Carl-Daniel Hailfinger c-d.hailfinger.devel.2006 at gmx.net
Fri May 23 15:52:56 EDT 2008

On 23.05.2008 21:37, Richard A. Smith wrote:
> Carl-Daniel Hailfinger wrote:
>> As I stated before on this list, bypassing P_THEFT is very easy. You
>> don't even have to desolder the complete flash chip, one pin is
>> sufficient. All of this is doable for less than $1 per laptop if you
>> have access to cheap labor. $1 per laptop is _not_ expensive enough to
>> be infeasible. I am very willing to publish a video tutorial of the
>> procedure if you think I can't do that. The only downside would be that
>> everybody then knows how to bypass P_THEFT.
> If you want to tell me your procedure in private I'll be happy to
> review  it for you.  IMHO we actually do need people to challenge what
> we have done.  Tis' the only real way to know.
> I'm guessing the single pin you are referring the the flash write
> protect pin? If so then I'll note thats actually not where the
> strongest part of the link is.  Very early on we also disable the
> ability to talk to the io ports on the EC that make writing to the SPI
> flash possible. Once they are disabled you can't talk to the EC
> anymore to re-enable them. You have to reset the EC. So far we have
> not found a method that circumvents that.

I didn't know about the disabled IO ports (nice idea BTW), but
fortunately my procedure requires little EC cooperation and will work
even with that measure in place.

>   Fire away.
> Please give us the chance to fix it first if you do find something.  :)

OK, will do so via private mail.


More information about the Devel mailing list