Monthly Archives: November 2016

Your private keys and passwords all belong to Intel/AMD/ARM

Five or so years ago, Intel rolled out something horrible. Intel’s Management Engine (ME) is a completely separate computing environment running on Intel chipsets that has access to everything. The ME has network access, access to the host operating system, memory, and cryptography engine. The ME can be used remotely even if the PC is powered off. If that sounds scary, it gets even worse: no one knows what the ME is doing, and we can’t even look at the code. When — not ‘if’ — the ME is finally cracked open, every computer running on a recent Intel chip will have a huge security and privacy issue. Intel’s Management Engine is the single most dangerous piece of computer hardware ever created.

Researchers are continuing work on deciphering the inner workings of the ME, and we sincerely hope this Pandora’s Box remains closed. Until then, there’s now a new way to disable Intel’s Management Engine.

Previously, the first iteration of the ME found in GM45 chipsets could be removed. This technique was due to the fact the ME was located on a chip separate from the northbridge. For Core i3/i5/i7 processors, the ME is integrated to the northbridge. Until now, efforts to disable an ME this closely coupled to the CPU have failed. Completely removing the ME from these systems is impossible, however disabling parts of the ME are not. There is one caveat: if the ME’s boot ROM (stored in an SPI Flash) does not find a valid Intel signature, the PC will shut down after 30 minutes.

A few months ago, [Trammell Hudson] discovered erasing the first page of the ME region did not shut down his Thinkpad after 30 minutes. This led [Nicola Corna] and [Frederico Amedeo Izzo] to write a script that uses this exploit. Effectively, ME still thinks it’s running, but it doesn’t actually do anything.

With a BeagleBone, an SOIC-8 chip clip, and a few breakout wires, this script will run and effectively disable the ME. This exploit has only been confirmed to work on Sandy Bridge and Ivy Bridge processors. It should work on Skylake processors, and Haswell and Broadwell are untested.

Separating or disabling the ME from the CPU has been a major focus of the libreboot and coreboot communities. The inability to do so has, until now, made the future prospects of truly free computing platforms grim. The ME is in everything, and CPUs without an ME are getting old. Even though we don’t have the ability to remove the ME, disabling it is the next best thing.

Neutralizing Intel’s Management Engine

If you have AMD or ARM processor, you’re in the same trouble:,16000.html

Ethereum takes lessons from Ardor

On Mar 28, 2014, Vitalik Buterin was interviewed about the differences between NXT and Ethereum (
). He noted that Ethereum is Turing-complete, while NXT is not and pushing a decentralized app code to NXT would be difficult as an additional layer outside the code core.

Many, including senior developer John Connor from project Vanillacoin/Vcash (XVC) doubted usefulness of Touring-completeness for a P2P project and several Etehreum hacks and hardforks have proven my optimism to be farfetched.

But happily, almost 2 years later, Vitalik also indirectly acknowledged Ardor, the “NXT 2.0” project through adopting a sharding mechanism ( to Ethereum, which is their custom sidechain implementation, similar in many ways. Vitalik aims at releasing sharding before Ardor testnet goes live in Q1 2017, apparently scared by the possibility of Ardor technological taking advantage over Ethereum, which has always considered itself most progressive on the fintech fringe.

Wait 12 months to see 60% of your Monero value disappear

All altcoins sing the same song. Hype, enter, pump, dump. The value goes up, a new standard is established and then slowly, over a period of many months, the value disappears so slowly that it does not even leave the bagholders angry. Well, not angry enough to sell. This is especially true for coins which have incompetent development and immediate existential threat posed by competition, as with Zcash ZEC in case of Monero XMR. Years have passed, there is still no GUI. Some of my friends think that the GUI is missing because the developer is a nerd who only cares about cryptography but don’t lie to yourself. Everyone knows GUIs are important and what’s more important – programming a GUI takes less than a week. Leaving aside the obvious coding incapabilities pointed out by various sources directly on GitHub in the past, I will leave you with a suggestion to think about Monero’s price. Especially now, when bagholders are starting to scream so loud it touches the people who even never heard of Bitcoin.