Jump to content

Is Fedora 20 streaming atari, amiga and nintendo audio files?

Guest BadBIOSVictim

By Guest BadBIOSVictim
in Microsoft Support & Discussions

 Share

Recommended Posts

Guest BadBIOSVictim

Guest BadBIOSVictim

Posted
Posted

In November 2011, after booting to Privatix, a live German Tor distro, my linux boxes became infected with BadBIOS. BadBIOS infects burning of DVDs. Recently, I purchased two live Fedora 20 DVDs from a honest and nice Ebay seller. They are tampered. I don't believe the seller tampered them.

 

Fedora 20 has similar packages as the tampered Privatix.

http://www.linuxforums.org/forum/sec...tml#post950611

 

I could not find a list of preinstalled packages in Fedora 20 filesystem nor on Fedora's wiki. Could someone refer where to find it?

 

Is Privatix and Fedora injecting BadBIOS as microcode into the video card? Is Privatix and Fedora 20 PXE booting using squashfs, busybox and dracut? Are they keylogging keystrokes using AmigaOS and Atari keymaps to stream data via hamradio and GNUradio using the dialup modem's piezo electric two way transducer? I had removed the wifi card, conductive speakers and internal hard drive. Hard drives have a piezo transducer.

 

I will ship the Fedora 20 DVD to anyone interested in conducting forensics. Please PM me.

 

Fedora's clock is four hours behind using both computers.

 

Microcode can be a malicious firmware rootkit. Microcode injection in Tails a backdoor? : onions

 

Both Privatix and Fedora 20 are injecting microcode into the videocard of my HP Compaq Presario V2000. DMESG in terminal:

 

[ 3.192977] [drm] radeon: irq initialized. [ 3.192997] [drm] Loading R300 Microcode [ 3.193823] [drm] radeon: ring at 0x0000000060001000 [ 3.193847] [drm] ring test succeeded in 1 usecs [ 3.194191] [drm] ib test succeeded in 0 usecs [ 3.194723] [drm] Panel ID String: QDS [ 3.194726] [drm] Panel Size 1280x768

 

[ 52.754086] microcode: AMD CPU family 0xf not supported

 

Fortunately, this AMD processor does not support microcode.

 

The R300 radeon microcode injection by Privatix was fake microcode. I suspect the R300 radeon microcode in Fedora is also fake. The fake microcode is some type of firmware rootkit, possibly BadBIOS. Microcode injection in Tails a backdoor? : onions

 

Last week, I discarded my BadBIOS infected HP Compaq Presario V2000 and continued conducting forensics on the Fedora 20 DVD using a Dell Vostro 200.

 

Fedora 20 injected microcode into Dell Vostro 200 CPU:

 

[ 38.492840] microcode: CPU1 sig=0x6fd, pf=0x1, revision=0xa1 [ 38.493074] microcode: CPU1 updated to revision 0xa4, date = 2010-10-02 [ 38.493169] microcode: Microcode Update Driver: v2.00 tigran@aivazian.fsnet.co.uk, Peter Oruba

 

Fedora 20 file manager does not ask guest if want to open removable media. Guests has to click on activities > file manager > removable media.

 

Fedora 20 Disk Utility is tampered. Option to rename partition is missing.

 

Fedora 20 has no boot splash unless booting freezes in which case an error message is displayed. Boot splash can detect tampering that /var/logs do not. Boot splash should be the default setting for all linux distros.

 

/var/log is missing dmesg.log, kernel.log, messages.log, sys.log, etc. Of the logs that are in /var/log, the majority guests do not have the file permissions to read.

 

There is another /var/log at /run/media/_Fedora_Live_Desvar/log and /run/media/_Fedora_live_Des1/var/log

 

/var/boot.log: "Starting dracut mount hook... [[32m OK [0m] Started dracut mount hook. [[32m OK [0m] Reached target Initrd Default Target.

 

Welcome to [0;34mFedora 20 (Heisenbug)[0m!

 

[[32m OK [0m] Stopped Switch Root. [[32m OK [0m] Stopped target Switch Root. [[32m OK [0m] Stopped target Initrd File Systems. [[32m OK [0m] Stopped target Initrd Root File System. Starting Collect Read-Ahead Data... [[32m OK [0m] Reached target Login Prompts. [[32m OK [0m] Reached target Remote File Systems."

 

A search for�busybox� in filesystem found: 05busybox folder located: /usr/lib/Dracut/modules.d

 

Both Fedora 20 and Privatix have many unknown file types in their filesystems. For example, var/log.boot.log: Starting Load/Save Random Seed... I searched 'seed' in filesystem: seed type: unknown location: /usr/lib/seed-gtk3

 

Search for 'initrd' in filesystem found:

 

initrd-plymouth.img type: unknown location: /boot initrd0.img type: unknown location: run/initramfs/live/isolinux

 

Search for 'squashfs' found: squashfs.img type: unknown location: /run/initramfs/live/LiveOS

 

Search for 'pxe' in filesystem found:

 

pxeboot.img type unknown location: /usr/lib/grub/i386-pc pxe.pyc type:unknown location: /usr/lib/python2.7/site-packaes/sos/plugins

 

Dragos Ruiu, discoverer of BadBIOS, noted an increase in 8 bit fonts. Fedora 20 and Privatix have preinstalled hamradio and 8 bit packages: Amiga, MacIntosh, MacOS, lilypond (sheet music for MacOS), atari and TOS (Atari's operating system). German Tor CD has PXE server streaming Amiga Soundtracker audio, multiple squashfs, multiple busybox, preseeds & initrd.imgs : onions

 

Fedora 20's atari files at:

 

atari type: folder location: /usr/lib/kbd/keymaps/legacy ataritt type: text location: /usr/share/X11/xkb/geometry attaritt type: text location: /usr/share/X11/xkb/keycodes attaritt type: text location: /usr/share/X11/xkb/symbols/xfree68_vndr

atari-de-map.gz type: archive location: /usr/lib/kbd/keymaps/legacy/atari

atari-se.map.gz type: archive location: /usr/lib/kbd/keymaps/legacy/atari

atari-us.map.gz type: archive location: /usr/lib/kbd/keymaps/legacy/atari atari-uk-falcon.map.gz type: archive location: /usr/lib/kbd/keymaps/legacy/atari

 

A search for TOS (Atari's operating system)found:

 

fonttosfnt type: executable location: /usr/bin libxt_

tos.so type: shared library location: /usr/lib/xtables libgtossaudio.so type: shared library location: /usr/lib/gstreamer-0.10

libgtossaudio.so type: shared library location: /usr/lib/gstreamer-1.0

 

Nintendo files at:

 

x-nintendo-ds-rom.xml type: markup location: /usr/share/mime/application

vnd.nintendo.snes.rom.xml type: markup location: /usr/share/mime/application

 

All the amiga files have the word 'amiga' in them:

 

part_amiga.mod type: amiga soundtracker audio (audio/x-mod) location: /usr/lib/grub/i386-efi

part_amiga.mod type: Amiga SoundTracker audio (audio/x-mod) location: /usr/lib/grub/i386-pc part_amiga.module type: object code location: /usr/lib/grub/i386-efi

part_amiga.module type: object code location: /usr/lib/grub/i386-pc

amiga type: folder location: /usr/lib/kbd/keymaps/legacy amiga-de.map.gz type: archive Location: usr/lib/kbd/keymaps/legacy/

amiga-us-map.gz type: archive Location: usr/lib/kbd/keymaps/legacy

 

Are AmigaOS and Atari keylogging keystrokes to stream data using audio and hamradio or GNURadio?

 

A search for 'MacIntosh' files found:

 

MACINTOSH.so type: unknown location: /usr/lib/gconv MACINTOSH.gz type: archive location: /usr/share/i18n/charmaps

MACINTOSH.so type: unknown location: /run/media/liveuser/_Fedora-Live-Des1/usr/lib/gconv

MACINTOSH.so type: unknown location: /run/media/liveuser/_Fedora-Live-Des/usr/lib/gconv

MACINTOSH.gz type: archive location: run/media/liveuser/_Fedora-Live-Des1/usr/share/i18n/charmaps

MACINTOSH.gz type: archive location: run/media/liveuser/_Fedora-Live-Des/usr/share/i18n/charmaps

macintosh_vndr type: folder location: /run/media/liveuser/_Fedora-Live-Des1/usr/share/X11/xkb/symbols

 

A search for MacOS found:

 

20macosx type program location: /usr/libexec/os-probes/mounted

macosx.html type: text location: /usr/share/doc/cyrus-sals-lib

macosxSupport.pyc type: unknown usr/lib/python2.7/idlelib macosxSupport.pyo type: unknown /usr/lib/python2.7/idlelib macos.xml type: markup /usr/share/libosinfo/db/oses macosxSupport.cpython-33 type: unknown /usr/lib/python3.3/idlelib/pycache

macosxSupport.cpython-33 type: unknown usr/lib/python3.3/idlelib/pycache

 

A search for lilypond (sheet music for MacOS) found:

 

lilypond.lang type: text location: /usr/share/highlight/langDefs x-lilypond.xml type: markup location: /usr/share/mime/text

 

A search for 'hamradio' in filesystem found:

 

hamradio type: folder location: /usr/lib/modules/3.11.10-301.fc20.i686/extra/drivers/net

hamradio type: folder location: /usr/lib/modules/3.11.10-301.fc20.i686/extra/drivers/net

 

Is BadBIOS using 8 byte operating systems such as MacIntosh, MacOS, lilpond via hamradio?

 

Gedit text editor tampering:

 

Gedit is missing 'Preferences' in the 'Edit' tab. Gedit is mising 'Help' tab in the menu. Therefore, no 'Contents' and 'About' tabs.

 

After guest edits a text file on removable media, a hidden backup file is created and permanently saved on removable media. Fedora does not detect the permanent backup file as a backup file. Type: unknown

 

Timestamps of the backup files go backwards in history. First backup file has today's date, June 5, 2014. The others created on same date are dated March 12, 2014, February 7, 2013 and November 14, 2012.

 

Both Fedora 20 and Privatix copies entire photographs from guests' removable media. German live Tor distro has xulrunner, webinspector, eMusic & duplicates personal files : onions. After guest opens a folder on removable media containing photographs and opens one of the photographs, Fedora 20 takes a screenshot of all the photographs in the folder. The 43 hidden thumbnails is at home/liveuser/.cache/thumbnails/large.

 

In home/liveuser/.cache/thumbnails/fail/gnome-thumbnail-factory are 60 hidden pngs. They are solid black. Possibly failed attempts to take webcam screenshots. HP Compaq Presario V2000 does not have a external webcam. I removed the conductive speakers. Yet, Privatix's boot splash detected:

 

input: PC Speaker as /devices/platform/pcspkr/input/input5 Linux video capture interface: v2.00 uvcvideo: Found UVC 1.00 device USB2.0 UVC VGA WebCam (13d3:5702) input: USB2.0 UVC VGA WebCam as /deices/pci0000:00/0000:00:1d.7/usb1/1/-6/1-6:1/0/input/input6 usbcore: registred new interface driver uvcvideo USB Video Class driver (v.0.1.0) (drm) Initializing drm 1.1.0

 

I wish Fedora's default boot would display boot splash.

 

home/liveuser/.local/share/gvfs-metadata. Contains root log, three uuid logs, etc. Clicking on the logs does not bring up gedit.

 

systemctl detected three virtual blocks k-dm/x2d0 - x2d2 and four virtual blocks loop0 - loop4

 

Disk Usage Analyzer detected:

 

Other devices:

 

4.3 GB Block Device /dev/mapper/live-rw volume: _Fedora-Live-Des mounted at Filesystem Root

 

4.3 GB Block Device /dev/mapper/live-base mounted at /run/media/Liveuser/_F

 

4.3 GB Block Device /dev/mapper/lilve-osming-min

 

8.2 KB Loop Device /osmin.img(deleted) Volumes: squashfs Location: /run/media/liveuser/disk1

 

1.3 MB Loop Device /osmin volumes: DM-snapshot-cow device: /dev/loop1

 

930 MB Loop Device /run/initramfs/live/Live volumes: squashfs Mounted: /run/media/liveuser/disk Cannot scan: "permission denied"

 

Continue reading...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...