Phoning Home

mmotyka at lsil.com mmotyka at lsil.com
Thu Jun 28 10:28:56 PDT 2001 

> The Ztrace software is probably much the same as the Computrace 
> software from Absolute Software located in Vancouver BC.  The 
> Computrace software was discussed on this list a number of years 
> ago, before the call home thru the Net feature was added.
> 
I think when writing a Master Boot Record ( it's been 10 years since I
wrote tools that did this ) you can leave as much space as you want
completely uncomitted anywhere on the drive. This space should still be
accessible by logical block address on the device. What could get fairly
interesting is that drives typically reserve some sectors on each track
for replacement use should one of the logical sectors on the track go
bad. Western Digital http://www.wdc.com offers utilities that manage
their drives, apparently even the recent models. What I wonder is are
the proprietary APIs published or would the tools have to be reverse
engineered? This would allow access to substantial storage that would
not show up using that standard ATA calls. 

In the end though, that storage must be accessed from code in the BIOS
or the booted OS so wiping those will probably do the job. 

Seems like whether you're talking about asset recovery or Napster and
copyright the only solutions are men with briefcases and guns or
proprietary Si. SW is too easily manipulated.

Regards,
Mike

*********************

> There is 20 to 40 KB of unused space in the system area of any AT 
> type formated hard drive, same area, or nearby, to where your 
> partition information is written on the hard drive.  This area is 
> normally not over-written when you use Fdisk to partition a hard 
> drive or when you do a high level format.
> 
> The software is loaded into this area.  The software is configured to 
> call home base, the security service provider (SSP), on a pre-
> determined basis.  When it calls home it basically identifies itself 
> and asks for instructions.  In normally circumstances it is given none.
> 
> If an asset is reported stolen and then calls home it is instructed to 
> call home on a more frequent basis.  If it calls home via a telephone 
> line the SSP gets the calling from number from ANI.  If you 
> terminate incoming digital telephone lines (T1) in a Telco system 
> compatible device you will be given the ANI, Automatic Number 
> Identification.  You can't block ANI.  If it calls home via the Net they 
> get an IP address.  Either way the location of the remote asset is 
> easily determined.
> 
> When they get a location they contact the nearest local law 
> enforcement agency, explain the situation and normally the local law 
> seizes the asset.  I use asset as this type of product is marketed for 
> use in desktop and server type computers.  It is also marketed to 
> insurance companies, want a discount on the policy, just load this 
> software and keep this number handy incase you lose it.
> 
> experience so I can't speak with any authority.  Last time this was 
> discussed in this forum it was thought the Linux Fdisk would delete 
> it.  I have some other tools for deleting disk partitions which I figure 
> would work plus there was some low-level format programs for 
> certain brands of IDE hard drives which would probably work on 
> older model hard drives.  A good guess would be anything which 
> could delete a Disk Manager boot record would delete this 
> application.
> 
> Virtually
> Raymond D. Mereniuk
>

More information about the cypherpunks-legacy mailing list