Extracting Equation Group's malware from hard drives

grarpamp grarpamp at gmail.com
Wed Feb 18 13:20:05 PST 2015

On Wed, Feb 18, 2015 at 2:48 AM, Virilha
<cypherpunks at cheiraminhavirilha.com> wrote:
> This 3-letters-agency did it with software, mostly using undocumented ATA
> commands.
> Assuming no one knows the specifications for the ATA commands

All the non vendor specific command specs are documented
at t10, t13, serialata ...

Which you can bitbash for fun from userland with the likes of ...

More information about the cypherpunks mailing list