Intel ME defeated

Can this work on anything other than ThinkPads? For example a desktop mobo?

ME exists at least since the Core2 family

Actually it turns out it does work on haswell [1]

It's not about the mobo, it's about the CPU. See the currently supported devices:

[1]: github.com/corna/me_cleaner/wiki/me_cleaner-status

>You could try the script and report back, although it hasn't been proven to work on skylake yet.
I don't really want to be a guinea pig with my 6700K

Some core2 have it and some not as far as I can tell (same with i5 and i7). I think it's 2nd gen i5's and up that have it (and the equivalent core2).

github.com/corna/me_cleaner/issues/3

>Working on:
>Intel i5-6500
>Skylake
>MSI Bazooka B150M
>Stock AMI Bios
>61fd606

Oh man this is cool. Does this mean libreboot on some newer hardware? Sounds exciting.

Incorrect.

Pretty certain he's right actually.

I see Intel PR team is already out in full on damage control.

Yeah, the future of freedom looks bright.

Nope. It has Ring-0 access.

>The only solution would be to basically buy a new computer.
Why not just use firewall that blocks everything except traffic to your vpn server?

did the gubmint demand a backdoor or why does intel have these sorts of systems in place?

It won't work. IntelME can get around it. Read up on it a little.

Oh you're just retarded. Carry on then.

Is there any way to undo the mod in case I find out that it doesn't work on my laptop?

Their excuse is that it targets the business sector (e.g. big company man buys 5k laptops and some disgruntled employee keeps the laptop when leaving, they want to lock it up remotely, and maybe get files from it beforehand, or maybe the laptop was stolen and you want to brick it).

Of course it's not like it puts you at a disadvantage to have the entire world by the balls now does it?

I can hack my router? Bullshit.

nice goalpost movement my dude.

This seems risky. I already killed my previous motherboard by flashing some stupid shitty modded BIOS.

The script takes a firmware image and then modifies it to remove the offending segments. You proceed to flash the freedom'd image onto the CPU. All you have to do to undo this is to flash the original image.

It's for large companies to manage shitloads of computers without needing to physically be there. You can use ME to configure the BIOS from a thousand miles away. No OS or anything needs to be present either. However, there's no need for a "feature" like that in a home computer (unless you plan to do some malicious big brother shit with it).

Totally. Neo Sup Forums is real and also incapable of fact checking.

Technically it can, considering it can observe and record your keystrokes, dumbass.

So if it doesn't reboot after 30 minutes on its own, it worked and I can leave it there?

Exactly.

I wonder if this allows me to upgrade cpu in my cheap laptop. Beause this model is known to restart after 30 minutes when a cpu that isn't whitelisted is present.
Switching from celeron to i5 would be cool.

>Intel Management Engine is a device that lives on the northbridge on any modern intel CPU that can operate even when the system is turned off, and has full access to the disk and memory at all time. Features include the ability to brick the CPU on demand, and full TCP/IP stack access. It is able to send and receive network packets even when the computer is turned off
this sounds like complete bullshit

Believe it or not, it is true.

Nice. I'll give it a try.

>restart after 30 minutes when a cpu that isn't whitelisted is present
this is making me nervous.
what would a "blacklisted" cpu be?

No one has tested on X99/haswell-e yet :c

Knock off processor from China

Man, so tempting...

Any other risks (after flashing it properly, that is) aside from having the PC restart after 30 minutes?

whitelisted as in officially supported by this laptop model and chipset
some other models work, but for 30 minutes, while other don't boot at all, even though they are supported by chipset

same thing happens with wireless cards, but people found a way around that and remove whitelist check from bios/uefi

Will this work on the X200? I bought one recently and I'd like to remove the ME, but now libreboot has been hijacked by a tranny.

But if the processor was made in China, why would it they make it with that "ME" thing if its gonna shut itself down automatically?

Not only is it all over google and wikipedia, but it's not like intel is hiding this. As said earlier in this thread they outright advertise most, if not all, of this because >business.
See www-ssl.intel.com/content/www/us/en/architecture-and-technology/intel-active-management-technology.html for instance.

>It can send and receive network packets, even through a firewall

No it fucking can't you dumbass. A packet is a packet, if it tries to waddle through my pfsense, it's dropped.

>It won't work. IntelME can get around it. Read up on it a little.

No it fucken wont

>Technically it can, considering it can observe and record your keystrokes, dumbass.

So fucking what, how the hell does that enable it to pass my hardware firewall? Please do tell.

Technically it could brick your PC, but this is just as likely as you are to fry your GPU when carefully OCing it incrementally.

Chinese knock off CPUs don't exist. The most they do is change out the heat spreader from older chips with new heat spreader claiming to be a newer chip.
The Chinese don't have the technical facilities to produce x86 chips at anywhere near intel process nodes.

Most commonly they just take ESs and sell them on ebay or the same with OEM xeons.

Hello intel employee. How are you doing today? Do they not give you breaks on weekends these days?

Reminder that Intel included the JVM in the ME to help rapid development at NSA/CIA

>whitelisted as in officially supported by this laptop model and chipset
>some other models work, but for 30 minutes
Why would they restrict the processor like that.

If it boots and you're using it, its because it works, right?

want better cpu? buy a laptop model version that comes with that cpu, instead of buying the cheapest one and replacing cpu on your own

What kind of hardware do I need to use this? Does this involve specialised tools like librebooting an X200 does?

You must be new here. Sup Forums is always right, even if you're too dumb to understand it. All three of those (You)s were so delicious.

China manufactured all the CPUs of the world's fastest supercomupter
en.wikipedia.org/wiki/Sunway_TaihuLight
en.wikipedia.org/wiki/SW26010

Could this be why my pc rabdomly draws current in short bursts when turned off?

I hope you have at least one non-Intel NIC between your Intel CPU and the Internet

Dude. I despise intel me and am contemplating trying this out with my thinkpad.

I'm just a lowly network admin at a mid sized firm.

ya cunt, here's one more for your sod ass

For now, yes. You need an external flasher.

U made, lil bich?

Rapid question:

Intel ME belongs to Intel AMT which is part of Intel vPro.
According to specs, both 6600k and 6700k do not have vPro.
Aren't these two cpus botnet free, then?

(7)
No. Not even gonna give you a (you).

But I'm right.

It could be, but it could also be other factors. What do you mean by turned off? Do you mean "I pressed the button labelled shut down in wangblows 10"? Because that doesn't shut the computer down. What do you mean by drawing current in short bursts? Did you use measuring equipment at the PSU output or on the rails? Note that out to PSU in doesn't mean much and can be caused by bad source or electromagnetic effects.

Congrats? How the fuck are RISC super- computers in any way related to x86 architecture?

As I said, China simply doesn't have the facilities to produce x86 silicon at anywhere near the process node intel is at.

It's not in the CPU, it's in the chipset (vPro).

No, Intel ME is on every chip after C2D.

When you said firewall the first time you were BTFO because intel ME objectively bypasses firewalls installed on the host machine. That's when you changed the goalposts and got butthurt when nobody fell for it.

Nice! Is this usable with desktops? ASUS motherboards, theoretically...

No, anything past some point (ivy bridge, inclusive?) has the ME no matter what. Don't know where you're seeing otherwise.

>x200
It doesn't have ME, fampai, it's pre-ME. x201 was the first one with ME.

I guess in theory if the pfsense box is running on a CPU that also has intel ME then there potentially could be traffic between the two intel ME CPUs that simply gets intercepted on both ends before the host OS has a chance to filter it.

Seems fairly unlikely though

Earlier incarnation put the chipset off the CPU but this is no longer the case.

Yes, there's been at least one reported success. In principle, it can work on any ivy bridge, sandy bridge or skylake CPU. See

That wasn't me. I simply came in and corrected wrong statements.

We need poster id's.

Yes to both. There's also the option to use other networks than your own (satellite not excluded). But the point was that having a firewall on a non-dedi box would be completely useless.

Wankblows 7, wake on lan is turned off. My powerstrip has switchable outlets controlled by a master outlet(pc), when that draws current the outlets become live...you get the idea

so what's the point of flashing libreboot on it?

>>>/reddit/

Having a dedicated hardware firewall running ARM or similar is probably your best bet then.

What about Haswell?

Yes, assuming there's no intel satellite to which the device does connections to (chances are, there is one, in my opinion - it's not very hard or costly to setup for someone like intel). It depends on your microthreat model, in other words.

reddit.com/login

Nevermind, looks like it was since 2006, and more full-blown starting in 2009 with nehalem.
libreboot.org/faq/#intelme

Proprietary BIOS is proprietary, Libreboot doesn't get around ME, it gets around proprietary BIOS.

how much longer until we have real botnet-free cpus? lowRISC is promising a RaspberryPi type board with an open RISC-V chip in 2017. i hope RISC-V does for hardware what Linux did for operating systems.

en.wikipedia.org/wiki/RISC-V

connecting to a sattelite from under your desk, without an external antenna? very unlikely

>Earlier incarnation put the chipset off the CPU but this is no longer the case.

The chipset is still a discrete part. What the hell are you even talking about? Intel ME only works on enabled chipsets. Again, it's not on the CPU.

see boingboing.net/2016/06/15/intel-x86-processors-ship-with.html
>The Intel Management Engine (ME) is a subsystem composed of a special 32-bit ARC microprocessor that's physically located inside the chipset.

Ehhh, it would have to be a massive satellite, I just can't see getting any sort of signal penetration through houses and apartment buildings using an internal antenna. Any large antenna would be easily noticed and anything small enough to be baked into the Silicon simply wouldn't be able to receive data. It MIGHT be able to transmit if the receving satellite is large enough, but the only way you'd send a signal back to such a small transmitter would be with a massive directed signal to attempt to break through buildings or other obstructions.

Not to mention world wide coverage would take a network of satellites.

So it's not impossible but I find it highly unlikely. My dad works with GPS satellites and he's taught me some basics.

My phone has no problem doing just that.

It was on the PCH before but it was moved to the northbridge. It's not rocket science.

Really? Does it actually SEND data to a satellite, or merely receive strong gps signal? Beause there's a difference.

Your phone connects to a local cell tower at most a couple miles away which has a fiber optic data connection to a local ISP.

Unless you have a satellite phone, in which case you'd know how difficult it can be to aquire signal and you'd know how shit the latency on satellite communications are and why most people don't bother with it.

It connects to a mobile tower which is an ANTENA connected to a satelite

Soon. See crowdsupply.com/sifive/hifive1 First 100% open source uC.

>this thread

The ME has been there for quite awhile now, but after the Core2 era there stopped being an option to disable it in the BIOS. Hopefully we'll all be able to flash our boards with a cleaned up BIOS sometime soon.

I do have a satellite phone and yes, latency is retarded, but even if the ME engine was trying to communicate with fucking mars, so long as the communication bypasses your infrastructure, it's out of your hands. It's not like intel needs to constantly send out everything about every part of your hardware.

I just don't think it's happening user. I'm sure they do shady shit but operating an array of secret satellites isn't it.

Even if that's the case (where's the evidence) it's in the chipset of most vPro enabled PCs and not in the CPU or northbridge. The article is 6 months old and in that time only kaby lake was "released". So it's not in the CPU for most at all.

Are you legally retarded or just an idiot? Dont matter though, you fit right in here.

This is very interesting because I have never come across something like this before. What laptop is it?