Difference between revisions of "Pyongyang night"

From Filtered, Archived, Gaslit Wiki
Jump to navigation Jump to search
Line 33: Line 33:
 
* Post-removal practices for maintaining a clean and secure system
 
* Post-removal practices for maintaining a clean and secure system
  
 +
=== Understanding the Process ===
  
=== Understanding the Process ===
+
'''What each step does:'''
  
'''* What each step does:'''
+
Each step in this guide forms part of a carefully controlled operation to surgically disable the Intel Management Engine (ME) — a hidden subsystem that runs independently of your OS. First, cloning the `me_cleaner` repository ensures you're using the latest open-source version of the tool, directly from the author. Backing up your firmware with `flashrom` captures a complete snapshot of your BIOS, allowing you to recover if anything goes wrong.
  
Each step in this guide is part of a controlled operation to surgically disable the Intel Management Engine (ME) — a subsystem that runs independently of your main OS. First, cloning the `me_cleaner` repository gives you access to a tested open-source tool built specifically to modify ME firmware. Backing up your firmware ensures that if anything fails later on, you have a full restore point.
+
Running `me_cleaner` analyzes the firmware, identifies the Intel ME region, and removes most of its internal modules. Using the `-S` flag performs a soft disable by setting the High Assurance Platform (HAP) bit, which tells the ME to shut itself down after boot. You then flash this cleaned firmware back onto your board, effectively neutralizing ME without harming your operating system or system stability.
  
Next, when you run `me_cleaner`, it scans your dumped firmware and removes or disables most ME components. If you use the `-S` flag, it sets a special bit (HAP – High Assurance Platform) that politely tells the ME to shut itself off after hardware initialization. Finally, you flash the cleaned firmware back onto your system — replacing the backdoor with a mostly inert block of silicon.
+
'''Why it matters:'''
  
'''* Why it matters:'''
+
The Intel Management Engine is effectively a computer within your computer — running at a lower level than your operating system, with access to RAM, storage, networking, and peripherals. It operates outside your control and is closed-source, signed firmware that even administrators cannot inspect. If you're serious about security or digital sovereignty, ME is an unacceptable liability.
  
The Intel ME is a closed, separate computer built into your CPU. It has access to memory, network traffic, and peripherals — and it can operate when the main system is powered off. This means that even if your OS is secure, ME can bypass it. No user or admin can monitor what it does, and it cannot be fully audited.
+
Disabling ME with `me_cleaner` eliminates a broad-spectrum surveillance and exploitation surface. It's one of the few known, practical steps a user can take to ensure their hardware isn't silently phoning home — to Intel, governments, or worse.
  
Disabling or stripping ME is critical for digital sovereignty. It eliminates an entire class of persistent firmware-level surveillance or exploitation vectors. It’s one of the only ways to ensure your system isn’t secretly communicating with unknown third parties.
+
'''What the risks are:'''
  
'''* What the risks are:'''
+
Flashing system firmware always carries risk. A sudden power failure, bad firmware image, or improper write can leave your system unbootable. Some motherboards have BIOS write protection enabled, and if not properly disabled, can cause silent failure or corruption during flashing.
  
Firmware flashing is dangerous — if done incorrectly, it can completely brick your system. A power loss or bad flash during this process might leave your motherboard unbootable. Some motherboards have write protections or hidden BIOS flags that will block or corrupt the modified firmware.
+
Additionally, not all Intel platforms are supported. `me_cleaner` works best with Intel ME versions 6–11. Later versions (ME 12+) are more resistant to modification, and attempting this process may cause unpredictable results. Always verify your ME version and backup thoroughly before proceeding.
  
Another risk is incompatibility. Newer versions of Intel ME (especially ME 12+) may not behave properly when neutered. On those systems, `me_cleaner` might cause instability or even fail silently. You must research your hardware and ME version beforehand.
+
'''How to recover if something goes wrong:'''
  
'''* How to recover if something goes wrong:'''
+
If your system fails to boot after flashing, you can recover using the backup firmware image you created in Step 2. This requires a USB SPI flasher (such as the CH341A) and a SOIC8 test clip to physically reprogram your motherboard's BIOS chip.
  
If your system fails to boot, recovery is only possible if you made a proper firmware backup beforehand. You’ll need an SPI flash programmer (like the CH341A) and a clip to physically connect to the BIOS chip. These tools allow you to restore the original firmware even if the system is completely bricked.
+
Some boards feature dual BIOS or physical recovery switches — check your manual. If not, you’ll need to carefully connect to the flash chip using the programmer and restore the original image with software like `flashrom`. This is why backups are mandatory: treat them like your lifeline.
  
Some higher-end boards may feature dual BIOS or automatic recovery systems, which can be triggered via jumper or switch. If this applies to you, consult your motherboard’s documentation. For everyone else — the backup is your best friend. Treat it like your escape rope.
+
For a complete visual walkthrough, visit: 
 +
👉 [https://github.com/corna/me_cleaner/wiki/How-to-apply-me_cleaner How to apply me_cleaner – GitHub Wiki]
  
 
== Table of Contents ==
 
== Table of Contents ==

Revision as of 08:18, 21 April 2025

Pyongyang Night

"A thousand CPUs went dark before dawn."

Pyongyang Night is an open-source OPSEC hardening project focused on disabling known Western surveillance backdoors ("Yankee daemons") in Intel and AMD CPUs. This includes Intel ME, AMD PSP, fTPM, and associated firmware-based threats. It offers guides and tools to permanently neutralize these subsystems and restore sovereignty to your machines.

What Problem Are We Solving?

Modern computers are compromised by design.

Intel and AMD CPUs ship with hidden, closed-source subsystems like the Intel Management Engine (ME) and AMD Platform Security Processor (PSP). These components run independently of the main operating system, have access to all your memory and devices, and can communicate over the network—even when your machine appears to be off.

These subsystems are not optional. They are embedded into the silicon and signed by their manufacturers. You cannot audit, control, or fully disable them using standard settings.

In short: these are built-in backdoors.

Pyongyang Night aims to:

  1. Identify and expose these hidden systems
  2. Provide tools and tutorials to disable or neutralize them
  3. Offer accessible, step-by-step guides even for users with minimal technical background

This project is about regaining digital sovereignty.


How We Solve It

We provide:

  • Tools like me_cleaner to remove Intel ME firmware from your computer
  • BIOS configuration guides to disable AMD’s fTPM and PSP features
  • Full step-by-step instructions written for beginners
  • Flashing guides to safely modify your system firmware
  • Post-removal practices for maintaining a clean and secure system

Understanding the Process

What each step does:

Each step in this guide forms part of a carefully controlled operation to surgically disable the Intel Management Engine (ME) — a hidden subsystem that runs independently of your OS. First, cloning the `me_cleaner` repository ensures you're using the latest open-source version of the tool, directly from the author. Backing up your firmware with `flashrom` captures a complete snapshot of your BIOS, allowing you to recover if anything goes wrong.

Running `me_cleaner` analyzes the firmware, identifies the Intel ME region, and removes most of its internal modules. Using the `-S` flag performs a soft disable by setting the High Assurance Platform (HAP) bit, which tells the ME to shut itself down after boot. You then flash this cleaned firmware back onto your board, effectively neutralizing ME without harming your operating system or system stability.

Why it matters:

The Intel Management Engine is effectively a computer within your computer — running at a lower level than your operating system, with access to RAM, storage, networking, and peripherals. It operates outside your control and is closed-source, signed firmware that even administrators cannot inspect. If you're serious about security or digital sovereignty, ME is an unacceptable liability.

Disabling ME with `me_cleaner` eliminates a broad-spectrum surveillance and exploitation surface. It's one of the few known, practical steps a user can take to ensure their hardware isn't silently phoning home — to Intel, governments, or worse.

What the risks are:

Flashing system firmware always carries risk. A sudden power failure, bad firmware image, or improper write can leave your system unbootable. Some motherboards have BIOS write protection enabled, and if not properly disabled, can cause silent failure or corruption during flashing.

Additionally, not all Intel platforms are supported. `me_cleaner` works best with Intel ME versions 6–11. Later versions (ME 12+) are more resistant to modification, and attempting this process may cause unpredictable results. Always verify your ME version and backup thoroughly before proceeding.

How to recover if something goes wrong:

If your system fails to boot after flashing, you can recover using the backup firmware image you created in Step 2. This requires a USB SPI flasher (such as the CH341A) and a SOIC8 test clip to physically reprogram your motherboard's BIOS chip.

Some boards feature dual BIOS or physical recovery switches — check your manual. If not, you’ll need to carefully connect to the flash chip using the programmer and restore the original image with software like `flashrom`. This is why backups are mandatory: treat them like your lifeline.

For a complete visual walkthrough, visit: 👉 How to apply me_cleaner – GitHub Wiki

Table of Contents

Overview

Modern x86 systems ship with embedded management controllers that run below the OS level. These controllers—Intel ME and AMD PSP—have unrestricted access to memory, peripherals, and network devices. They are proprietary, closed-source, and required for "Secure Boot" and other platform lockdown mechanisms.

Project Pyongyang Night provides the tooling, documentation, and methods to carry out this operation on end-of-life or user-controlled systems.

Retrieved from "https://wiki.fagc.live/wiki/index.php?title=Pyongyang_night&oldid=70"