'Re: hhmmm interesting and it would be'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       cypherpunks
Subject:    Re: hhmmm interesting and it would be
From:       Ray Arachelian <sunder () brainlink ! com>
Date:       1998-08-31 12:48:52
[Download RAW message or body]

> Marc Maffei wrote:
> 
> I would think that if they have any system engineers that are even half on
> ball, that they would redesign the system to wipe floppy and reformat with
> all necessary file each time they used it, of course human nature being what
> it is the C&E's officers would probably take the easy route and never do so
> even if told that they must always do so. (laziness is a wonderful thing to
> rely on, you never get disappointed).  

Well, from what I gathered from the other descriptions of this software in
other posts, the customs drone boots your notebook computer with a fresh
scanning floppy (sealed was it?) and then discards the floppy.   Perhaps this
is to prevent viruses from being spread, but IMHO, a more typical reason for
this would be licensing.

Hypothetical situation: if you were the designer of this software and you just
won a contract with the customs dept, the best way to guaranee getting paid is
to have the floppies be one time use.  That way, you could sell them a limited
amount and be assured that they weren't reused.  Typical copy protection
schemes could also be employed. (Go back in time to the Apple II's and
Commodore 64's for various schemes.)

Harming the floppy that scans your hard drive isn't likely to do any damage to
the system as it is disposed, so none of the schemes of bypassing the floppy
write protection are likely to be of any good.

What you'll want to do is this: rig your system so that it can't boot off
floppies no matter what the bios says.  You can do this with a custom bios, so
you'll need an EEPROM programmer and a bit of disasemby work.

Then, write your own boot time OS that checks for a floppy and if it finds one
reads the whole entire thing and copies it to the disk as a disk image (sector
by sector as opposed to file by file.)  If it doesn't find a floppy in the
drive, have it boot the normal OS of the machine, whether 95 or whatever.
(There are several hard disk formatters that come with large capacity hard
disks that enable old 486's to read disks with more than 1024 cylinders boot up
from the MBR in this way.)

Now if this thing does see a floppy, you can be lazy and after copying the disk
to an image file on your HD, you could spit out repeated disk error messages,
or if you're not lazy, take a look at Bochs and hack around with the source a
bit.


Bochs is a 386 PC emulator.  You can rig it to boot up an emulated copy of 95
or whatever and it will do so.  In this case, you'll want to rig it to boot off
their scanning floppy, and you'll want to have a copy of a standard OS and hard
drive as a hard disk image - that is as a file pretending to be a hard drive.

For space, you can have it report that you have a 2gb disk and only about 50mb
is used for, say Windows 95 and maybe some token apps to make it look like
you've been using your hard drive.

Regardless of how the scanning spookware works, whether it tries to call bios
routines such as int13 or tries to access the file system, or tries to directly
talk to the IDE controller and bypass everything else, the emulator will give
it false information.

Mind you none of this is trivial, you'll have to get Bochs or a similar bit of
software to work without an existing operating system, or you'll have to
somehow mask that existing supporting OS under which Bochs will run and still
get the timing of the boot up right, and not have it display ANYTHING on the
screen, and not have it clear the bios status messages.  Not an easy task.

But, shit, if you are indeed the serious professional evil vile smut monger
intent on bringing contaband into the UK that these folks fear, I'd bet my
money that you'd resort to such tactics and be able to go through customs
without a hitch.  Then again, you could always just come into the UK with
nothing more than an URL on a scrap of paper and a passphrase in your head, or
use perhaps one of the many countless ways of doing the same ranging from
mailing yourself media with stegoed data, or writing an advanced human body
part description language and then using a machine to re-render the images from
data that lists parts and sizes and where they go, ad nauseum....


Still, these governmental contract types always look for a quick solution
provided by a contractor and get the warm fuzzies that let'em sleep well at
night upon hiring someone to provide a solution, regardless of how silly or
lame it may be.  And heck, if they can catch 10% of the bad guys they'll do it
even if it means annoying 90% of the people that come in through customs.

Moral of this story (and it's something I've been saying over and over again to
anyone who hasn't a clue) if your attacker has hardware access, there's no
software that can ever guarantee security.

-- 

=====================================Kaos=Keraunos=Kybernetos==============
.+.^.+.|  Ray Arachelian    |Prying open my 3rd eye.  So good to see |./|\.
..\|/..|sunder@sundernet.com|you once again. I thought you were      |/\|/\
<--*-->| ------------------ |hiding, and you thought that I had run  |\/|\/
../|\..| "A toast to Odin,  |away chasing the tail of dogma. I opened|.\|/.
.+.v.+.|God of screwdrivers"|my eye and there we were....            |.....
======================= http://www.sundernet.com ==========================

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic