? Best bet is watch it closely or lock it up when you can't.
The Ztrace software is probably much the same as the Computrace software from Absolute Software located in Vancouver BC. The Computrace software was discussed on this list a number of years ago, before the call home thru the Net feature was added. There is 20 to 40 KB of unused space in the system area of any AT type formated hard drive, same area, or nearby, to where your partition information is written on the hard drive. This area is normally not over-written when you use Fdisk to partition a hard drive or when you do a high level format. The software is loaded into this area. The software is configured to call home base, the security service provider (SSP), on a pre- determined basis. When it calls home it basically identifies itself and asks for instructions. In normally circumstances it is given none. If an asset is reported stolen and then calls home it is instructed to call home on a more frequent basis. If it calls home via a telephone line the SSP gets the calling from number from ANI. If you terminate incoming digital telephone lines (T1) in a Telco system compatible device you will be given the ANI, Automatic Number Identification. You can't block ANI. If it calls home via the Net they get an IP address. Either way the location of the remote asset is easily determined. When they get a location they contact the nearest local law enforcement agency, explain the situation and normally the local law seizes the asset. I use asset as this type of product is marketed for use in desktop and server type computers. It is also marketed to insurance companies, want a discount on the policy, just load this software and keep this number handy incase you lose it. I figure it can be removed if you know it is there. I have no direct experience so I can't speak with any authority. Last time this was discussed in this forum it was thought the Linux Fdisk would delete it. I have some other tools for deleting disk partitions which I figure would work plus there was some low-level format programs for certain brands of IDE hard drives which would probably work on older model hard drives. A good guess would be anything which could delete a Disk Manager boot record would delete this application. Virtually Raymond D. Mereniuk Raymond@fbntech.com FBN - Offering LAST, Large Array of Stale Technology http://www.fbntech.com/product.html