Where would be the best place to test out an unhackable netbook? The NSW department of education in Australia thinks that college is perfect . They plan on distributing netbooks, preloaded with Windows 7,and iTunes. They also have bios level tracking and security, allowing them to be remotely shut down on command. With 20,000 of these in circulation, we would think that we’ll see someone proving the “unhackable” statement wrong. We can only hope.
[via slashdot]
Quite a few simple steps could sort this.
Reflashing the bios and restarting the cmos would be my first action.
Actually, they’ve already been doing this for a while, my sister received one for two terms, she’s doing yr 10. They were pretty unlimited as far as programs and such went, the only ‘hacking’ she managed was onto our home wireless which she wasn’t meant to use, and apparently their BIGGEST problem wasn’t hacking , but the amount of porn the boys were looking up … lol XD
it seems to me that they’re trying to taunt hackers into hacking their “unhackable” netbook.
besides being able to shutdown a system remotely sounds like a vulnerably itself :/
I do agree that proclaiming something as ‘unhackable’ with no restrictions only shows how stupid you are. I suppose you could consider it unhackable if you just considered the average high school student, but now that you’ve gotten the attention of numerous: security analysts, hackers, enthusiasts, etc. all around the world, that statement will be ripped apart.
Looking into the world of DRM, many hacks been developed and release and some not released (HDCP paper, but ‘strippers’ have been released).
I’m wonder if australia has a an equivalent of the DMCA.
“Wilson said there was no way such a large fleet of machines could be managed at such low cost without the smarts embedded within Microsoft’s new operating system.”
omfgroflahahahahah, wait, what??
I’m sorry, what Wilson meant to say is “There’s no way we could have done this without Microsoft lackeys visiting us in the bathroom *wink*”
This
http://www.gnu.org/philosophy/right-to-read.html
is where this kind of shit is heading.
I especially like the line
“debuggers—you could not install one if you had one, without knowing your computer’s root password. And neither the FBI nor Microsoft Support would tell you that.”
so imma take this thing to my basement wrap it in tinfoil and flash the bios using my linux live usb drive.
A college I used to work for got some of these “unhackable” netbooks to loan to their students (the students got to keep them if they graduated). The ones that weren’t hacked immediately ended up in pawnshops.
@j9
hahahahaha
So I have one sitting next to me right here… tamper-evident case screws, RFID, Computrace (not GPS/GSM), BIOS locked down.
Windows 7 is locked down pretty tight, user can’t install software or drivers, all traffic sent through proxies when on school network and web pages checked against a blacklist when not.
The network is pretty solid too – WPA2 with PEAP auth, no guest access etc.
So yeah, you could hack it, but then you would be in breach of the agreement you signed to actually be issued with one and have to pay for a replacement
They Said they are trying to make it unhackable, therefore if someone hacks it I’m sure they’d be willing to pay to see how and get a fix.
“Tamper-evident case screws” – could you post a picture? I wonder what those look like.
Also we could try to find a manufacturer for those :-]
The term “unhackable” is pretty variable – if you look into military-grade ICs and µC you will find pretty crazy shit (even in the info you can obtain without being the US-Airforce). I remember getting an issue of Maxim’s app-notes listing lots of interesting ICs.
Sure you can try to desolder a µBGA flipchip – if you own a rework-station worth a Porsche 911. But then there’s that nasty 2048-Bit AES encryption, hardcoded unique IDs, rotational-memory-mapping, fake signals, dummy outputs, various tamper-detections (some of their µC have like 20 pins just for setting up half a dozen different barriers) and so on. The ICs themselves are build with shielding inside and (as I mentioned) are usually so small that even finding out what model it is will take a lot of brains!
After all it’s technology that by no means should be “hacked” by enemy forces, even if they found a whole crate full of it on their doorstep!
And if you look into the latest trends in consumer electronics, you will find the exact same technology being used – just not THAT secure… Less bits in encryption, no real tamper-protection – but yet more sophisticated than most people can comprehend. And trust me: It’s mainly a money-issue, they would love to lock it all up completely.
Btw i’m waiting that somebody digs up the code that shuts down the specified laptop, little modding and broadcasting, tada 1+n shutdown laptops… Ok that’s just a jokish theory.
“Unhackable” means “unopenable” I guess. Otherwise it is just a laughable attempt.
Not sure what nefarious purpose these “unhackable” LOL netbooks serve but I probably could hack it.
First open the POS up find the bios chip flash the SOB with a generic bios for that laptop platform.
Doesn’t matter if the flasher app from lenovo refuses I’ll be using the SPI interface.
If they’re using the TPM chip it’s still no big deal as these can be reprogrammed as well worst case I put a new TPM chip in place.
Next get rid of windows seven and install linux.
Then profit.
@Nitori – Profit how? Let’s imagine a 14y.o. student is clueful enough to perform the hardware mods as you described. Once you’ve sold your modified netbook, you (or your parents) then are required to pay for a replacement (because having your netbook with you will become compulsory), thereby nullifying any financial advantage you think you may have gained.
The Australian Government are giving these out to year nine students in New South Wales. I have lots of friends who have them, and believe me, some people have hacked them. The only problem is, is that the schools routinely check them and any sort of modification detected will result usually in the laptop being taken away.
As for the hardware mods, the screws that are necessary to unscrew to get to the innards are star shaped, so you need a special (8 pointed?) star shaped screw driver to unscrew them :(
@Loop – Perhaps Nitori isn’t referring to monetary profit. Perhaps the profit is that of the added utility, or status. The victory of freeing any hardware from its maker-imposed restrictions is profit in and of itself.
i have to say… i know it’s a bit late but if you actually took the BIOS out of the computer.. you did not hack it, you broke it.. and it will not be usable.. just think about it honestly.
and the titanic was unsinkable
I saw this article, and I lawled.
I saw this thread, and I lawled hard.
Already been hacked, just clone or cut of GSM/GPS disable network adapter, then use external boot device and flash BIOS, Reload whatever the hell you want. I used Hirens boot CD of all things. . . Unhackable my A$$
It is my impression they are trying to prevent software hacking. If they are they are F**ked. And even if there is a hardware lock on the HDD (similar to the Xbox) it will do them no good.
1. Image the drive
2. Image the BIOS
3. Flash BIOS
4. Unlock HDD (if locked)
5. Load Debian
Repruposed a laptop by using this method.
“Unhackable” = Hack resistant not Hack-Proof
Hi Guys, a bit about the systems:
– Restricted Windows 7 RC Environment
– All-Updates done via an MS SCCM agent.
– Group Policy 3-5 Log-ins before requiring Authentication
– RFID Asset Tracking
– GPS Tracking
– Computrace LoJack (Wipe/Shut Down)
– Internet Whitelist Access
– BIOS Locked
– No CD Drive
– No USB executables
– Tamperproof screws
Any questions, feel free to ask!
:)
By Unhackable; they mean that they are basically useless in the sense of cleaning them up to sell them down, or to be stolen.
I think they’ve done a good job in making them as useless as possible to anyone but Students.
Yeah if the BIOS is locked most of the people here sugesting bootkits are out of luck. No USB executables, is that done through group policy or 3rd party app? If it is group policy and you have local admin access you can use runas /trustlevel:”Unrestricted” to run the exe from the usb drive :)
If you can’t do that, they have probably left windows backup in place, run a backup of the sam file, crack the admin account password, done. Or windows 7 backup also backs up as an image and then you can use vmware converter to convert it to a VM and play more :) I would love to play with that VM.
Oh yeah once you have the admin password it would be humourous to see if they are the same on all the “unhackable” laptops…
If that is disabled/removed and there is no other forseeable way to get the sam file. Then a simple local/remote exploit is the way. You will no doubt need the exploit code. Do as the virus writers do and put the exe someplace you have execute rights, or do a remote exploit… smb v2 issue comes to mind.
Can ActiveX controls be installed?
I bet that could cause some lovely problems.
Orbit:
Go to your schools engineering department and have them machine you up a screwdriver for the thing.
wow. theyre idiots. by saying its unhackable, they basically just brought the anger of tons of hackers on to them… dun dun dun!!!!
Killerwasps, you seem to know alot… Are you one of these students?
Is the HDD locked?
Im leaving school this year, and our teachers have gotten a few of them to mess about with. As far as unhackable goes? We chucked a usb DVD reader next to it, reinstalled xp. Took us 40 mins to do it all. On the bottom you can see a visible bulge of where i would assume whatever the po po have added is, under a custom face plate labeled “Trackable by the NSW Police department” and so on. I dunno, we turned it into a xp machine in that time and gave it a wrap around, and the only problem we had was it had difficulty connnecting to the offical DET network, but thats okay.
Continuing on on that, i was under the impression that we would be signing waivers that locked us into taking care of them untill the end of the year, then we own them ourselves? The software that comes with those school lenovos are impressive, adobe photoshop, so on, so on, so on. Like a few thousand bucks worth of software.
For aussers, that 8 point screw, you can find them in any bunnings. Same ones you find on super nintendos people, hexidecimal screws?
I think you mean torx? http://en.wikipedia.org/wiki/Torx
@someausstudent – You can install XP on it, but you will not be able to connect to the DET network at all, and the Admins at DET can still remotely kill the laptop, regardless of the OS.
if it has more than 2 wires, it will get hacked!!..FACT!
@loop; How do they remotely kill the laptop if it is no longer the same os and the remote lock doesn’t work via GSM, unless it phones home on every network? Then it is just a case of capturing this phone home and null routing it :) Then work out what bit does the phone home and kill it. Of course fun could be had with this too, in a school environment redirect this phone home to a server you control then if you capture the kill message… kill all :)
@Morgan – because Computrace lives in the BIOS.
Now, some here have said that flashing the BIOS will get rid of Computrace. Great idea, however the BIOS is password protected, so you can’t do that easily. Unsolder the BIOS chip and replace it – true, this might work, but how many 15 year-olds are willing/able to re-work a surface mount chip (indeed, they can’t do it at school), and once you have an S10e running FreeBSD/Linux/whatever, how are you going to partake in lessons delivered using the software that was installed on those laptops to begin with?
@loop – Yay it lives in the BIOS, big whoop, it has to get its instructions from somewhere. Either GSM (3g/gprs/edge mobile internet etc) or via the internet, this is what I was talking about, and it can trivilly be blocked by anyone who knows how to use wireshark (there are plenty of tutorials online). Then you can simply capture via a hub or wireless ap where the traffic is going to eg pwn.computrace.org and block it on your home network, or get your computer disabled and capture the disable command for later fun and profit.
There are also easier ways than unsoldering the BIOS chip, bios’s are all battery backed up, simply pop the battery.
Once you have FreeBSD/Linux on it, you won’t care about lessons being delivered on software that will have no similarities to the next version in of the same software causing you to have re-learn. You will have a real OS and if you know what you are doing access to the DET network with that real OS.
Know windows and you know windows, know Unix and you know the world :P
@Morgan – So when the teacher says “Use program x to give a result looking like y”, students who have cracked their lappys will be unable to complete their coursework – brilliant!
Further, no network access at school because the certificate that is used to auth the laptop onto the network is gone, forcing the student/parents shell out $500 to replace the lappy – brilliant!
So really, they are using DEFCON over 9000 to protect some of the cheapest laptops in the world.
Not given to prisoners mind you, students.
And you are forced to use good new’ Windows 7.
Some one just replace the BIOS to own these idiots pleeaase
@Loop; So they use a free program Z to make something that looks better than result Y, but of course they would fail due to not conforming and <sarcasmfont>we wouldn’t want free and independant thought in a school of all places.
OH NOES a certificate… they can’t be copied and imported elsewhere ever, thats impossible…</sarcasmfont>
@Morgan – Correct, this is public education, after all
They have reasonably secured one end of their setup. Malware writers may have to use the other end.
Knowing a dozen names is hack enough in a sufficiently centralized system.
haha, it defends against hackers by bricking itself if it thinks something is wrong.
I got one of these, you can get past the self-bricking by removing the GSM/GPS antennas, re flashing the bios and I went ahead and swaped the hardrive just because I could. Mine is sitting next to me happily torrenting running off of ubuntu! Its really not hard. I just wanted to see if I could. I think I owe money to my school for damages though…
This reminds me of the book ‘Little Brother’ by Cory Doctorow, in fact disturbingly so. You can get the book as a .txt of .pdf LEGALLY. After one minute of searching I couldn’t find where, so it’s up to you.
A suicidal Netbook…
Hmm… someone pinches a classmate’s netbook,
puts kiddy pr0n on it, puts it back, or not.
Netbook gets reported stolen, Gum’t looks in to check where’s the netbook, pr0n found… a whole load of trouble for an innocent person.
Let the games begin
I’ve actually got my hands on one of these ‘unhackable’ laptops. The Windows portion itself has been locked down from the ground up (any EXE’s from an external source will not run, I tried some CMOS flashers). The applications that are pre-installed on these laptops are basic like 7-Zip. They are maintained by the Department of Education and Training of New South Wales by re-imaging them via Remote Desktop. If you try to access the BIOS the computer will immediately restart. I have no idea how they’ve done this. There is also a Windows Recovery Environment Partition on it for boot manager recovery I assume. They have a built-in hardware GPS which is apparently “monitored” by the local police force. The IdeaPad laptops came in either red or blue and have Crimestoppers logo and telephone number on the base of the laptop and integrated in the Windows 7 Logon Menu (in the lower left corner). It need’s a special 6 pointed screwdriver to access the inside of the device but I wouldn’t want to as tampering with the device apparently alerts the police.
i’ve hacked it simply by taking the hardrive out, plugging it into my home computer, deleting the group restrictions and firewall program.
now i can install anything and run anything :)
as for the internet restrictions, yourfreedom is working fine