Update: [tor-talk] How does one remove the NSA Virus off the BIOS Chip as described by Snowden in the ANT Program
belated catch-up:
- YES! i am still looking for anyone who kept the copies of
taobios-v2.tar.bz2 downloaded on the 10th, 11th, or 13th and not the
expected sha256sum as in
https://lists.torproject.org/pipermail/tor-talk/2015-December/039678.html
- this or some FOIAs or maybe *ahem* got peertech.org dedi burned;
(~_~;) , shit rained - keys died in a fire... at least learning was
enjoyed in large measure? *grin* [ see addendum. ]
- if you didn't get the bios captures the first time, they are also now at:
http://cubicmeteryhbozt.onion/taobios-v2.tar.bz2
L1-bios-readA.bin and L2-bios-readA.bin images have been submitted to
VirusTotal, no hits. however, remember it is looking at UEFI code
modules, and as discussed, both payloads take pains to avoid common
BIOS forensic techniques - they're not rogue UEFI malmodules sitting
in easy reach! :)
- the FOIAs are,
= Meta-FOIA: https://www.muckrock.com/foi/united-states-of-america-10/procnopenopes-24179...
= New Req(FBI):
https://www.muckrock.com/foi/united-states-of-america-10/keykeeperkomikal-24...
= New Req(DoJ):
https://www.muckrock.com/foi/united-states-of-america-10/keykeeperkomikaldep...
and list at ello still excellent, too:
https://ello.co/ohj2eevi/post/SDNS4ZsILYAG_SQ8yMl9Ew
… :P
... Addendum:
the incident and response info:
https://ello.co/ohj2eevi/post/AcOPfljWjTmfuFEkpc5Pbg
, however it seems they've lost the 8 comments which contained the
detailed updates. i can find archives in PDF if anyone cares?
-
the "signal" honey token service used to detect the TLS MitM is described here:
https://ello.co/ohj2eevi/post/JwQUX_nGF4OhtaJXDySzjg
.
best regards,
[ fwd is for posterity; with apologies by the megabyte, :o ]
---------- Forwarded message ----------
From: coderman
Scan Time: 2015-12-05 23:15:16 Target File: L2-bios-readA.bin MD5 Checksum: b47e3205e77e94b8f2e9400d4f915e76 9d8 < 806912 0xC5000 LZMA compressed data, properties: 0x5D, dictionary size: 16777216 bytes, missing uncompressed size
See also, https://jbeekman.nl/blog/2015/03/reverse-engineering-uefi-firmware/ and even take pictures for you to replicate, [ see attached ] don't you want to learn to fish, young padwan?
participants (1)
-
coderman