Phoning Home

Raymond D. Mereniuk Raymond at fbn.bc.ca
Wed Jun 27 22:01:26 PDT 2001 

On 27 Jun 2001, at 16:53, mmotyka at lsil.com wrote:

> I'd be steamed if I had a laptop stolen. Recovering stolen property
> sounds good but the little zTrace widget is probably in the flash or on
> the hdd - reflash bios, reinstall os. Might want to use a pcmcia nic to
> get a new mac address, I have seen an enet chip that uses a small eeprom
> for the mac and can be reprogrammed in circuit, use Linux to avoid the
> cpuid sneaking out. Now how does it phone home? Best bet is watch it
> closely or lock it up when you can't.

The Ztrace software is probably much the same as the Computrace 
software from Absolute Software located in Vancouver BC.  The 
Computrace software was discussed on this list a number of years 
ago, before the call home thru the Net feature was added.

There is 20 to 40 KB of unused space in the system area of any AT 
type formated hard drive, same area, or nearby, to where your 
partition information is written on the hard drive.  This area is 
normally not over-written when you use Fdisk to partition a hard 
drive or when you do a high level format.

The software is loaded into this area.  The software is configured to 
call home base, the security service provider (SSP), on a pre-
determined basis.  When it calls home it basically identifies itself 
and asks for instructions.  In normally circumstances it is given none.

If an asset is reported stolen and then calls home it is instructed to 
call home on a more frequent basis.  If it calls home via a telephone 
line the SSP gets the calling from number from ANI.  If you 
terminate incoming digital telephone lines (T1) in a Telco system 
compatible device you will be given the ANI, Automatic Number 
Identification.  You can't block ANI.  If it calls home via the Net they 
get an IP address.  Either way the location of the remote asset is 
easily determined.

When they get a location they contact the nearest local law 
enforcement agency, explain the situation and normally the local law 
seizes the asset.  I use asset as this type of product is marketed for 
use in desktop and server type computers.  It is also marketed to 
insurance companies, want a discount on the policy, just load this 
software and keep this number handy incase you lose it.

I figure it can be removed if you know it is there.  I have no direct 
experience so I can't speak with any authority.  Last time this was 
discussed in this forum it was thought the Linux Fdisk would delete 
it.  I have some other tools for deleting disk partitions which I figure 
would work plus there was some low-level format programs for 
certain brands of IDE hard drives which would probably work on 
older model hard drives.  A good guess would be anything which 
could delete a Disk Manager boot record would delete this 
application.




Virtually


Raymond D. Mereniuk
Raymond at fbntech.com
FBN - Offering LAST, Large Array of Stale Technology
http://www.fbntech.com/product.html

More information about the cypherpunks-legacy mailing list