Phoning Home
Raymond D. Mereniuk
Raymond at fbn.bc.ca
Wed Jun 27 22:01:26 PDT 2001
On 27 Jun 2001, at 16:53, mmotyka at lsil.com wrote:
> I'd be steamed if I had a laptop stolen. Recovering stolen property
> sounds good but the little zTrace widget is probably in the flash or on
> the hdd - reflash bios, reinstall os. Might want to use a pcmcia nic to
> get a new mac address, I have seen an enet chip that uses a small eeprom
> for the mac and can be reprogrammed in circuit, use Linux to avoid the
> cpuid sneaking out. Now how does it phone home? Best bet is watch it
> closely or lock it up when you can't.
The Ztrace software is probably much the same as the Computrace
software from Absolute Software located in Vancouver BC. The
Computrace software was discussed on this list a number of years
ago, before the call home thru the Net feature was added.
There is 20 to 40 KB of unused space in the system area of any AT
type formated hard drive, same area, or nearby, to where your
partition information is written on the hard drive. This area is
normally not over-written when you use Fdisk to partition a hard
drive or when you do a high level format.
The software is loaded into this area. The software is configured to
call home base, the security service provider (SSP), on a pre-
determined basis. When it calls home it basically identifies itself
and asks for instructions. In normally circumstances it is given none.
If an asset is reported stolen and then calls home it is instructed to
call home on a more frequent basis. If it calls home via a telephone
line the SSP gets the calling from number from ANI. If you
terminate incoming digital telephone lines (T1) in a Telco system
compatible device you will be given the ANI, Automatic Number
Identification. You can't block ANI. If it calls home via the Net they
get an IP address. Either way the location of the remote asset is
easily determined.
When they get a location they contact the nearest local law
enforcement agency, explain the situation and normally the local law
seizes the asset. I use asset as this type of product is marketed for
use in desktop and server type computers. It is also marketed to
insurance companies, want a discount on the policy, just load this
software and keep this number handy incase you lose it.
I figure it can be removed if you know it is there. I have no direct
experience so I can't speak with any authority. Last time this was
discussed in this forum it was thought the Linux Fdisk would delete
it. I have some other tools for deleting disk partitions which I figure
would work plus there was some low-level format programs for
certain brands of IDE hard drives which would probably work on
older model hard drives. A good guess would be anything which
could delete a Disk Manager boot record would delete this
application.
Virtually
Raymond D. Mereniuk
Raymond at fbntech.com
FBN - Offering LAST, Large Array of Stale Technology
http://www.fbntech.com/product.html
More information about the cypherpunks-legacy
mailing list