Dirty Decapping

[rdl]

It's not yet clear to me whether this 3G ability is built in or requires additional hardware. Nevertheless, the whole vPro/AMT/ME concept is something I find a bit concerning, mainly due to the fact that the PC owner doesn't appear to have complete control over it.

https://en.wikipedia.org/wiki/Intel_vPro#vPro_security

Actually, read the whole article and follow the more interesting links.

[stj]

pc users are under heavy attack these days,
most bioses since core cpu's have been around have a rootkit called "computrace" in them that patches your windows and adds files.
lenovo have another piece of malware in them too.

i have not extensivly looked into other makes but i wouldnt be surprised to find more "espionage" in the bioses.
it's in many phones too. android atleast

[stj]

https://www.intel.com/content/dam/doc/product-brief/mobile-computing-protect-laptops-and-data-with-intel-anti-theft-technology-brief.pdf

Diagnose and repair systems remotely — even if the system is powered off

http://www.dell.com/learn/us/en/19/campaigns/intel-vpro?c=us&l=en&s=gen

[CJay]

3G requires the PC to have extra hardware for the 3G connection, it's a tinfoiler's wet dream because it's mentioned vaguely enough that it can be spun as big bad surveillance state.

Pull the 3G/HSDPA hardware or even just eject the SIM and it's toast.

[rdl]

But the regular ethernet connection still works.

[stj]

3G requires the PC to have extra hardware for the 3G connection, it's a tinfoiler's wet dream because it's mentioned vaguely enough that it can be spun as big bad surveillance state.

Pull the 3G/HSDPA hardware or even just eject the SIM and it's toast.

maybe, maybe not.
you talk about tinfoil, but in the world we are in today i would say that's nieve.
a head-in-the-sand approach is not a wise idea.

[Red Squirrel]

3G requires the PC to have extra hardware for the 3G connection, it's a tinfoiler's wet dream because it's mentioned vaguely enough that it can be spun as big bad surveillance state.

Pull the 3G/HSDPA hardware or even just eject the SIM and it's toast.

maybe, maybe not.
you talk about tinfoil, but in the world we are in today i would say that's nieve.
a head-in-the-sand approach is not a wise idea.

This.

While I can't see how a 3G radio INSIDE a cpu would work that well, I also don't know enough about RF to debunk it.  Wrap your cell phone in foil and it will still be able to take a call.  Wrap it VERY WELL, and maybe you'll stop the signal.  Poke a hole big enough (a few mm?) in the foil, and you're taking calls again.  It's surprisingly hard to block RF.    If there is a radio inside the chip it could very well be engineered  to maximize it's ability to penitrate the shield, via proper placement of antenna etc. 

Or it could very well require extra hardware too, but given this is a backdoor they will try to make this as hidden as possible.  It would perhaps make more sense for it to use a wifi nic as a 3G radio though.  The NIC would probably need to be backdoored too and act somewhat as a 2 way SDR.   There only needs to be one such nic anywhere on the network as rest of communication would use ethernet.

Not really that far fetched in this state of mass surveillance.

Though I didn't mean to derail the topic.  Just would be interesting if someone who knows a lot about dye circuitry looked at many decapped Intel and AMD cpus to look for anything suspicious, or to debunk any of this - as right now it's all a conspiracy theory and not fact, but still important to consider before we can disprove it.

[Mr. Scram]

A problem would be that these chips are terribly complicated. If you indeed have malicious intentions, you might even put in some effort to make certain bits look more like other bits, just in case someone thinks to take a peek.

It's been done elsewhere, where code was very subtly manipulated to drastically alter the behaviour. There's obviously parties motivated to do these kinds of things.

https://www.securityfocus.com/news/7388

[Red Squirrel]

Yeah I imagine it would not be trivial to decode.  Heck, is it possible to layer several dies?  I can't see why not. Heck, that would be smart for flash to get more density.  I think they sorta do that already.  So you could see just the main die on top but there could be other dies below to do the nasty stuff. Obviously interference and capacitive coupling would become an issue but I'm sure that's something Intel engineers would have all figured out.

If there is an antenna that would be fairly obvious I think though. I don't imagine you could stick that very close to the actual die, it would be a bit away from all the business end.

[1design]

Ignorance is bliss....try and make a wireless connection work form under a heatsink a a ground plane/power on the other side. The antenna structure is also very easy to detect, and if you really want to debunk it, just go around your PC with a SA and an antenna. Mine doesn't have anything coming out od it and I use an Intel chipset.

There are so much easier ways of taking over you machine than complicated HW exploits. The user is the biggest backdoor the unit has, no need to tin foil conspiracies, all of your public traffic is monitored, selectively recorded and mostly never used, until targeted. If you are OK with this, welcome to the WWW, otherwise please unplug.

[Mr. Scram]

Ignorance is bliss....try and make a wireless connection work form under a heatsink a a ground plane/power on the other side. The antenna structure is also very easy to detect, and if you really want to debunk it, just go around your PC with a SA and an antenna. Mine doesn't have anything coming out od it and I use an Intel chipset.

There are so much easier ways of taking over you machine than complicated HW exploits. The user is the biggest backdoor the unit has, no need to tin foil conspiracies, all of your public traffic is monitored, selectively recorded and mostly never used, until targeted. If you are OK with this, welcome to the WWW, otherwise please unplug.

There's examples where the bus was used as an antenna, but as I've stated before I agree with you. No need to complicate things with hardware that might get spotted when you have the Intel ME built in there already.

[stj]

the rumor is that it's in the chipset, not the cpu.
so there is no metal cap on the package and a track or even several in different orientations could be placed on the top of the package pcb at the edges.

it would actually be very easy - all it takes is intent.

[Mr. Scram]

the rumor is that it's in the chipset, not the cpu.
so there is no metal cap on the package and a track or even several in different orientations could be placed on the top of the package pcb at the edges.

it would actually be very easy - all it takes is intent.

A computer case is designed to keep RF both out and in. I think someone once sent in to Dave's mailbag a wifi operated tool to remotely start your computer, but had issues with reception when the thing was in a closed case.

It doesn't seem to make a lot of sense. You're trying to use something you are also trying to prevent, which is RF in your case, and transmissions can be picked up by anyone with a $25 dongle. Added to that is the fact that any modern computer is already equipped with Intel's ME or AMD's TrustZone. Any computer connected to a network already has hardware built in to abuse. Computers not attached to a network for safety reasons are much more likely to be additionally protected, like being in a TEMPEST case or environment, which renders your 3G apparatus moot.

It doesn't really add up. It's a lot of effort with a good chance of being caught for little to no gain.

[ebastler]

the rumor is that it's in the chipset, not the cpu.

But the link which you provided (thanks for that!) is pretty clear that 3G is implemented in external hardware:

This feature works even if the OS is not running or has been reinstalled thanks to a hardware-to-hardware link between the 3G card and the Intel AT [anthi theft] system.²

²This feature requires a laptop with Intel Anti-Theft Technology 3.0, a 3G laptop modem that supports Intel AT 3.0 functionality [...] and OEM-enabled communication between the 3G modem and laptop.

https://www.intel.com/content/dam/doc/product-brief/mobile-computing-protect-laptops-and-data-with-intel-anti-theft-technology-brief.pdf

[Twoflower]

@orion242: You can't get enough insulation on a single die. That's the idea I had that there has to be a second die separated by a insulation layer. The missing pads for the bond-wires and the single coil just were additional hints. You can actually see more than just one layer. Have a look at the coils: You see the coil itself AND the wire from the inner point of the coil out to the right side. That's already two layers you easily can identify on the pictures.

And it seems your thread is already derailed very far (and I won't comment to it) that I'm not sure if you read this late response.

[orion242]

Yep, that's the conclusion I'm coming to.  Asked DD what the story was as I sent two orders.  What I got back was a zip file with two folders of pictures.  The numbers on the folders don't match the order numbers, etc, no response from them.  Assumed it was both chips.  No clue what I'm really looking at now.

At this point, I'm no closer to an answer than I was back in Sept when I originally sent the samples in.

Broke down and ordered 98% sulfuric, test tubes, clamps holders, bla, bla, bla.  Guess if I want real answers in a timely fashion, I'll have to do it myself.

Cost of all that crap, cost of another device to harvest samples from, another digikey order for more known good samples.  My quest for a quick decap and compare is getting fairly costly.

[Twoflower]

How about x-ray them? Sure not 100% sure, but in your case the two die package might be a great help to identify genuine ones. And big plus: The device survive.

[stj]

A computer case is designed to keep RF both out and in.

once long ago when vents had metal screens etc.
they arent so good now - some even have side windows.
i cant even remember how long ago i last saw the plastics with copper-spray on the back and an earthing spring either.

transmissions can be picked up by anyone with a $25 dongle.

really?? the only ones i'v seen in that price range top out at 1.7GHz and you would need to scan 2.4GHz

[CJay]

3G requires the PC to have extra hardware for the 3G connection, it's a tinfoiler's wet dream because it's mentioned vaguely enough that it can be spun as big bad surveillance state.

Pull the 3G/HSDPA hardware or even just eject the SIM and it's toast.

maybe, maybe not.
you talk about tinfoil, but in the world we are in today i would say that's nieve.
a head-in-the-sand approach is not a wise idea.

No 'maybe' about it, it can be disabled, the only functionality that's built into the chipset is the facility to 'talk' to an external 3G module without involving the OS meaning it's OS/driver independent.

It's a swivel eyed conspiracy nut theory.

[Mr. Scram]

once long ago when vents had metal screens etc.
they arent so good now - some even have side windows.
i cant even remember how long ago i last saw the plastics with copper-spray on the back and an earthing spring either.

really?? the only ones i'v seen in that price range top out at 1.7GHz and you would need to scan 2.4GHz

RF requirements have become tighter, rather than more lax than before. You might see less protection because the computers themselves have become much more refined devices, not spewing RF noise everywhere. However, with the proliferation of mobile phones being what it is, you can't build a computer that's not properly shielded against GSM transmissions without failing various tests.
 
Even if it turns out being a $300 device, it's still cheap enough for the chances of detection being very high, especially considering a lot of these devices have to be used right next to a computer in the first place.