That SPI ROM is 128 mega *bits* not *bytes*. It works out to 16 megabytes. You should share the ROM dump on the internet archive, for folks to look at, at home.
Problem with these Chinese vendors is the lack of support. There are no updates. You are stuck with whatever it's shipped in the system (sometimes years behind already) without any hope for future upgrades. That's really worrying.
Basically the save the salary for the eng team, you can say it enables some young electronics geeks to sell these or you can say they are just business guys who wanna sell as much as possible and leave things unfinished. And of course neither is gonna be able to control their supply chain. But you can't know either way... in the end a cheap computer. Footnote: even with lenovo you need to add a custom part number to get a trusted supply chain product. Its not by default.
If its backdoor, i more concern on US/EU/UK products. Their product are overprice. It make me wonder how the price is spent on. Chinese product are cheap, if they want to develop some backdoor, then someone need to subsidized some money into it. Because making a backdoor is not free. Theres programmer behind it, who spend his precious time to get money, and feed their family.
Well if one could argue that the cheaper products, since they’re so cheap it could incentivize these companies to try to make extra money by working with malicious actors letting them include code that gives access to potentially valuable data. ¯\_(ツ)_/¯ 🤷♂️ Furthermore..there’s a painfully obvious reason for “overprice” which is greed..making money..simple as that. Thinking that a reason for the overpricing instead of more profit..is to cover for development of malicious code like backdoors..seems like an obtuse, convoluted way of reasoning in my opinion.
android phones are cheap and has a ton of spyware and probably backdoors as well. Also the firmware may be produced by third party company for them to just upload that is made for a ton of different products.
@@semiRockethr Android itself have ton of malware/spyware/etc - there are very small effort to put it into smartphone, just modify image. Manufacturer itself can be unaware about it as you only need compromise OS image at some point. Develop UEFI malware whole different story beginning from "which OS we target?"and very smal size of flash chip. If backdoor have to read "files" from drive then you need to at least implement filesystem support, because UEFI itself only support FAT32, very popular FS for system drive nowdays. Embedded programmers much more hard to find and expensive guys than android ones. P.S. And by the way - how to solve problem of, for example LG TVs spying on users? Well established brand etc. This thing really amaze me every time. West have well established brands which _do_ massive spying fo users. Alexa hear all the room 24/7, LG make screenshots every second to analyse, Intel have real remote desktop in _hardware_ .But in every single video about dirt cheap chineese device (manufacturer of what don't bother so much so they even don't customize UEFI firmware at all, just flashed kind of clean SDK version from vendor) how much, maybe, possible, most likely, somewhere, exist invisible super duper backdoor... c'mon guys!
They just do it in the open. They mandate companies like Intel and AMD to do it and call it a feature, e.g. Intel Management Engine, and AMD Platform Security, etc.
Thank you for the video it was quite curious! What about boards with their own version of the operating system, such as Radxa Debian, Orange Pi Debian, etc.? Without their version of OS, there will be no access to drivers (NPU, decoding-encoding acceleration, etc.).
What do you mean? You can flash many third party systems onto arm boards, in fact the first party OSes usually suck and often don't support GPU, video encode/decode etc.
@@r0galik let's look at the NPU. For example, Rock5 or OrangePi 5 (RK3588 with NPU). There are no open-source drivers for it (there is project from Tomeu Vizoso but with limitations). The only way to use NPU - take official image from Radxa|OrangePi with pre-build binaries for the system. Same problems with a lot of different devices (NXP, MediaTek, Sophon, etc.)
@@AntonMaltsev it's a matter of luck what works with the first party distros as well, as some devices are better supported by third party systems. So I don't get the argument. Besides, Raspberry Pi is guilty of this too.
there are some other good reason's. Driver and hardware support, opnsense has more packages. there are some other things that are different but opnsense was a project based on pfsense by some former pfsense developers which is why its very similar. Honestly opnsense in my opinion is in a better spot that pfsense at the moment.
![Noob To Max With DRAGON REWORK In Blox Fruits [FULL MOVIE]](http://i.ytimg.com/vi/LnBMOinoOvA/mqdefault.jpg)
That SPI ROM is 128 mega *bits* not *bytes*. It works out to 16 megabytes. You should share the ROM dump on the internet archive, for folks to look at, at home.
You are right. I added links to the raw BIOS dump as well as extracted binaries in the video description. Thank you
Thanks for putting in your time to create this video.
My pleasure! Hope it was helpful
Excellent job on this video.
Glad you liked it!
Opnsense is a fork of pfsense- I prefer it
Am learning cpp and this comes in recommendation watched the whole thing and learned new things ❤️❤️❤️❤️
Would be interesting to see a forensic video on analyzing usb thumb drive firmware.
Beeindruckend! Danke!
Problem with these Chinese vendors is the lack of support. There are no updates. You are stuck with whatever it's shipped in the system (sometimes years behind already) without any hope for future upgrades. That's really worrying.
as opposed to other vendors that may or may not push updates and will discontinue the item in 2-3 year anyway so no updates after that.
Basically the save the salary for the eng team, you can say it enables some young electronics geeks to sell these or you can say they are just business guys who wanna sell as much as possible and leave things unfinished. And of course neither is gonna be able to control their supply chain. But you can't know either way... in the end a cheap computer.
Footnote: even with lenovo you need to add a custom part number to get a trusted supply chain product. Its not by default.
If its backdoor, i more concern on US/EU/UK products.
Their product are overprice. It make me wonder how the price is spent on.
Chinese product are cheap, if they want to develop some backdoor, then someone need to subsidized some money into it.
Because making a backdoor is not free. Theres programmer behind it, who spend his precious time to get money, and feed their family.
Well if one could argue that the cheaper products, since they’re so cheap it could incentivize these companies to try to make extra money by working with malicious actors letting them include code that gives access to potentially valuable data. ¯\_(ツ)_/¯ 🤷♂️
Furthermore..there’s a painfully obvious reason for “overprice” which is greed..making money..simple as that. Thinking that a reason for the overpricing instead of more profit..is to cover for development of malicious code like backdoors..seems like an obtuse, convoluted way of reasoning in my opinion.
android phones are cheap and has a ton of spyware and probably backdoors as well.
Also the firmware may be produced by third party company for them to just upload that is made for a ton of different products.
@@semiRockethr Android itself have ton of malware/spyware/etc - there are very small effort to put it into smartphone, just modify image. Manufacturer itself can be unaware about it as you only need compromise OS image at some point.
Develop UEFI malware whole different story beginning from "which OS we target?"and very smal size of flash chip. If backdoor have to read "files" from drive then you need to at least implement filesystem support, because UEFI itself only support FAT32, very popular FS for system drive nowdays. Embedded programmers much more hard to find and expensive guys than android ones.
P.S. And by the way - how to solve problem of, for example LG TVs spying on users? Well established brand etc. This thing really amaze me every time. West have well established brands which _do_ massive spying fo users. Alexa hear all the room 24/7, LG make screenshots every second to analyse, Intel have real remote desktop in _hardware_ .But in every single video about dirt cheap chineese device (manufacturer of what don't bother so much so they even don't customize UEFI firmware at all, just flashed kind of clean SDK version from vendor) how much, maybe, possible, most likely, somewhere, exist invisible super duper backdoor... c'mon guys!
Great Video!
Good job
Actually I wanna find [NSA]backdoors in Western consumer tech but I don’t have a CS degree or a desire to end up on a watchlist lol
They just do it in the open. They mandate companies like Intel and AMD to do it and call it a feature, e.g. Intel Management Engine, and AMD Platform Security, etc.
Pin for flash ic eeprom 1,2,4,5,6,8 ...
Thank you for the video it was quite curious!
What about boards with their own version of the operating system, such as Radxa Debian, Orange Pi Debian, etc.?
Without their version of OS, there will be no access to drivers (NPU, decoding-encoding acceleration, etc.).
What do you mean? You can flash many third party systems onto arm boards, in fact the first party OSes usually suck and often don't support GPU, video encode/decode etc.
@@r0galik let's look at the NPU.
For example, Rock5 or OrangePi 5 (RK3588 with NPU).
There are no open-source drivers for it (there is project from Tomeu Vizoso but with limitations). The only way to use NPU - take official image from Radxa|OrangePi with pre-build binaries for the system.
Same problems with a lot of different devices (NXP, MediaTek, Sophon, etc.)
@@AntonMaltsevI think you can use the NPU any system with the BSP kernel (Armbian, Joshua Riek Ubuntu etc).
@@r0galik , it's a matter of luck if the pre-built binary with drivers will work in a different system.
Sometimes it may, but there is no guarantee.
@@AntonMaltsev it's a matter of luck what works with the first party distros as well, as some devices are better supported by third party systems. So I don't get the argument.
Besides, Raspberry Pi is guilty of this too.
lol moves from pfsense to Opnsense .. it’s pretty much the same just nicer interface
there are some other good reason's. Driver and hardware support, opnsense has more packages. there are some other things that are different but opnsense was a project based on pfsense by some former pfsense developers which is why its very similar. Honestly opnsense in my opinion is in a better spot that pfsense at the moment.
@@xgeko2 It's really a user preference. I've tried OpnSense and prefer pfsense's WebGUI. Also, Netgate sends security updates upstream which OpnSense takes advantage of.
i would be interested to see the mother boards off of aliexpress. im looking at buying a duel x99 combo board ram and cpu
Check out my past videos, I review bunch of them on my channel and even do Intel ME cleanup from BIOS on them
Can you do libreboot
Flash Bang warning, Use Darkmode you psycho :D