×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Revisiting the Macintosh ROM Easter Egg

timothy posted about a year ago | from the when-engineers-play dept.

Hardware Hacking 98

eldavojohn writes "NYCResistor has published photos of what they call 'Ghosts in the ROM' after dumping Apple Mac SE ROM images from a roadside Motorola 68000-era Macintosh and looking at all the data (they mention an Easter egg reference to this from 1999). They go into some nice detail about the strategy for extracting this data from a discarded unit and noticing structure. There's also other data that they weren't able to identify, which causes one to wonder how many other Easter eggs are lying about in various ROM chips and what modern Easter eggs must be shipping with software/hardware today."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

98 comments

Of course... (2)

Darkness404 (1287218) | about a year ago | (#41097077)

Of course there are easter eggs stored in ROMs. You only need to look as far as to video games to find long rants hidden in there (just see http://www.bretz.ca/dave/tetrisrant.htm [bretz.ca] for an example)

Re:Of course... (5, Interesting)

cpu6502 (1960974) | about a year ago | (#41097295)

My first easter egg was in the old Atari console game "Adventure". If you found a hidden room and carried a magic one-pixel sprite (dot) into that room, it displayed the name of the programmer.

Of course once Atari learned about it they had a fit because they wanted programmers to remain anonymous, and that's one of the reasons four programmers quit Atari and founded Activision. They wanted name credit for their artistic creations.

Re:Of course... (0)

Anonymous Coward | about a year ago | (#41097621)

I remember Breakout! for the Atari 800's. First I found by accident;
Pressing 'I' displayed/s a message on the screen.

Weirded me out at first, kinda funny looking back.

Even though rom space was tight, everyone managed to put
"something" in there, even if it was never user-facing.

Ahh.... those _really_ were the days when your bugs were your own
and not some un-patched version of some MS product.

Research? (-1, Troll)

kelemvor4 (1980226) | about a year ago | (#41097145)

Didn't they bother to search for any of this on Google? This Easter egg was publicized YEARS ago.

maybe in 30 years someone else will publish an article about finding data on a hard drive.

Re:Research? (1)

Anonymous Coward | about a year ago | (#41097317)

Didn't they bother to search for any of this on Google? This Easter egg was publicized YEARS ago. maybe in 30 years someone else will publish an article about finding data on a hard drive.

That would be the link to the 1999 report of an Easter egg (in the fucking summary no less). The neat thing here is how they got all the pictures from two PROM chips.

Re:Research? (3, Interesting)

Impy the Impiuos Imp (442658) | about a year ago | (#41097595)

The comments at TFA point out how you know you're old when your common knowledge is someone else's hacker archaeological project.

Isaac Asimov's prediction in Foundation may prove true -- in there scientists (at least 30 kiloyears in the future) argue about the validiy of the "millenial depth" theory, that you only needed to delve into the past 1000 years of history or science papers, and that if it wasn't talked about there, it wouldn't be any further back.

As to the hidden malware issue, read the prologue of Vernor Vinge's A Fire Upon the Deep. It's readable on Amazon (except page 4 for some odd reason). There's some, literally, galactic-class malware hidden in static data.

Re:Research? (1)

MysteriousPreacher (702266) | about a year ago | (#41097617)

Read the fine summary? people socially bitcoining their way through this cloudy web 3.0 thing don't have time for such things. Seriously though, the story is indeed worth reading. Much geek wood to be had.

Re:Research? (1)

NCG_Mike (905098) | about a year ago | (#41097535)

I remember actually seeing this via MacsBug back in the early 90s. I also remember we had a few MacPlus' that had engraved signatures on the inside of the box.

Re:Research? (5, Insightful)

Zadaz (950521) | about a year ago | (#41097713)

Christ, what an asshole.

Yes, this was known. But the process of pulling them off the ROMs yourself? Documenting the process? Yeah, no one was kind enough to wrap all that up in one place. It's a fun read and if you're not careful even you, Mighty Internet Commenter, might learn something.

Shut the hell up and contribute. Bitching gets no one anywhere.

Re:Research? (0)

Anonymous Coward | about a year ago | (#41098037)

So you're bitching about bitching? (Recursive) bitching gets no one anywhere.

Re:Research? (0)

Anonymous Coward | about a year ago | (#41097955)

I wish someone did post something nice on recovering data from a hard drive effectively.
FUCK recovery companies.

It'd be fine for older drives, but the newer ones would likely be the problems since the huge densities of the data would need high-precision heads.
Ironic that older drives seem to last longer than these cheap crap-drives of today.

Re:Research? (1)

milkmage (795746) | about a year and a half ago | (#41104093)

Yes.. except people who read the article know it's just a reference the hackers used when dumping the ROMs.

Easter Egg/spyware (2)

jaymz666 (34050) | about a year ago | (#41097157)

One man's easter egg can easily be another man's malware. This sounds kind of cool, until you realise there could be any number of malicious "easter eggs"

Re:Easter Egg/spyware (5, Insightful)

rhsanborn (773855) | about a year ago | (#41097193)

Let's even consider that they aren't malicious, but simply untested. It's a bunch of code that's possibly vulnerable to an exploit.

Re:Easter Egg/spyware (4, Insightful)

BenJury (977929) | about a year ago | (#41098041)

It's a shame isn't it? We have to forgo these fun little tit-bits for these sorts of issues.

Re:Easter Egg/spyware (0)

Anonymous Coward | about a year ago | (#41099175)

Yup. Douchebag blackhats are why we can't have nice things any more.

Re:We have to forgo these fun little tit-bits (1)

TaoPhoenix (980487) | about a year and a half ago | (#41108547)

AC replied below, but yes, look how the mood has changed, what used to be a fun programmer's trick when computing was all shiny and new is now a Back Door Security Threat.

Somewhere in that process of loss-of-innocence is how we as a race are struggling, because I don't see us going back to that worldview. I guarantee you (mostly) no one thought of "international hackers" in the 1980's when we were doing cute little tricks like that on Commodores and old Macs and early PC's etc.

Fast Forward to 2012. There's stuff going on, but it just doesn't have the child-like feel of the 1980's innocence.

Re:Easter Egg/spyware (2)

iampiti (1059688) | about a year ago | (#41099873)

In some old CPUs (Z80 maybe?) some illegal opcodes were discovered to have interesting side effects. Thus, programmers started using them as regular instructions.
It goes without saying that they had to be implemented exactly the same way in later revisions (o compatible versions) of the CPUs.

Re:Easter Egg/spyware (1)

RaceProUK (1137575) | about a year and a half ago | (#41107225)

'The Undocumented Z80 Documented' covers all those 'illegal' opcodes, as well as other odd behaviours.

Re:Easter Egg/spyware (3, Interesting)

wiedzmin (1269816) | about a year ago | (#41097203)

ikr. a little while ago there was an easter egg of a hardcoded admin username and password in some HP hardware... recently there's an easter egg of some hardcoded keys... fun fun fun.

Re:Easter Egg/spyware (5, Insightful)

Darkness404 (1287218) | about a year ago | (#41097267)

...So? You take this risk anytime you use closed source software (or anytime you don't view the source of an open source software program, and your compiler, etc.)

How do you know your web browser right now doesn't have malware built in? After all, have you read the entire source for Firefox/Chrome/Safari/Internet Explorer/Opera for the exact version you are using?

Re:Easter Egg/spyware (0)

Anonymous Coward | about a year ago | (#41097591)

I'm not a programmer, you insensitive clod!

Re:Easter Egg/spyware (0)

Anonymous Coward | about a year ago | (#41097641)

Why, yes we have you insensitive clod!

Re:Easter Egg/spyware (2)

John Hasler (414242) | about a year ago | (#41098067)

> How do you know your web browser right now doesn't have
> malware built in? After all, have you read the entire source
> for Firefox...?

No, but many others have, and many, many others, including me, have the opportunity to do so. This makes embedding malware in it impractical.

Re:Easter Egg/spyware (0)

Anonymous Coward | about a year ago | (#41101317)

In my experience there's a lot of exploitable stuff that only few people look at and even fewer would have fixed before it got exploited.

Just because there's the opportunity to do so doesn't mean people will do so.

Re:Easter Egg/spyware (4, Insightful)

hairyfeet (841228) | about a year ago | (#41102081)

Oh bullshit. Did everyone forget the Quake 3 malware that sat in the repos for a year and a fricking half? For something that is INSANELY popular like Firefox then MAYBE, just maybe, you've had a couple of dozen guys that aren't the actual devs look at the thing. For the rest, the bazillion little packages that make up your average distro that nobody ever seems to even think about until it breaks? Not a chance. Tell me have YOU gone through the FF source code? How about the Libre Office source? If the answer is no then WTF makes you think anybody else has?

Just because something CAN be done does not mean it HAS been done, there is a difference. Finally have you looked at some of the source for the obfuscated C contest entries? With that you know ahead of time there is malware in it yet many devs here would be hard pressed to find it, so what makes you think that on code where nobody knows if it has or hasn't and aren't expecting to find anything nasty that you or anyone else would spot the bug if it were obfuscated and hidden among a half a million lines of code?

Re:Easter Egg/spyware (4, Interesting)

firewrought (36952) | about a year ago | (#41099353)

One man's easter egg can easily be another man's malware. This sounds kind of cool, until you realise there could be any number of malicious "easter eggs".

Um, no. Easter eggs and malware are completely separate camps. By the time you hit upon an easter egg, you've already committed to trusting a progammer's intentions and work quality. Discovering he or she has a sense of humor too does not cause injury to you. By the same token, a virus is a virus, even if it plays a cute animation [wikipedia.org].

While you imply that we should regard easter eggs with a certain suspicion, I gather what's really making you uncomfortable is the fact that there's hidden functionality in that binary you're running. Guess what... easter eggs or not, most software is loaded with hidden functionality: easter eggs, diagnostic functions, test code, old screens, unused modules, compatibility modes, experimental features, platform-specific and customer-specific hacks, and, yes, sometimes malware. Easter eggs have merely made you reexamine some false assumptions you had.

Re:Easter Egg/spyware (2)

jaymz666 (34050) | about a year ago | (#41099453)

The early cases of spyware, in Bonzi Buddy and Gator, could certainly be considered easter eggs.

Re:Easter Egg/spyware (0)

Anonymous Coward | about a year ago | (#41099525)

Does this mean apple are copyrighting Easter Eggs now?

Re:Easter Egg/spyware (0)

Anonymous Coward | about a year ago | (#41103407)

*snorts*
*strokes neckbeard*
*goes back to watching anime on $200 linux shitbox at 15fps*

Re:Easter Egg/spyware (2)

keytoe (91531) | about a year ago | (#41102133)

One man's easter egg can easily be another man's malware. This sounds kind of cool, until you realise there could be any number of malicious "easter eggs"

If you want to start from the 'unexpected code' position, then the difference between an easter egg and malware is solely based on intent.

For mine - I had to rewrite some software that handled magnetic card reader hardware for a POS system. We were transitioning to a completely different OS, but I had the original source to use as a template. The old code had an easter egg in it, so as an homage to the original developer I made sure the new version did as well.

Whenever you swiped a CostCo membership card, instead of playing the stock failure audio tone it would play a short recording of his dog barking.

Decline of Easter Eggs (3, Insightful)

AnotherAnonymousUser (972204) | about a year ago | (#41097175)

In the increasingly litigious world of software, it seemed like a lot of Easter eggs disappeared from operating systems and from business software. Software became professional and had less use for a sense of humor, undocumented code became a possible liability, and it seems to be looked upon a little more as having no place in the business world. Which is said, I think.

Re:Decline of Easter Eggs (1)

phantomfive (622387) | about a year ago | (#41097397)

Not sure it's because of litigation. Lawsuits have always been a danger in the industry.

I think it's just programmers got more boring. When was the last time YOU put an easter egg in your code? It's just not worth the effort (and it can be hard to hide when you're not writing assembly).

Re:Decline of Easter Eggs (3, Insightful)

geekoid (135745) | about a year ago | (#41097455)

Code is getting a lot more complex. When it's 4 people putting a game together? then you can stick an Easter egg and all laugh about it. when its 20 developers, 12 QA people, and a few million lines of code? it because an addition thing to manage.

TO answer your question:
I often out Easter eggs in my code, but I do most my work on my own.
Also, jokes.

Re:Decline of Easter Eggs (0)

Anonymous Coward | about a year ago | (#41097499)

Your hypothesis fails to account for things like the 3D Easter egg in Microsoft Excel 97.

Re:Decline of Easter Eggs (1)

roman_mir (125474) | about a year ago | (#41100367)

When it's 4 people putting a game together? then you can stick.....

laugh about it. when its 20 .....

code? it because an ...

TO answer...

I often out Easter eggs ....

I do most my work on my own....

Also, jokes.

This entire comment is an Easter egg.

*cracks whip* (2)

fuzzyfuzzyfungus (1223518) | about a year ago | (#41097185)

If you have time for easter eggs, you clearly aren't coding hard enough; and if the product has space for easter eggs, we clearly haven't shaved the BOM hard enough!

I expect this nonsense to be gone in revision B, no matter how many nights and weekends it takes!

Chips come in power of 2 sizes (2)

tepples (727027) | about a year ago | (#41097351)

if the product has space for easter eggs, we clearly haven't shaved the BOM hard enough!

Say you have a program that fits in the first 412 KiB of a 512 KiB chip. No, it wouldn't be possible to trim that down to 256 KiB, the next smaller chip, on the provided budget. What else should the developers put into the unused space?

Re:Chips come in power of 2 sizes (3, Funny)

Anonymous Coward | about a year ago | (#41097393)

What else should the developers put into the unused space?

A compression routine that would allow the machine code to fit in the 256kb to begin with?

Re:Chips come in power of 2 sizes (4, Informative)

tepples (727027) | about a year ago | (#41097469)

A compression routine that would allow the machine code to fit in the 256kb to begin with?

The ROMs of old world Macs were execute-in-place [wikipedia.org], meaning they didn't need to be copied to RAM first. Adding compression would require 412 KiB of RAM to hold the decompressed machine code. At the time, that was considered a huge chunk of RAM for a computer like the Mac.

Re:Chips come in power of 2 sizes (0)

Anonymous Coward | about a year ago | (#41097541)

Thank you; that was quite informative. I learned something new today ...

Re:Chips come in power of 2 sizes (1)

Anonymous Coward | about a year ago | (#41097445)

if the product has space for easter eggs, we clearly haven't shaved the BOM hard enough!

Say you have a program that fits in the first 412 KiB of a 512 KiB chip. No, it wouldn't be possible to trim that down to 256 KiB, the next smaller chip, on the provided budget. What else should the developers put into the unused space?

Clearly, you've never worked in a company run by a bunch of penny-pinching bean counters. They WILL spend billions researching how to shave a not-power-of-two off of ROM if it means they can save a penny on each product produced. And if they can't figure that out, the programming department will get orders to shave their code down to 256KiB. After all, that's around 20% of the space going unused. Over 20% waste! That MUST be dealt with at once! If you nerds can cut down your used space like that, you can cut it down further. You're smart, I'm sure you can figure it out. There, I did MY job, I'm going to knock off for the rest of the quarter, now get back to work and do YOURS, slackers!

Jobs banned all Easter Eggs in Apple products (0)

Anonymous Coward | about a year ago | (#41099263)

I hope he's burning in Hell right now.

These days we call them "backdoors" (1)

gestalt_n_pepper (991155) | about a year ago | (#41097191)

... and "military security risks" usually put in by offshore programmers.

Re:These days we call them "backdoors" (2)

geekoid (135745) | about a year ago | (#41097465)

Backdoor and easter eggs are different things, and they have both always been around as long as computers have been around.

Now let's go check (1)

aglider (2435074) | about a year ago | (#41097251)

All other ROMs, not just Apple's.
I know IBM BIOSes contain a large number of Easter eggs.
Unfortunately we started to call them "bugs" back in the 80s.

lots of chips had images on them (1)

Dave Whiteside (2055370) | about a year ago | (#41097257)

there used to be a site [probably still out there]
that had images found on all sorts of chips
CPU's , ROM, etc etc

no Idea what it was called

but there have been digital artists plying their works for years and years...

the MAC images have been know about since like forever ?

Re:lots of chips had images on them (0)

Anonymous Coward | about a year ago | (#41097355)

I think you're confused. These are not analog images as in etched-onto-silicon. They are images stored as data on ROMs. It's not at all the same thing.

Re:lots of chips had images on them (1)

tepples (727027) | about a year ago | (#41097373)

And they could have used a bit of unsharp masking before dithering down to the 1-bit format that all Macs used at the time.

we made it, commodore f*cked it up (4, Interesting)

cathector (972646) | about a year ago | (#41097423)

my favorite easter egg was in the early amiga 'rom' (kickstart) -
if you held down both shift keys, both ctrl keys, one of the function keys, then inserted a floppy disk,
the screen would briefly flash "the amiga - we made it, commodore fucked it up'.

Re:we made it, commodore f*cked it up (1)

Anonymous Coward | about a year ago | (#41097785)

Urban legend... and definitely not true.

Re:we made it, commodore f*cked it up (2)

cathector (972646) | about a year ago | (#41098105)

i'm speaking from experience.

this would have been in kickstart 1.1 or possibly even 1.0,
it was taken out of later editions of kickstart.

also it flashed very quickly, which perhaps might lead to some confusion as to whether it was real or not.
to get it to stay up for even a second i had to launch a bunch of background tasks to slow the whole machine down.

Re:we made it, commodore f*cked it up (3, Informative)

Anonymous Coward | about a year ago | (#41098341)

It's genuine and in Workbench 1.2. [amigahistory.co.uk]

LShift-RShift-LAlt-RAlt-ejectdisk-F1 prints "The Amiga, Born a Champion"

LShift-RShift-LAlt-RAlt-insertdisk-F1 prints "We made Amiga, They fucked it up"

In Workbench 1.3, Commodore changed the latter message to "Still a Champion"

Apple ][ easter egg (3, Interesting)

v1 (525388) | about a year ago | (#41097517)

I recall on my //c I could type "VERIFY" (with no filename, or with no DOS booted) and it would return

COPYRIGHT (C) 1984 APPLE COMPUTER (beep!)

I heard a rumor, I'm not sure if it was urban legend or real, that some company pirated apple's rom into their apple 2 clone and it went to court. And in court, they had brought in a clone computer that was "not infringing" and the prosecution asked them to type "VERIFY" and hit return. The message that displayed on their machine closed the case.

Anyone know if that really happened?

Re:Apple ][ easter egg (3, Interesting)

Dwedit (232252) | about a year ago | (#41097783)

Tried that on an emulator in several different modes.
Nothing but "?SYNTAX ERROR"s all around.
Do you have any evidence that this command is real?

Re:Apple ][ easter egg (0)

Anonymous Coward | about a year ago | (#41098043)

Cannot tell if Troll... ...or really dumb

Re:Apple ][ easter egg (2)

v1 (525388) | about a year ago | (#41100949)

Tried that on an emulator in several different modes.
Nothing but "?SYNTAX ERROR"s all around.
Do you have any evidence that this command is real?

Minor brainfart on my part. It wasn't in the ROM, this was the DOS (3.2) that did it. It was a DOS intercepted command, "VERIFY", to read all blocks from a file to verify it. (mostly useless) If typed without any filename supplied, it would display the above message. It was a copyright message from the DOS, not the BASIC ROM. my bad there. It's been awhile ;)

They had their DOS copied by several companies. (FastDisk One was my personal favorite, and it WAS fast) At one point I managed to decompile it and got the source code into merlin pro assembler and was able to mod and recompile it. Beagle Bros also provided some function similar to that, I think in their DoubleTake and DBug software, patching the keyboard intercept vector to add functionality. Amazing what they managed to pull off with DBug. (I owned 23 of their titles, most of them! good stuff!) Ahhh the good ol days. Sometimes I wish I knew a fifth as much about my current computer as I knew about my //c back then... and if you're seriously questioning if any of this is real, you can just 3D0G outa here ;)

Re:Apple ][ easter egg (1)

Kymermosst (33885) | about a year ago | (#41102395)

Actually, it was the VERIFY command in the ProDOS BASIC.SYS that output the copyright message when no filename was given. In ProDOS, if a filename was given, it checked that the file existed, but did nothing else.

Apple DOS 3.3 and earlier read every sector in the file and would return an I/O error if it could not be read. Not specifying a file name resulted in an error.

Re:Apple ][ easter egg (1)

Just Some Guy (3352) | about a year ago | (#41098199)

The urban legend (unproven AFAIK) was that Gary Kildall used that stunt to prove that Microsoft ripped of CP/M. From an article in Spectrum [ieee.org]:

In 2006, science fiction writer and technology reporter Jerry Pournelle said on “This Week in Tech,” an Internet radio show, that this secret command triggered the display of a copyright notice for DRI and Kildall’s full name. According to Pournelle, Kildall had demonstrated this command to him by typing it into DOS; it produced the notice and thus proved that DOS was copied from CP/M.

This story, circulated for years, has a few problems. First, no one knows the secret command; Pournelle claims he wrote the command down but has never shown it to anyone. In addition, such a message would be easily seen by opening the binary files in a simple text editor unless the message was encrypted. CP/M had to fit on a floppy disk that held only 160 kilobytes; Kildall’s achievement was squeezing an entire operating system into such a small footprint. But it is difficult to imagine he could do this and also squeeze in an undetectable encryption routine. And although we’re now in an era of hackers breaking into heavily secured computers, no one has ever cracked DOS to find this secret command.

But I set out to look for it anyway. I used a utility program developed at SAFE to extract strings of text from binary files. Not only did Kildall’s name not show up in any QDOS or MS-DOS text strings, it did not show up in CP/M either. The term “Digital Research” did appear in copyright notices in the CP/M binary files, but not in MS-DOS or QDOS binary files.

If Jerry Pournelle did indeed see a hidden message revealed by a secret command, it was not in MS-DOS.

Re:Apple ][ easter egg (0)

Anonymous Coward | about a year ago | (#41100403)

It wouldn't take much space to use xor with a static key to hide his message. That function could be concealed in a few bytes.

Re:Apple ][ easter egg (1)

Nyder (754090) | about a year ago | (#41098391)

I recall on my //c I could type "VERIFY" (with no filename, or with no DOS booted) and it would return

COPYRIGHT (C) 1984 APPLE COMPUTER (beep!)

I heard a rumor, I'm not sure if it was urban legend or real, that some company pirated apple's rom into their apple 2 clone and it went to court. And in court, they had brought in a clone computer that was "not infringing" and the prosecution asked them to type "VERIFY" and hit return. The message that displayed on their machine closed the case.

Anyone know if that really happened?

Well, I got an Apple IIe, IIc, and IIgs, and a lazer 128 (IIc clone) and I'm way to lazy to hook them up and check it out.

Re:Apple ][ easter egg (0)

Anonymous Coward | about a year ago | (#41098433)

And the point of posting your comment is? Look at me! Look at me!

Re:Apple ][ easter egg (0)

Anonymous Coward | about a year ago | (#41099299)

I just tried this on a first generation Apple //c sitting next to me. It doesn't print the copyright notice; it just prints "?SYNTAX ERROR."

It's possible that it was a later ROM revision, but I doubt it.

Re:Apple ][ easter egg (3, Informative)

tlhIngan (30335) | about a year ago | (#41099993)

I heard a rumor, I'm not sure if it was urban legend or real, that some company pirated apple's rom into their apple 2 clone and it went to court. And in court, they had brought in a clone computer that was "not infringing" and the prosecution asked them to type "VERIFY" and hit return. The message that displayed on their machine closed the case.

Anyone know if that really happened?

It's true, but not quite that cut-and-dried.

It was Apple Computer v. Franklin Computer [wikipedia.org] (yes the Franklin of "spelling ace" and other handheld device fame).

Basically, because the Apple II schematics were in the box, Franklin claimed they could build a clone and use Apple's software, which existed only as machine-readable binary (the copyright of which was unknown). That one case basically locked down the status of object code being copyrightable.

Bell and Howell [wikipedia.org] however obtained a license from Apple to clone it.

The Biggest Easter Eggs Are All Over Your Face! (-1)

Anonymous Coward | about a year ago | (#41097565)

Nobody Seems To Notice and Nobody Seems To Care - Government & Stealth Malware

In Response To Slashdot Article: Former Pentagon Analyst: China Has Backdoors To 80% of Telecoms 87

How many rootkits does the US[2] use officially or unofficially?

How much of the free but proprietary software in the US spies on you?

Which software would that be?

Visit any of the top freeware sites in the US, count the number of thousands or millions of downloads of free but proprietary software, much of it works, again on a proprietary Operating System, with files stored or in transit.

How many free but proprietary programs have you downloaded and scanned entire hard drives, flash drives, and other media? Do you realize you are giving these types of proprietary programs complete access to all of your computer's files on the basis of faith alone?

If you are an atheist, the comparison is that you believe in code you cannot see to detect and contain malware on the basis of faith! So you do believe in something invisible to you, don't you?

I'm now going to touch on a subject most anti-malware, commercial or free, developers will DELETE on most of their forums or mailing lists:

APT malware infecting and remaining in BIOS, on PCI and AGP devices, in firmware, your router (many routers are forced to place backdoors in their firmware for their government) your NIC, and many other devices.

Where are the commercial or free anti-malware organizations and individual's products which hash and compare in the cloud and scan for malware for these vectors? If you post on mailing lists or forums of most anti-malware organizations about this threat, one of the following actions will apply: your post will be deleted and/or moved to a hard to find or 'deleted/junk posts' forum section, someone or a team of individuals will mock you in various forms 'tin foil hat', 'conspiracy nut', and my favorite, 'where is the proof of these infections?' One only needs to search Google for these threats and they will open your malware world view to a much larger arena of malware on devices not scanned/supported by the scanners from these freeware sites. This point assumed you're using the proprietary Microsoft Windows OS. Now, let's move on to Linux.

The rootkit scanners for Linux are few and poor. If you're lucky, you'll know how to use chkrootkit (but you can use strings and other tools for analysis) and show the strings of binaries on your installation, but the results are dependent on your capability of deciphering the output and performing further analysis with various tools or in an environment such as Remnux Linux. None of these free scanners scan the earlier mentioned areas of your PC, either! Nor do they detect many of the hundreds of trojans and rootkits easily available on popular websites and the dark/deep web.

Compromised defenders of Linux will look down their nose at you (unless they are into reverse engineering malware/bad binaries, Google for this and Linux and begin a valuable education!) and respond with a similar tone, if they don't call you a noob or point to verifying/downloading packages in a signed repo/original/secure source or checking hashes, they will jump to conspiracy type labels, ignore you, lock and/or shuffle the thread, or otherwise lead you astray from learning how to examine bad binaries. The world of Linux is funny in this way, and I've been a part of it for many years. The majority of Linux users, like the Windows users, will go out of their way to lead you and say anything other than pointing you to information readily available on detailed binary file analysis.

Don't let them get you down, the information is plenty and out there, some from some well known publishers of Linux/Unix books. Search, learn, and share the information on detecting and picking through bad binaries. But this still will not touch the void of the APT malware described above which will survive any wipe of r/w media. I'm convinced, on both *nix and Windows, these pieces of APT malware are government in origin. Maybe not from the US, but most of the 'curious' malware I've come across in poisoned binaries, were written by someone with a good knowledge in English, some, I found, functioned similar to the now well known Flame malware. From my experience, either many forum/mailing list mods and malware developers/defenders are 'on the take', compromised themselves, and/or working for a government entity.

Search enough, and you'll arrive at some lone individuals who cry out their system is compromised and nothing in their attempts can shake it of some 'strange infection'. These posts receive the same behavior as I said above, but often they are lone posts which receive no answer at all, AT ALL! While other posts are quickly and kindly replied to and the 'strange infection' posts are left to age and end up in a lost pile of old threads.

If you're persistent, the usual challenge is to, "prove it or STFU" and if the thread is not attacked or locked/shuffled and you're lucky to reference some actual data, they will usually attack or ridicule you and further drive the discussion away from actual proof of APT infections.

The market is ripe for an ambitious company or individual to begin demanding companies and organizations who release firmware and design hardware to release signed and hashed packages and pour this information into the cloud, so everyone's BIOS is checked, all firmware on routers, NICs, and other devices are checked, and malware identified and knowledge reported and shared openly.

But even this will do nothing to stop backdoored firmware (often on commercial routers and other networked devices of real importance for government use - which again opens the possibility of hackers discovering these backdoors) people continue to use instead of refusing to buy hardware with proprietary firmware/software.

Many people will say, "the only safe computer is the one disconnected from any network, wireless, wired, LAN, internet, intranet" but I have seen and you can search yourself for and read about satellite, RF, temperature, TEMPEST (is it illegal in your part of the world to SHIELD your system against some of these APT attacks, especially TEMPEST? And no, it's not simply a CRT issue), power line and many other attacks which can and do strike computers which have no active network connection, some which have never had any network connection. Some individuals have complained they receive APT attacks throughout their disconnected systems and they are ridiculed and labeled as a nutter. The information exists, some people have gone so far as to scream from the rooftops online about it, but they are nutters who must have some serious problems and this technology with our systems could not be possible.

I believe most modern computer hardware is more powerful than many of us imagine, and a lot of these systems swept from above via satellite and other attacks. Some exploits take advantage of packet radio and some of your proprietary hardware. Some exploits piggyback and unless you really know what you're doing, and even then... you won't notice it.

Back to the Windows users, a lot of them will dismiss any strange activity to, "that's just Windows!" and ignore it or format again and again only to see the same APT infected activity continue. Using older versions of sysinternals, I've observed very bizarre behavior on a few non networked systems, a mysterious chat program running which doesn't exist on the system, all communication methods monitored (bluetooth, your hard/software modems, and more), disk mirroring software running[1], scans running on different but specific file types, command line versions of popular Windows freeware installed on the system rather than the use of the graphical component, and more.

[1] In one anonymous post on pastebin, claiming to be from an intel org, it blasted the group Anonymous, with a bunch of threats and information, including that their systems are all mirrored in some remote location anyway.

[2] Or other government, US used in this case due to the article source and speculation vs. China. This is not to defend China, which is one messed up hell hole on several levels and we all need to push for human rights and freedom for China's people. For other, freer countries, however, the concentration camps exist but you wouldn't notice them, they originate from media, mostly your TV, and you don't even know it. As George Carlin railed about "Our Owners", "nobody seems to notice and nobody seems to care".

[3] http://www.stallman.org/ [stallman.org]

Try this yourself on a wide variety of internet forums and mailing lists, push for malware scanners to scan more than files, but firmware/BIOS. See what happens, I can guarantee it won't be pleasant, especially with APT cases.

So scan away, or blissfully ignore it, but we need more people like RMS[3] in the world. Such individuals tend to be eccentric but their words ring true and clear about electronics and freedom.

I believe we're mostly pwned, whether we would like to admit it or not, blind and pwned, yet fiercely holding to misinformation, often due to lack of self discovery and education, and "nobody seems to notice and nobody seems to care".

##

Schneier has covered it before: power line fluctuations (differences on the wire in keys pressed).

There's thermal attacks against cpus and temp, also:

ENF (google it)

A treat (ENF Collector in Java):

sourceforge dot net fwdslash projects fwdslash nfienfcollector

No single antimalware scanner exists which offers the ability to scan (mostly proprietary) firmware on AGP/PCI devices (sound cards, graphics cards, usb novelty devices excluding thumb drives), BIOS/CMOS.

If you boot into ultimate boot cd you can use an archane text interface to dump BIOS/CMOS and examine/checksum.

The real attacks which survive disk formats and wipes target your PCI devices and any firmware which may be altered/overwritten with something special. It is not enough to scan your hard drive(s) and thumb drives, the real dangers with teeth infect your hardware devices.

When is the last time you:

Audited your sound card for malware?
Audited your graphics card for malware?
Audited your network card for malware?

Google for:

* AGP and PCI rootkit(s)
* Network card rootkit(s)
* BIOS/CMOS rootkit(s)

Our modern PC hardware is capable of much more than many can imagine.

Do you:

* Know your router's firmware may easily be replaced on a hacker's whim?
* Shield all cables against leakage and attacks
* Still use an old CRT monitor and beg for TEMPEST attacks?
* Use TEMPEST resistant fonts in all of your applications including your OS?
* Know whether or not your wired keyboard has keypresses encrypted as they pass to your PC from the keyboard?
* Use your PC on the grid and expose yourself to possible keypress attacks?
* Know your network card is VERY exploitable when plugged into the net and attacked by a hard core blackhat or any vicious geek with the know how?
* Search out informative papers on these subjects and educate your friends and family about these attacks?
* Contact antimalware companies and urge them to protect against many or all these attacks?

Do you trust your neighbors? Are they all really stupid when it comes to computing or is there a geek or two without a conscience looking to exploit these areas?

The overlooked threat are the potential civilian rogues stationed around you, especially in large apartment blocks who feed on unsecured wifi to do their dirty work.

With the recent news of Russian spies, whether or not this news was real or a psyop, educate yourself on the present threats which all antimalware scanners fail to protect against and remove any smug mask you may wear, be it Linux or OpenBSD, or the proprietary Windows and Mac OS you feel are properly secured and not vulnerable to any outside attacks because you either don't need an antivirus scanner (all are inept to serious attacks) or use one or several (many being proprietary mystery machines sending data to and from your machine for many reasons, one is to share your information with a group or set database to help aid in threats), the threats often come in mysterious ways.

Maybe the ancients had it right: stone tablets and their own unique language(s) rooted in symbolism.

#

I'm more concerned about new rootkits which target PCI devices, such as the graphics card and the optical drives, also, BIOS. Where are the malware scanners which scan PCI devices and BIOS for mismatches? All firmware, BIOS and on PCI devices should be checksummed and saved to match with others in the cloud, and archived when the computer is first used, backing up signed firmware.

When do you recall seeing signed router firmware upgrades with any type of checksum to check against? Same for PCI devices and optical drives and BIOS.

Some have begun with BIOS security:

http://www.biosbits.org/ [biosbits.org]

Some BIOS has write protection in its configuration, a lot of newer computers don't.

#

"Disconnect your PC from the internet and don't add anything you didn't create yourself. It worked for the NOC list machine in Mission Impossible"

The room/structure was likely heavily shielded, whereas most civvies don't shield their house and computer rooms. There is more than meets the eye to modern hardware.

Google:

subversion hack:
tagmeme(dot)com/subhack/

network card rootkits and trojans
pci rootkits
packet radio
xmit "fm fingerprinting" software
"specific emitter identification"
forums(dot)qrz(dot)com

how many malware scanners scan bios/cmos and pci/agp cards for malware? zero, even the rootkit scanners. have you checksummed/dumped your bios/cmos and firmware for all your pci/agp devices and usb devices, esp vanity usb devices in and outside the realm of common usb devices (thumbdrives, external hdds, printers),

Unless your computer room is shielded properly, the computers may still be attacked and used, I've personally inspected computers with no network connection running mysterious code in the background which task manager for windows and the eqiv for *nix does not find, and this didn't find it all.

Inspect your windows boot partition in *nix with hexdump and look for proxy packages mentioned along with command line burning programs and other oddities. Computers are more vulnerable than most would expect.

You can bet all of the malware scanners today, unless they are developed by some lone indy coder in a remote country, employ whitelisting of certain malware and none of them scan HARDWARE devices apart from the common usb devices.

Your network cards, sound cards, cd/dvd drives, graphics cards, all are capable of carrying malware to survive disk formatting/wiping.

Boot from a Linux live cd and use hexdump to examine your windows (and *nix) boot sectors to potentially discover interesting modifications by an unknown party.

#
eof

Re:The Biggest Easter Eggs Are All Over Your Face! (1)

ColdWetDog (752185) | about a year ago | (#41097669)

Oops. Your hat is taped on a bit too tight.

Somebody help this fellow out, will you?

Re:The Biggest Easter Eggs Are All Over Your Face! (0)

inject_hotmail.com (843637) | about a year ago | (#41097967)

Why? Everything he/she said is true. Just because you don't believe it or believe that it doesn't happen "to anyone" does not make the OP crazy or an idiot. The OP is informed and is attempting to share knowledge. I don't understand why you (or anyone else) wouldn't appreciate that enough at least to refrain from disrespecting him/her. Obviously you don't have a clue as to how espionage works, or the fact that it even occurs on a daily basis. You'd likely be similarly in disbelieve to hear the monolithic amount of information China has collected on every aspect of North American life.

Re:The Biggest Easter Eggs Are All Over Your Face! (0)

Anonymous Coward | about a year ago | (#41098031)

Dude, you're so naive. You've totally underestimated the extent of the problem.

They anticipated that some people would get wind of the covert monitoring, and took steps to ensure those people walked right back into their arms. Don't you know that RMS is a buried mole? He's put an exploitable back door in the friggin GPL itself!

And don't even get me started on Reynold's quantum tunneled molecular aluminum circuitry hack! There's a reason they switched away from tin.

Is "Easter egg" now a euphemisn for... (1)

John Hasler (414242) | about a year ago | (#41097639)

..."back door"?

Re:Is "Easter egg" now a euphemisn for... (0)

Anonymous Coward | about a year ago | (#41097773)

Well, if yon Easter egg displays goatse - it could well be!

Typo in summary (0)

cream wobbly (1102689) | about a year ago | (#41098345)

The summary as originally posted read:

"eldavojohn writes

"NYCResistor has published photos of what they call 'Ghosts in the ROM' after dumping Apple Mac SE ROM images from a roadside Motorolla 68000-era Macintosh [blah blah blah]"

You can see in TFA that they misspell Motorola with two ells. The correct way to handle this is:

"eldavojohn writes

"NYCResistor has published photos of what they call 'Ghosts in the ROM' after dumping Apple Mac SE ROM images from a roadside Motorolla (sic) 68000-era Macintosh [blah blah blah]"

Not cool.

Re:Typo in correction to summary (1)

idontgno (624372) | about a year ago | (#41099403)

You can see in TFA that they misspell Motorola with two ells. The correct way to handle this is:

...roadside Motorolla (sic) 68000-era Macintosh [blah blah blah]"

As editorial markup, "sic" (Latin for "thus") is enclosed in square brackets, not parentheses:

Sic in square brackets is an editing term used with quotations or excerpts. It means "thatâ(TM)s really how it appears in the original."

It is used to point out a grammatical error, misspelling, misstatement of fact, or, as above, the unconventional spelling of a name.

-- http://www.dailywritingtips.com/what-does-sic-mean/ [dailywritingtips.com], emphasis mine

Re:Typo in summary (1)

wonkey_monkey (2592601) | about a year ago | (#41099665)

after dumping Apple Mac SE ROM images from a roadside Motorolla (sic) [sic] 68000-era Macintosh [blah blah blah]

I think you meant "[sic]", not "(sic)" ;)

And since the summary is eldavojohn's own words, and not a quote from the article, why should he have to repeat their mistakes?

You can see in TFA that they misspell Motorola with two ells.

Did they? Where?

Not cool.

Not not cool, just not anal.

I'll admit to mine... (3, Interesting)

respice (974320) | about a year ago | (#41098869)

I'm a tech writer, and years ago, on a project, I had a dialog box in a project that had a bunch of tabs. In the help, I put screenshots of each tab. If you were looking at the help for tab "A" and clicked on tab "B," "C," D," etc. in the project, the help for that page would come up, and the screenshots were aligned with one another. Anyway, if you clicked the "Help" button in the screenshot on one and only one of the tabs (in the help, mind you), we jumped to a new page with a picture of the entire doc team and our names. The head of the doc team knew - he was even in the picture - but I don't think anyone else in management knew. There was one SE who knew, and she used to demonstrate it for easily-amused customers.

Now who else will admit to their Easter Eggs?

Re:I'll admit to mine... (0)

Anonymous Coward | about a year ago | (#41099661)

I did one in a game I did years ago. If you spend x minutes on a certain screen, a pac-man character would appear and eat the letters randomly.

Quadra 840AV easter egg (0)

Anonymous Coward | about a year ago | (#41101157)

There's also 2 jpegs of the dev team inside the quadra 840av ROMs. I stumbled across it disassembling it a few years ago, then google searched and others had found it.

someone do the IIfx (0)

Anonymous Coward | about a year ago | (#41102745)

colored flags that wave in a breeze that follows your mouse, IIRC

How About an Entire Operating System? (0)

Anonymous Coward | about a year ago | (#41103319)

Someone handed you a Macintosh Classic [lowendmac.com] with a corrupted OS and no system discs?
Turn it on and hold down Command-Option-X-O. There's a fully bootable copy of System 6 in the ROM.

Re:fully bootable copy of System 6 in the ROM (1)

TaoPhoenix (980487) | about a year and a half ago | (#41108397)

This is a nice piece of (presumed true) trivia from an AC. Does a ROM-bootable copy of an OS hold implications for security recovery today?

Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...