1998-09-22 - Re: Stego-empty hard drives… (fwd)

Header Data

From: Jim Choate <ravage@einstein.ssz.com>
To: cypherpunks@einstein.ssz.com (Cypherpunks Distributed Remailer)
Message Hash: 3312c807107dfcba3843157498789b19b04708ca81339aefa89c660c0c8716d0
Message ID: <199809221938.OAA06031@einstein.ssz.com>
Reply To: N/A
UTC Datetime: 1998-09-22 06:11:50 UTC
Raw Date: Tue, 22 Sep 1998 14:11:50 +0800

Raw message

From: Jim Choate <ravage@einstein.ssz.com>
Date: Tue, 22 Sep 1998 14:11:50 +0800
To: cypherpunks@einstein.ssz.com (Cypherpunks Distributed Remailer)
Subject: Re: Stego-empty hard drives... (fwd)
Message-ID: <199809221938.OAA06031@einstein.ssz.com>
MIME-Version: 1.0
Content-Type: text

Forwarded message:

> Date: Tue, 22 Sep 1998 14:25:10 -0400
> From: Sunder <sunder@brainlink.com>
> Subject: Re: Stego-empty hard drives... (fwd)

> All stego methods are weak approaches at hiding data.

We're not discussin stego, we're discussing hidden disk partitions, not
hiding data in the lsb of of existing observable disk partitions or
something similar.

> Who the fuck is gonna run a tempest scanner on your notebook again?  Let's

Considering the cost of such a scanner (a few $10k/ea.) and assuming such
masking technology were to become commen place I doubt if very many
customs checkpoints at major transfer hubs wouldn't have them.

> Why would you need to collect BIOSes?  You only need to modify a single BIOS -
> the one on >YOUR< notebook.  The camouflage code would be a few hundred bytes
> at most unless you do something overly elaborate.

I suspect it would be several k actualy since it is going to have to
include the encryption code, device drivers, wedgers, etc.

> Disassemblers (debuggers) are fairly cheap. DOS and WIN95 come with a simple
> one called debug.

A disassembler isn't a a debugger. All a disassembler does is convert the
hex to symbols (see frankenstein for an excellent design).

> programming.  You don't need to disasemble everything in the BIOS, you just
> need to disable the checksum routine the bios uses on itself, and you need to
> slightly modify the place that detects the size of the IDE drive to not go
> beyond a certain number of pointers.

So much for your few hundred bytes.

> Further, PC bioses do support BIOS extensions, you generally wouldn't need to

Um, usualy they support wedging via a jump table. This means that not only 
do you still have the original code you wedged out but you have the new
code you've wedged in. A 2x penalty.

> provide booting capabilities from SCSI disks.  Of course it's a bit harder in a
> notebook computer, but it too can be done.

Nobody says it can't be done.

> One thing all you fine folks are forgetting is that there are MANY MANY types
> of notebooks out there.

With only a few dozen BIOS'es driving the whole kit and kaboodle.

> My money says that if they can't scan Mac's they also
> won't be able to scan Sparc books, Alpha Books, Newtons, Palm Pilots, and many
> WinCE palmtops either.  Just buy something exotic.

They're new, they will learn from their mistakes and it won't take long.
After all, they have your tax dollars to use...


                            The seeker is a finder.

                                     Ancient Persian Proverb

       The Armadillo Group       ,::////;::-.          James Choate
       Austin, Tx               /:'///// ``::>/|/      ravage@ssz.com
       www.ssz.com            .',  ||||    `/( e\      512-451-7087
                           -====~~mm-'`-```-mm --'-