Dell Latitude E5530, Bios without computrace, or any other way to remove...

#1
Laptop Model
Latitude E5530
Hello, need a solution to remove this computrace . I guess it can be removed from the bios bin. then reflashed clean? I saw to bins for this unit, but it didn't say anything about computrace removed or not?

any help is appreciated! thank u.
--Rob

board info:
------------------
QXW10 LA-7902P
REV : 1.0 (A00)
2012-03-05
MADE in CHINA
 

egyfixlab

Administrator
Staff member
Board Admin
#2
yes
Hello, need a solution to remove this computrace . I guess it can be removed from the bios bin. then reflashed clean? I saw to bins for this unit, but it didn't say anything about computrace removed or not?

any help is appreciated! thank u.
--Rob

board info:
------------------
QXW10 LA-7902P
REV : 1.0 (A00)
2012-03-05
MADE in CHINA
Contact me in private Whatsapp : 00201283689946
 
#3
Here is what I did without using bins or custom bios roms. Story on this was the owner got his laptop stolen, he triggered computrace. His laptop was recovered and returned to him but Absolute was in the middle of selling it's company to IBM and could not get anyone to disable computrace during that time.

After a little digging, I Found a Dell Internal Use only disc (EXTREMELY RARE), which I still have an iso of. If you can boot from other devices from the boot options you just boot from this CD and can then Assign new Asset Tags, Hardware ID's and do a full factory floor reset on the bios. This resets the bios to out of the box shipping state. This allows you to now enter the bios, clear the TPM and put CompuTrace in Disabled mode.

Some specifics about Computrace: If it is marked as "Off" in the bios it still calls home to absolute every 12 hours, no matter what. If it is marked as "Enabled" It calls home every 15 minutes because it responds to Geo Fencing. Computrace enabled laptops ship with computrace in off mode. Once you change it (disabled or Enabled) you can not change it again even if you have the admin bios password or use the hard coded password. The is part of the Tamper resistance. There are only 3 states, Disabled, Off and Enabled.

Computrace is a Option.rom payload within the bios and the hashes must be faked if you write them out in a new flash. Now, I dont know about your laptop or whatever changes have been made since IBM bought Absolute but I did all this on a first gen i5 and a Core 2 Dell Lattitude and Precision models. IBM/Lenovo use the same system as dell. Computrace works and acts like a APT viral infection to windows. Regardless if you remove the dll's from windows, the bios will inject the computrace service back into windows on next reboot. Now, with dell it worked even if the laptop was turned off and used a wireless catcher to pick up local wifi SSID's. I first tried blocking all the domains and ip's I could trace to absolute but it always managed to get a few encrypted packets out to a domain I missed. Contained in those packets from information I found was the current recorded IP and or wireless SSID it was connected to. Running wireshark and watching the network will reveal the domains and IP's it calls home to.

After I verified computrace was disabled I also changed his asset and hardware tags and then monitored the laptop on a private network with no net access for about 3 days. No more calling home, computrace was now fully disabled and everything worked like normal. I was going to take it a step further and start attacking the remote agent. This was 2 years before the BlackHat presentation on accessing the Computrace Remote Agent. In our state, there was an incident at a local school where IT staff where secretly accessing student laptops at home and snaping pics from the webcam. The school was using LanREV (now called Absolute Manage, from IBM) to manage all the laptops. This is when I stopped because my theory was right.

On a mac, Computrace is a piece of cake to remove. Reformat the drive... problem solved. Took me 5 minutes to beat this.

All this took me 4 days and Zero prior knowledge about Computrace or how it worked.
 
Top