![]() and still have a malicious boot loader come out of the disk instead of the one you believed should have been there, thus bluepilling the system. You could (ask it to) overwrite the boot loader, read it back and receive an enthusiastic confirmation that it has been zeroed (ask to) write a clean boot loader in its place, re-read it and receive a haughty confirmation that it has been written and committed. A tampered SoC might disobey and lie about it (and will do so, or there would no point in tampering). Untampered SoCs will obey (or lie to you to your advantage: for example reporting that a sector has been written instantly, while in reality it is being held in a write-back cache to increase performances). Whatever you do to a hard disk from the SATA cable is actually no more than a polite request to the disk SoC to perform some action on your behalf. Which, predictably, it seems to have been the case.Ī disk thus hacked is completely untrustworthy. Unless some programming backdoor had been burned in the firmware by the manufacturer, in order to save some bucks and do without the whole JTAG stuff. #Easy translator coding root kit software#So a purely software malware would have no chances. The problem then is that the malware would have to be specifically targeted, and in most if not all cases, hardware physical access to the JTAG connector through a custom cable will be required. #Easy translator coding root kit mac#This area is normally not accessed (for programming) through the data cable by which the hard drive is connected to the host computer, but through a specialized JTAG connector which is only used during the manufacturing process.Īlso, the programming instructions must be specifically adapted for the hard drive controller CPU chip just as the same HTTP protocol may be "spoken" by a Motorola-powered old Mac or an Intel 80386, but the two CPUs won't ever "speak" the same language, so two disks from the same manufacturer may have an Avago chip, or a Marvell one - and they will require different and totally incompatible instructions. ( Update: the above trick has been reported in the wild by Kaspersky) In some hard drives, there may be a third memory area that is accessible, self-booting and capable of hosting a complex malware (as complex as, say, a minimal Linux kernel). Theoretically, for very large values of theoretically, yes. You might have data not overwritten by the disk wipe, in "out-of-band" areas, but those areas aren't normally accessible, and if made so, they also become accessible to the wipe. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |