Revision as of 07:56, 21 April 2025

Pyongyang Night

"A thousand CPUs went dark before dawn."

Pyongyang Night is an open-source OPSEC hardening project focused on disabling known Western surveillance backdoors ("Yankee daemons") in Intel and AMD CPUs. This includes Intel ME, AMD PSP, fTPM, and associated firmware-based threats. It offers guides and tools to permanently neutralize these subsystems and restore sovereignty to your machines.

Overview

Modern x86 systems ship with embedded management controllers that run below the OS level. These controllers—Intel ME and AMD PSP—have unrestricted access to memory, peripherals, and network devices. They are proprietary, closed-source, and required for "Secure Boot" and other platform lockdown mechanisms.

Intel: Removing the Management Engine (ME)

Step 1: Check if your system is vulnerable

Target systems: Intel platforms from 2008–2017 (Core 2 through Skylake/Kaby Lake)
Look for ME version 6.x – 11.x

Step 2: Install dependencies: <syntaxhighlight lang="bash"> sudo apt install flashrom python3 git build-essential </syntaxhighlight>

Step 3: Dump firmware: <syntaxhighlight lang="bash"> flashrom -p internal -r backup.rom </syntaxhighlight>

Step 4: Clean ME using me_cleaner: <syntaxhighlight lang="bash"> git clone https://github.com/corna/me_cleaner.git cd me_cleaner python3 me_cleaner.py -S ../backup.rom -o cleaned.rom </syntaxhighlight>

Step 5: Flash cleaned firmware: <syntaxhighlight lang="bash"> flashrom -p internal -w cleaned.rom </syntaxhighlight>

AMD: Disabling the Platform Security Processor (PSP)

Step 1: Disable fTPM in BIOS Step 2: Disable Secure Boot Step 3: Monitor PSP activity (Linux): <syntaxhighlight lang="bash"> dmesg | grep -i psp </syntaxhighlight>

Follow community projects:

Recommended Tools

Post-Cleanup OPSEC Practices

Use Qubes, Tails, or Whonix for ops
Use air-gapped systems where possible
Avoid fTPM/Secure Boot systems

Contributions

We welcome new methods to disable Yankee Daemons. Submit tools, firmware dumps, or testing results via pull request.

"The boot ROM is the only God I fear."

@@ Line 1: / Line 1: @@
-# Pyongyang Night
-```
+= Pyongyang Night =
-██████╗ ██╗   ██╗ ██████╗ ███╗   ██╗ ██████╗ ██╗   ██╗ ███╗   ██╗
-██╔══██╗██║   ██║██╔═══██╗████╗  ██║██╔═══██╗██║   ██║████╗  ██║
-██████╔╝██║   ██║██║   ██║██╔██╗ ██║██║   ██║██║   ██║██╔██╗ ██║
-██╔═══╝ ██║   ██║██║   ██║██║╚██╗██║██║   ██║██║   ██║██║╚██╗██║
-██║     ╚██████╔╝╚██████╔╝██║ ╚████║╚██████╔╝╚██████╔╝██║ ╚████║
-╚═╝      ╚═════╝  ╚═════╝ ╚═╝  ╚═══╝ ╚═════╝  ╚═════╝ ╚═╝  ╚═══╝
-          PYONGYANG NIGHT v1.0 - Silence the Yankee Daemon
+''"A thousand CPUs went dark before dawn."''
-```
-> *"A thousand CPUs went dark before dawn."*
+'''Pyongyang Night''' is an open-source OPSEC hardening project focused on disabling known Western surveillance backdoors ("Yankee daemons") in Intel and AMD CPUs. This includes Intel ME, AMD PSP, fTPM, and associated firmware-based threats. It offers guides and tools to permanently neutralize these subsystems and restore sovereignty to your machines.
-**Pyongyang Night** is an open-source OPSEC hardening project focused on disabling known Western surveillance backdoors ("Yankee daemons") in Intel and AMD CPUs. This includes Intel ME, AMD PSP, fTPM, and associated firmware-based threats. It offers guides and tools to permanently neutralize these subsystems and restore sovereignty to your machines.
+== Table of Contents ==
+* [[#Overview|Overview]]
+* [[#Intel: Removing the Management Engine (ME)|Intel: Removing the Management Engine (ME)]]
+* [[#AMD: Disabling the Platform Security Processor (PSP)|AMD: Disabling the Platform Security Processor (PSP)]]
+* [[#Recommended Tools|Recommended Tools]]
+* [[#Post-Cleanup OPSEC Practices|Post-Cleanup OPSEC Practices]]
+* [[#Contributions|Contributions]]
----
+----
-## Table of Contents
+== Overview ==
-- [Overview](#overview)
-- [Intel: Removing the Management Engine (ME)](#intel-removing-the-management-engine-me)
-- [AMD: Disabling the Platform Security Processor (PSP)](#amd-disabling-the-platform-security-processor-psp)
-- [Recommended Tools](#recommended-tools)
-- [Post-Cleanup OPSEC Practices](#post-cleanup-opsec-practices)
-- [Contributions](#contributions)
----
+Modern x86 systems ship with embedded management controllers that run below the OS level. These controllers—Intel ME and AMD PSP—have unrestricted access to memory, peripherals, and network devices. They are proprietary, closed-source, and required for "Secure Boot" and other platform lockdown mechanisms.
-## Overview
+== Intel: Removing the Management Engine (ME) ==
-Modern x86 systems ship with embedded management controllers that run below the OS level. These controllers—Intel ME and AMD PSP—have unrestricted access to memory, peripherals, and network devices. They are proprietary, closed-source, and required for "Secure Boot" and other platform lockdown mechanisms. If you are serious about OPSEC, these must be removed or neutralized.
+'''Step 1:''' Check if your system is vulnerable
+* Target systems: Intel platforms from 2008–2017 (Core 2 through Skylake/Kaby Lake)
+* Look for ME version 6.x – 11.x
-**Project Pyongyang Night** provides the tooling, documentation, and methods to carry out this operation on end-of-life or user-controlled systems.
+'''Step 2:''' Install dependencies:
+<syntaxhighlight lang="bash">
----
-## Intel: Removing the Management Engine (ME)
-### Step 1: Check if your system is vulnerable
-- Target systems: Intel platforms from 2008–2017 (Core 2 through Skylake/Kaby Lake)
-- Look for ME version 6.x – 11.x
-### Step 2: Install dependencies
-```bash
 sudo apt install flashrom python3 git build-essential
-```
+</syntaxhighlight>
-### Step 3: Dump firmware
+'''Step 3:''' Dump firmware:
-```bash
+<syntaxhighlight lang="bash">
 flashrom -p internal -r backup.rom
-```
+</syntaxhighlight>
-### Step 4: Clean ME using `me_cleaner`
+'''Step 4:''' Clean ME using me_cleaner:
-```bash
+<syntaxhighlight lang="bash">
 git clone https://github.com/corna/me_cleaner.git
 cd me_cleaner
 python3 me_cleaner.py -S ../backup.rom -o cleaned.rom
-```
+</syntaxhighlight>
-### Step 5: Flash cleaned firmware
+'''Step 5:''' Flash cleaned firmware:
-```bash
+<syntaxhighlight lang="bash">
 flashrom -p internal -w cleaned.rom
-```
+</syntaxhighlight>
-### Optional:
-- Set the **HAP (High Assurance Platform)** bit for soft ME disablement
-- Use a hardware flasher (e.g. CH341A) if write protection is enabled
----
-## AMD: Disabling the Platform Security Processor (PSP)
+== AMD: Disabling the Platform Security Processor (PSP) ==
-### What is PSP?
+'''Step 1:''' Disable fTPM in BIOS
-- A dedicated ARM core inside AMD CPUs (Ryzen and newer)
+'''Step 2:''' Disable Secure Boot
-- Has full access to system memory and IO
+'''Step 3:''' Monitor PSP activity (Linux):
-- Required for fTPM and Secure Boot
+<syntaxhighlight lang="bash">
-### Current Status:
-- PSP cannot be fully removed yet on most consumer platforms
-- Can be partially disabled or minimized
-### Step 1: Disable fTPM in BIOS
-- Enter UEFI settings and set fTPM to "Disabled"
-### Step 2: Disable Secure Boot
-- Also from UEFI settings
-### Step 3: Monitor PSP activity (Linux)
-```bash
 dmesg | grep -i psp
-```
+</syntaxhighlight>
-### Step 4: Follow open-source community efforts
-- [psp-tool (WIP)](https://github.com/Cr4sh/psp-tool)
-- [openSIL (AMD's open firmware project)](https://github.com/amd/blobs-openSIL)
----
-## Recommended Tools
-### Firmware Dumping & Flashing
-- [flashrom](https://flashrom.org/Flashrom)
-- [CH341A Programmer](https://github.com/nekhbet/CH341A-Programmer) (for SPI flash chip access)
-### ME Removal
-- [me_cleaner](https://github.com/corna/me_cleaner)
-### Coreboot Alternatives
-- [Libreboot](https://libreboot.org/)
-- [Coreboot-supported Boards](https://coreboot.org/status/board-status.html)
----
-## Post-Cleanup OPSEC Practices
-. Use Linux distributions that don’t rely on fTPM or Secure Boot
-   - e.g. [Qubes OS](https://www.qubes-os.org/), [Tails](https://tails.net/), [Whonix](https://www.whonix.org/)
-. Use RAM-only live environments for sensitive ops
-. Isolate critical machines from network (air gap)
-. Monitor SPI flash for unauthorized rewrites
-. Avoid Windows 11 or systems requiring TPM2.0
----
+Follow community projects:
+* [https://github.com/Cr4sh/psp-tool psp-tool (WIP)]
+* [https://github.com/amd/blobs-openSIL openSIL (AMD's open firmware project)]
-## Contributions
+== Recommended Tools ==
-Pull requests and threat model contributions are welcome. We’re especially interested in:
+* [https://flashrom.org/Flashrom flashrom]
-- New methods of disabling PSP/ME on modern systems
+* [https://github.com/corna/me_cleaner me_cleaner]
-- Better integration with Coreboot
+* [https://libreboot.org/ Libreboot]
-- Firmware signature fuzzing tools
+* [https://coreboot.org/status/board-status.html Coreboot Supported Boards]
----
+== Post-Cleanup OPSEC Practices ==
+* Use Qubes, Tails, or Whonix for ops
+* Use air-gapped systems where possible
+* Avoid fTPM/Secure Boot systems
-**Pyongyang Night** is a research and educational project. You are responsible for any changes made to your firmware.
+== Contributions ==
+We welcome new methods to disable Yankee Daemons. Submit tools, firmware dumps, or testing results via pull request.
-> _“The boot ROM is the only God I fear.”_
+''"The boot ROM is the only God I fear."''

Difference between revisions of "Pyongyang night"

Revision as of 07:56, 21 April 2025

Contents