Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
myhack58佚名MYHACK58:6220053681
HistoryOct 11, 2005 - 12:00 a.m.

Talking about after the invasion of the hardware destruction method-vulnerability warning-the black bar safety net

2005-10-1100:00:00
佚名
www.myhack58.com
6
JSON

|

Internetthe field of security, one foot magic ridge, and then strong fortress also has his deadly colony, hackersarttoday, was born many kinds of means of attack, and in front of the defense method is endless, but whether it is anti-both, all overlooked an important aspect-that is, hardware security, and hardware is software based, if the hardware is damaged, then you of the software regardless of the defense much better, all to no avail, a few years ago, the first destruction of the hardware the virus CIH the outbreak, is still chilling, and the final the reason is that people neglect hardware security, but the virus swoop, butthe hackersartis still not out of the software attack and destruction, the author affected by the CIH virus andhacksartDouble inspiration, and finally found the one for the hardware of the attack means!
Therefore a kind of attack method harm is too large, hope that the majority of readers do not easily used to do illegal attacks, but also hope that the majority of the network comrades to be careful, otherwise the next might just be what you…
Usually in case of invasion, we are in complete control of a host, if you want to be as far as possible damage to the case, the maximum limit is to modify the other side of the home page, delete the period important files, completely formatted the other computer and the like.
Can we get some permissions, the ability to complete the term host to the greater extent of the damage? Of course you can otherwise I writing this article?) We can another hack creative writing, bypassing the software, the completion of the hardware of destruction!
Preparation:
Tools: winhex
winflash
cbrom
modbin
Gigabyte@bios download address:<http://www.xysky.net/showsoft.asp?soft_id=80&gt; to
An excellent can for remote screen control of the Trojan, recommends the use of the other 3 3 8 9, The
The above tools can be tohttp://www.xysky.netto download
The basics:
Re working before the first above a few kinds of software as well as bios for a brief introduction brothers do not misuse chop wood work: the
winhex: a grade of 1 6 into a text editor, you can open any format of file, because its content can be stored directly edit and famous. Cracker essential tools,here we use it to modify the bios file.
Winflash: the award-Fisher scientific company for adapt to market trends and the launch of a direct then the windows flash bios tool universal with all the award-Fisher scientific)bios. Need to install the later can be used.
Cbrom: the CBROM is designed to modify Award BIOS files a tool, it can be from the motherboard’s BIOS(suffix bin files extracted, deleted, or added to some file, we here use it to extract some of the files modified and then added the bios files., the
Modbin: the Award company has released is used to modify the BIOS binary file is stored in the BIOS file, it can only directly modify the BIOS boot display very little information as if just one word, but that is it exposes the BIOS of all of the information. At the same time having a characteristic, which open the bios file, will the bios file to decompress it, because the bios file is the result of a special much compression method, common have tool is unable to extract
@bios: Gigabyte company produced a can then windows directly to the motherboard bios refresh tool, he can not only for the Gigabyte motherboard to refresh, can actually be of most use award company of the bios of the motherboard to refresh, no need to install simple to use.
We all know that the BIOS is actually a set of engraved burned in the ROM of the relevant procedures, and in the disk, the BIOS is based ondatafile of the form, and thisdatafile and how is it composed? BIOS datafile is actually composed of a plurality of files and through the compression processing, wherein the file has a BIOS program’s main file, EPA image files, Logo BitMap file and so on. Different models of BIOS which is included in the file are different, but regardless of the BIOS file contains the System BIOS such as on the table in the“0”line, it is the BIOS of the most basic components, in addition, also contain other types of program files, which are used to perform respective different functions. The Bios is a hardware system is an important part, if the bios is damaged, will directly cause the computer to not boot.
Good is ready, we start our destruction of the work!
The first step: to seize positions
Method: you know any method, to give the murdered host, broiler administrators permissions on some directory with write permission in addition broilers are a must for the windows operating system. Best to open a 3 3 8 9 of the broiler, do not recommend the use of Trojans, it is assumed that in the 3 3 8 9 remote terminal operation, the use of the Trojan horse operation and his similar, this does not apply above.
Second step: transporting the troops
Will we have the tool@bios and erase the footprints have stuff to upload to the broiler to give a directory, the upload method you can use ipc$, e-mail, etc. you can even do it in the broiler of the above open a Your QQ, and then transfer files…that The specific methods of the first, like, watching you play, of course, is the more beautiful, the better.
The third step: the escapement thieves first capture the king
Finally entering the damage step so excited(BT), the first link of the broiler, the remote run@bios, remember to use the English version to give@bios, because if the other side is used English or other language theoperating system, the 我们 用 的 中文 得 @bios 会 显示 一 团 乱码 … 任 你 是 天神 也 不知所云…the. You must be with administrator privileges log, otherwise according to my tests, it will appear similar to the“bnfffff”error message, and then himself to stop running, ghosts only know what those error messages mean.
Remote run@bios, click the“Save Current BIOS”to save the existing bios),(as shown in Figure a according to the prompt the bios file is saved to a directory, off the@bios program, if the Save process an error, we will winflash this app upload to the broiler, to complete the installation, and then use it to extract the bios file. Because winflash is a award company release get a refresh tool, compatibility is very good, as long as the other use is award derived bios, it will certainly be a success, you might ask why not start with winflash? Mainly because winflash need to be installed, using relatively cumbersome, easy to be each other to give the administrator found, and the@bios has certain limitations, that for some motherboard compatibility is not good.
What? You use winflash still prompts the error? That you finished, and had to give up this in a broiler, because it can be used is AMI was the bios, which several tools are powerless. The replacement of a broiler, because the use of AMIbios have the machine after all is minority.
Now we have to do is put the bios file extension is generally for the bin back we got the machine, of course we can not back our winner of the machine and in the other to give the computer directly above the Modify, but that you want to upload many tools, and the operation is more complex, easy to be found, etc., so it is recommended that everyone do not be afraid of trouble, first DOWN back in the Modify, modify the good, perhaps it should be said is a modified bad later, in the re-transmission will be broilers.
DOWN back to our medalist of the machine to give the method against the we imagine, we think how easily, how smoothly, how nice it how to do, I was in the broiler above the open. I have a mailbox, save the file in I have to mailbox inside, and then from the machine to open the mailbox, DOWN back later on ok.
Step four: bait and switch
Here we succeeded scalpel winhex, and cbrom, and modbin play a role too.
The following will be from easy to difficult to introduce several modifications have method, of course, the easier method would most easily be each other find and fix, and the most complex method is simply too difficult to repair, because a administrator to obtain energy is limited, basically are used in thenetwork, his hardware is absolutely impossible to master!
Method one:
Directly to the DOWN back the BIOS file with winhex open, then the input mode by the cover modified to insert its default state to cover, in order to prevent changes when the change is to modify the file to obtain size. After opening the file, which left a large number was a hexadecimal code, such as Figure II do not tube these things, and see how the will feel dizzy give a shout, we look right, right is that a big pile to make people more shiners was garbled.
Start now! With the mouse in the gibberish above just to find one not pleasing to the eye to give the local tap, and then began to casually have a few the keyboard is ok, not too much yeah, and then in the drop down scroll bar, in just a single place…
Continuous several times after, this bios file has been we destroy it beyond recognition, okay, save yourself! Next you can put this through modifying’ve got back to the broiler(fast into a dead chicken, with@bios or the winflash to refresh and go back on ok.
Advantages: simple operation, suitable for beginners.
Disadvantages: 1,may be because the bios file is modified too, the refresh is much time prompt error, unable to refresh
2,the refresh is completed, the broiler when you restart the computer, the black screen without any reaction, there is little hardware knowledge, people will easily find when a bios fault, which is a timely repair…
Method two:
This method does not have destructive, but it is a good method…
We ourselves can make an invasion much images, saved as 2 5 6 color, 6 4 0*4 8 0 size, remember to be eye-catching! We put him into the broiler to give the Start screen, guaranteed to make each other tremble in fear!
Below please cbrom to play…
With the CBROM command to check the BIOS file of the file structure and the remaining capacity, to confirm whether you can write a new BIOS LOGO. The operation of the instruction is:
Cbrom BIOS file name /D note: / the front to add a space
For example, MSI MS6309 motherboard, assuming that the BIOS file is named MS6309. BIN, you can type Cbrom ms6309. bin /D, displays the BIOS file in the content as shown in Figure three: a
In confirming the capacity can accommodate the BIOS LOGO, after that we can Will the BIOS LOGO is written, the operation of the instruction is:
Cbrom BIOS files / LOGO image file name, for example, making complete image of ADI. BMP, BIOS named MS6309. BIN, the operation method is as follows:
cbrom ms6309. bin /logo adi. bmp
After executing CBROM itWill the image file is compressed and written to the BIOS file, figure Four, the General BMP bitmap format images can be compressed to about 2% The size, so the occupancy capacity is not very large.
Well, then you can put this through modifying’ve got back to the broiler, with@bios or the winflash to refresh and go back on ok.
Advantages: does not have destructive, but you can give each other a warning, the fit in don’t on the other computer caused a big destruction and want to give them a warning when using…
Shortcomings: the trouble, but also to do their own pictures, the ps is not cold people can go online to find one other picture
Method three:
首先 在 MS-DOS 窗口 下 运行 MODBIN.EXE in the“Load File”, select your saved BIOS file. As Figure five to confirm finished, switch to the Win95/9 8 Note: at this time do not close the MODBIN. EXE MS-DOS window, you will find in MODBIN. EXE folder, more out of a ORIGINAL. TMP(ORIGINAL. BIN file, this file is where we edit the object.
Do not turn off the MODBIN, and then use winhex to open the ORIGINAL. TMP or RRIGIAL. BIN in WinHex menu, select FIND- > the FIND TEXT item, find the content as“CELERON”or“XEON”if you find that the other person is using the athlon processor, you must search for“athlon” ,winhex willautomaticallyto jump to the first presence we want to search the file to give place, here is the CPU model of a collection, there are a variety of CPU models. As Figure VI note micro in the post, is to call these text messages and put them in a certain position is displayed, display the time, using a superimposed manner, so that we see information is a few information superimposed together. From the figure we can discover that this text message is between using small circular points are separated, if the small garden spot removed, you will find that the system in self-test, the following information is also displayed together with the out, and, the display of the location information is determined. Now we are in the inside of the Insert remember to be inserted, not overwritten characters of 1 0 or less ok, not too much. Save, exit.
Switch to the original MODBIN. EXE MS-DOS window, in the“Update File”to confirm the BIOS file is modified and exit.
Then in the back of the broiler, refresh, ok. Next to each other after the start, will appear so much strange phenomenon: can start, can be detected all hardware, and can even enter the bios setup, and modify the settings, but just can’t boot! In the bios it will boot right to the hard disk boot, everything stops! No error alarm information, nor any reaction, there is only one cursor Flash! Flash!.. the.
Advantages: the destruction of the very thorough, very hard to find is a bios error because he can progress the bios setup, you can boot, even with the debug card is also not found, even if found to be a bios error, only through the hot-swap repair, difficult…
Cons: 1:We need to modify the operation only on 9x systems, if 2 0 0 0, it may not be successful.
2:In addition sometimes appears in winhex cannot be preserved phenomenon, sometimes appear, sometimes normal, and so far I don’t so, if any friend know please tell me loudly. Thank you
3: a complex operation
Also need to note is, we in the completion of any one of the above method, to erase the footprints, in addition to we don’t give him a restart, let his own startup, so we have the invasion would be more subtle, in a normal was after a restart unable to boot, he absolutely can not imagine is someone incursions have…that Potentially increasing the repair much difficulty!
Prevention methods: first, to ensure thatserviceis itself safe, both to cut off the intrusion was the source, if the intruder cannot get to system permissions, of course, cannot be destructive refresh. In addition to the motherboard jump line disposed above the To refresh the bios have a jumper closed, so you can prevent someone malicious to refresh the bios.
Summary: writing this article was not intended to let everyone go and sabotage, otherwise the police uncle came, don’t blame me, I’m just giving everyone an alternative to obtain the way of thinking, not limitations in the software of the software is to be small circles inside. The divergence myself was thinking, good shout…

JSON