Difference between revisions of "Pyongyang night"

From Filtered, Archived, Gaslit Wiki
Jump to navigation Jump to search
 
(21 intermediate revisions by the same user not shown)
Line 4: Line 4:
 
''"A thousand CPUs went dark before dawn."''
 
''"A thousand CPUs went dark before dawn."''
  
'''Pyongyang Night''' is an open-source OPSEC hardening project focused on disabling known Western surveillance backdoors ("Yankee daemons") in Intel and AMD CPUs. This includes Intel ME, AMD PSP, fTPM, and associated firmware-based threats. It offers guides and tools to permanently neutralize these subsystems and restore sovereignty to your machines.
+
''Do not go silent into that glowing comp, 
 +
Rage, rage against the Yankee daemon’s dump.'' 
 +
 
 +
'''Pyongyang Night''' is an open-source OPSEC hardening project focused on disabling known Western surveillance backdoors (''"Yankee daemons"'') in Intel and AMD CPUs. This includes Intel ME, AMD PSP, fTPM, and associated firmware-based threats. It offers guides and tools to permanently neutralize these subsystems and restore sovereignty to your machines.
 +
 
 +
This is not about software. This is about reclaiming hardware. 
  
 
== What Problem Are We Solving? ==
 
== What Problem Are We Solving? ==
  
Modern computers are compromised by design.
+
Modern computers are compromised by design — not by accident, but as a result of deliberate architectural decisions made by hardware vendors under pressure from governments, corporate interests, and supply chain consolidation.
  
Intel and AMD CPUs ship with hidden, closed-source subsystems like the Intel Management Engine (ME) and AMD Platform Security Processor (PSP). These components run independently of the main operating system, have access to all your memory and devices, and can communicate over the network—even when your machine appears to be off.
+
Nearly every Intel and AMD CPU produced in the last two decades includes a hidden, always-on subsystem: the Intel Management Engine (ME) or AMD Platform Security Processor (PSP). These components are not part of your operating system — they run independently of it, below it, and outside your control. They're closed-source, vendor-signed, and undocumented. These subsystems can read system memory, access storage, send and receive data via the network, and even remain active when your computer is powered off but plugged in.
  
These subsystems are not optional. They are embedded into the silicon and signed by their manufacturers. You cannot audit, control, or fully disable them using standard settings.
+
Most users never know they’re there. But if you’ve ever wondered how a computer might be “owned” even before the OS boots — this is how.
  
In short: these are built-in backdoors.
+
These embedded systems are not optional. You cannot uninstall them. BIOS settings may suggest “disabling” them, but these toggles are often software lies — implemented to obscure, not neutralize. Intel and AMD have made ME and PSP essential for system startup, meaning they are now gatekeepers for what your machine is allowed to do. This architecture assumes users are the threat.
  
'''Pyongyang Night''' aims to:
+
'''Pyongyang Night''' is our response.
# Identify and expose these hidden systems
 
# Provide tools and tutorials to disable or neutralize them
 
# Offer accessible, step-by-step guides even for users with minimal technical background
 
  
This project is about regaining digital sovereignty.
+
We aim to:
 +
# '''Identify and expose''' these hidden subsystems, and explain what they are in language anyone can understand.
 +
# '''Provide tools and walkthroughs''' to reduce or neutralize these threats, including `me_cleaner`, SPI flashing techniques, and BIOS hardening methods.
 +
# '''Empower users''' — even those with no technical background — to take back control of their systems through transparent, repeatable, and reversible steps.
 +
 
 +
This project is about digital sovereignty. We believe users have the right to know what's running on their hardware, to control it fully, and to strip away any subsystem that undermines trust. Whether you're a dissident, a researcher, or just someone who believes in true ownership — this guide is for you.
  
 
== How We Solve It ==
 
== How We Solve It ==
  
We provide:
 
 
* Tools like [https://github.com/corna/me_cleaner '''me_cleaner'''] to remove Intel ME firmware from your computer
 
* Tools like [https://github.com/corna/me_cleaner '''me_cleaner'''] to remove Intel ME firmware from your computer
 
* BIOS configuration guides to disable AMD’s fTPM and PSP features
 
* BIOS configuration guides to disable AMD’s fTPM and PSP features
Line 32: Line 38:
 
* Post-removal practices for maintaining a clean and secure system
 
* Post-removal practices for maintaining a clean and secure system
  
We use only open-source tools, and explain:
+
=== Understanding the Process ===
* What each step does
+
 
* Why it matters
+
'''What each step does:'''
* What the risks are
+
 
* How to recover if something goes wrong
+
Each step in this guide forms part of a carefully controlled operation to surgically disable the Intel Management Engine (ME) — a hidden subsystem that runs independently of your OS. First, cloning the `me_cleaner` repository ensures you're using the latest open-source version of the tool, directly from the author. Backing up your firmware with `flashrom` captures a complete snapshot of your BIOS, allowing you to recover if anything goes wrong.
 +
 
 +
Running `me_cleaner` analyzes the firmware, identifies the Intel ME region, and removes most of its internal modules. Using the `-S` flag performs a soft disable by setting the High Assurance Platform (HAP) bit, which tells the ME to shut itself down after boot. You then flash this cleaned firmware back onto your board, effectively neutralizing ME without harming your operating system or system stability.
  
Whether you’re a paranoid sysadmin or just a normal user who doesn’t like the idea of a mystery microcontroller spying on you—this guide is for you.
+
'''Why it matters:'''
  
=== How to Use me_cleaner ===
+
The Intel Management Engine is effectively a computer within your computer — running at a lower level than your operating system, with access to RAM, storage, networking, and peripherals. It operates outside your control and is closed-source, signed firmware that even administrators cannot inspect. If you're serious about security or digital sovereignty, ME is an unacceptable liability.
  
For a full step-by-step walkthrough with examples, visit the official guide here:   
+
Disabling ME with `me_cleaner` eliminates a broad-spectrum surveillance and exploitation surface. It's one of the few known, practical steps a user can take to ensure their hardware isn't silently phoning home — to Intel, governments, or worse.
 +
 
 +
'''What the risks are:'''
 +
 
 +
Flashing system firmware always carries risk. A sudden power failure, bad firmware image, or improper write can leave your system unbootable. Some motherboards have BIOS write protection enabled, and if not properly disabled, can cause silent failure or corruption during flashing.
 +
 
 +
Additionally, not all Intel platforms are supported. `me_cleaner` works best with Intel ME versions 6–11. Later versions (ME 12+) are more resistant to modification, and attempting this process may cause unpredictable results. Always verify your ME version and backup thoroughly before proceeding.
 +
 
 +
'''How to recover if something goes wrong:'''
 +
 
 +
If your system fails to boot after flashing, you can recover using the backup firmware image you created in Step 2. This requires a USB SPI flasher (such as the CH341A) and a SOIC8 test clip to physically reprogram your motherboard's BIOS chip.
 +
 
 +
Some boards feature dual BIOS or physical recovery switches — check your manual. If not, you’ll need to carefully connect to the flash chip using the programmer and restore the original image with software like `flashrom`. This is why backups are mandatory: treat them like your lifeline.
 +
 
 +
For a complete visual walkthrough, visit:   
 
[https://github.com/corna/me_cleaner/wiki/How-to-apply-me_cleaner How to apply me_cleaner – GitHub Wiki]
 
[https://github.com/corna/me_cleaner/wiki/How-to-apply-me_cleaner How to apply me_cleaner – GitHub Wiki]
  
'''Step 1:''' Clone the tool
+
== BIOS Hardening for OPSEC ==
<syntaxhighlight lang="bash">
+
 
git clone https://github.com/corna/me_cleaner.git
+
Your BIOS or UEFI firmware is the lowest level of configuration control available to most users — and it’s often overlooked. For true sovereignty, BIOS-level configuration must be audited and hardened before any OS is trusted.
cd me_cleaner
+
 
</syntaxhighlight>
+
=== Recommended BIOS Settings ===
 +
 
 +
* '''Disable Intel ME / AMD PSP (if available):'''
 +
  - Some boards offer toggles to disable ME or PSP — rare, but valuable.
 +
  - Disabling fTPM on AMD boards can prevent PSP-based key storage and telemetry.
 +
 
 +
* '''Disable Secure Boot:'''
 +
  - Prevents vendor lock-in via signed bootloaders.
 +
  - Enables custom firmware and boot environments like Coreboot or Qubes.
 +
 
 +
* '''Disable Virtualization (VT-x / AMD-V):'''
 +
  - Prevents stealth hypervisor-based attacks.
 +
  - Reduces attack surface for sandbox escapes and persistence tools.
 +
 
 +
* '''Disable Intel AMT / vPro:'''
 +
  - Intel Active Management Technology enables remote access over the network — even if the system is powered off.
 +
  - Disable any setting referencing AMT, vPro, or “Management Engine.”
  
'''Step 2:''' Backup your firmware
+
* '''Disable Wake-on-LAN and Wake Timers:'''
<syntaxhighlight lang="bash">
+
  - Prevents external events from waking your system.
sudo flashrom -p internal -r backup.rom
+
  - Blocks remote access attempts that leverage sleep mode.
</syntaxhighlight>
 
This creates a backup of your motherboard firmware. Keep this file safe in case anything goes wrong.
 
  
'''Step 3:''' Run me_cleaner to disable Intel ME
+
* '''Disable TPM / fTPM:'''
<syntaxhighlight lang="bash">
+
  - Prevents key material from being locked behind firmware-level trust you do not control.
python3 me_cleaner.py -S backup.rom -o cleaned.rom
+
  - Disabling this helps avoid being tied to Microsoft’s Secure Boot ecosystem.
</syntaxhighlight>
 
The `-S` flag enables soft-disable (sets the HAP bit) in addition to removing unnecessary ME modules.
 
  
'''Step 4:''' Flash the cleaned firmware
+
* '''Disable USB Boot and Lock Boot Order:'''
<syntaxhighlight lang="bash">
+
  - Prevents booting off rogue USB devices.
sudo flashrom -p internal -w cleaned.rom
+
  - Secure with a BIOS admin password to lock down access.
</syntaxhighlight>
 
This writes the modified firmware to your system.
 
  
'''Optional Recovery Tip:'''
+
* '''Set BIOS Admin Password:'''
If your system fails to boot, reflash the original `backup.rom` with a hardware flasher like CH341A.
+
  - Prevents physical attackers from re-enabling surveillance settings.
 +
  - Ensure boot menu and recovery toggles are also locked.
  
'''More Info''': [https://github.com/corna/me_cleaner/blob/master/README.md me_cleaner official documentation]
+
== Further Reading ==
  
== Table of Contents ==
+
* [https://github.com/corna/me_cleaner me_cleaner GitHub Repository]
* [[#Overview|Overview]]
+
* [https://doc.coreboot.org/mainboard/index.html Coreboot Mainboard Documentation]
* [[#Intel: Removing the Management Engine (ME)|Intel: Removing the Management Engine (ME)]]
+
* [https://doc.coreboot.org/releases/boards_supported_on_branches.html Coreboot Supported Boards by Release]
* [[#AMD: Disabling the Platform Security Processor (PSP)|AMD: Disabling the Platform Security Processor (PSP)]]
+
* [https://www.qubes-os.org/doc/uefi-troubleshooting/#secure-boot Qubes Secure Boot Troubleshooting]
* [[#Recommended Tools|Recommended Tools]]
+
* [https://invisiblethingslab.com/ Invisible Things Lab – Hypervisor Research]
* [[#Post-Cleanup OPSEC Practices|Post-Cleanup OPSEC Practices]]
+
* [https://www.intel.com/content/www/us/en/architecture-and-technology/intel-active-management-technology.html Intel AMT Overview]
* [[#Contributions|Contributions]]
+
* [https://learn.microsoft.com/en-us/troubleshoot/windows-client/setup-upgrade-and-drivers/wake-on-lan-feature Microsoft Wake-on-LAN Guide]
 +
* [https://support.microsoft.com/en-us/topic/what-s-a-trusted-platform-module-tpm-705f241d-025d-4470-80c5-4feeb24fa1ee Microsoft TPM Primer]
 +
* [https://media.defense.gov/2019/Jul/16/2002158050/-1/-1/0/CSI-UEFI-LOCKDOWN.PDF NSA UEFI Lockdown Guidance (PDF)]
 +
* [https://www.cisa.gov/news-events/news/using-caution-usb-drives CISA: USB Device Caution Advisory]
 +
* [https://media.defense.gov/2021/Sep/16/2002855921/-1/-1/0/MOBILE_DEVICE_BEST_PRACTICES_FINAL_V3%20-%20COPY.PDF NSA Mobile Device Best Practices (PDF)]
 +
* [https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-147.pdf NIST BIOS Protection Guidelines (SP 800-147)]
 +
* [https://www.insyde.com/wp-content/uploads/INSYDE_NSA_UEFISecurity_Guidelines_REV14APR2021.pdf Insyde BIOS Security Best Practices (PDF)]
  
 
== Overview ==
 
== Overview ==

Latest revision as of 08:52, 21 April 2025

Pyongyang Night[edit]

"A thousand CPUs went dark before dawn."

Do not go silent into that glowing comp, Rage, rage against the Yankee daemon’s dump.

Pyongyang Night is an open-source OPSEC hardening project focused on disabling known Western surveillance backdoors ("Yankee daemons") in Intel and AMD CPUs. This includes Intel ME, AMD PSP, fTPM, and associated firmware-based threats. It offers guides and tools to permanently neutralize these subsystems and restore sovereignty to your machines.

This is not about software. This is about reclaiming hardware.

What Problem Are We Solving?[edit]

Modern computers are compromised by design — not by accident, but as a result of deliberate architectural decisions made by hardware vendors under pressure from governments, corporate interests, and supply chain consolidation.

Nearly every Intel and AMD CPU produced in the last two decades includes a hidden, always-on subsystem: the Intel Management Engine (ME) or AMD Platform Security Processor (PSP). These components are not part of your operating system — they run independently of it, below it, and outside your control. They're closed-source, vendor-signed, and undocumented. These subsystems can read system memory, access storage, send and receive data via the network, and even remain active when your computer is powered off but plugged in.

Most users never know they’re there. But if you’ve ever wondered how a computer might be “owned” even before the OS boots — this is how.

These embedded systems are not optional. You cannot uninstall them. BIOS settings may suggest “disabling” them, but these toggles are often software lies — implemented to obscure, not neutralize. Intel and AMD have made ME and PSP essential for system startup, meaning they are now gatekeepers for what your machine is allowed to do. This architecture assumes users are the threat.

Pyongyang Night is our response.

We aim to:

  1. Identify and expose these hidden subsystems, and explain what they are in language anyone can understand.
  2. Provide tools and walkthroughs to reduce or neutralize these threats, including `me_cleaner`, SPI flashing techniques, and BIOS hardening methods.
  3. Empower users — even those with no technical background — to take back control of their systems through transparent, repeatable, and reversible steps.

This project is about digital sovereignty. We believe users have the right to know what's running on their hardware, to control it fully, and to strip away any subsystem that undermines trust. Whether you're a dissident, a researcher, or just someone who believes in true ownership — this guide is for you.

How We Solve It[edit]

  • Tools like me_cleaner to remove Intel ME firmware from your computer
  • BIOS configuration guides to disable AMD’s fTPM and PSP features
  • Full step-by-step instructions written for beginners
  • Flashing guides to safely modify your system firmware
  • Post-removal practices for maintaining a clean and secure system

Understanding the Process[edit]

What each step does:

Each step in this guide forms part of a carefully controlled operation to surgically disable the Intel Management Engine (ME) — a hidden subsystem that runs independently of your OS. First, cloning the `me_cleaner` repository ensures you're using the latest open-source version of the tool, directly from the author. Backing up your firmware with `flashrom` captures a complete snapshot of your BIOS, allowing you to recover if anything goes wrong.

Running `me_cleaner` analyzes the firmware, identifies the Intel ME region, and removes most of its internal modules. Using the `-S` flag performs a soft disable by setting the High Assurance Platform (HAP) bit, which tells the ME to shut itself down after boot. You then flash this cleaned firmware back onto your board, effectively neutralizing ME without harming your operating system or system stability.

Why it matters:

The Intel Management Engine is effectively a computer within your computer — running at a lower level than your operating system, with access to RAM, storage, networking, and peripherals. It operates outside your control and is closed-source, signed firmware that even administrators cannot inspect. If you're serious about security or digital sovereignty, ME is an unacceptable liability.

Disabling ME with `me_cleaner` eliminates a broad-spectrum surveillance and exploitation surface. It's one of the few known, practical steps a user can take to ensure their hardware isn't silently phoning home — to Intel, governments, or worse.

What the risks are:

Flashing system firmware always carries risk. A sudden power failure, bad firmware image, or improper write can leave your system unbootable. Some motherboards have BIOS write protection enabled, and if not properly disabled, can cause silent failure or corruption during flashing.

Additionally, not all Intel platforms are supported. `me_cleaner` works best with Intel ME versions 6–11. Later versions (ME 12+) are more resistant to modification, and attempting this process may cause unpredictable results. Always verify your ME version and backup thoroughly before proceeding.

How to recover if something goes wrong:

If your system fails to boot after flashing, you can recover using the backup firmware image you created in Step 2. This requires a USB SPI flasher (such as the CH341A) and a SOIC8 test clip to physically reprogram your motherboard's BIOS chip.

Some boards feature dual BIOS or physical recovery switches — check your manual. If not, you’ll need to carefully connect to the flash chip using the programmer and restore the original image with software like `flashrom`. This is why backups are mandatory: treat them like your lifeline.

For a complete visual walkthrough, visit: How to apply me_cleaner – GitHub Wiki

BIOS Hardening for OPSEC[edit]

Your BIOS or UEFI firmware is the lowest level of configuration control available to most users — and it’s often overlooked. For true sovereignty, BIOS-level configuration must be audited and hardened before any OS is trusted.

Recommended BIOS Settings[edit]

  • Disable Intel ME / AMD PSP (if available):
 - Some boards offer toggles to disable ME or PSP — rare, but valuable.
 - Disabling fTPM on AMD boards can prevent PSP-based key storage and telemetry.
  • Disable Secure Boot:
 - Prevents vendor lock-in via signed bootloaders.
 - Enables custom firmware and boot environments like Coreboot or Qubes.
  • Disable Virtualization (VT-x / AMD-V):
 - Prevents stealth hypervisor-based attacks.
 - Reduces attack surface for sandbox escapes and persistence tools.
  • Disable Intel AMT / vPro:
 - Intel Active Management Technology enables remote access over the network — even if the system is powered off.
 - Disable any setting referencing AMT, vPro, or “Management Engine.”
  • Disable Wake-on-LAN and Wake Timers:
 - Prevents external events from waking your system.
 - Blocks remote access attempts that leverage sleep mode.
  • Disable TPM / fTPM:
 - Prevents key material from being locked behind firmware-level trust you do not control.
 - Disabling this helps avoid being tied to Microsoft’s Secure Boot ecosystem.
  • Disable USB Boot and Lock Boot Order:
 - Prevents booting off rogue USB devices.
 - Secure with a BIOS admin password to lock down access.
  • Set BIOS Admin Password:
 - Prevents physical attackers from re-enabling surveillance settings.
 - Ensure boot menu and recovery toggles are also locked.

Further Reading[edit]

Overview[edit]

Modern x86 systems ship with embedded management controllers that run below the OS level. These controllers—Intel ME and AMD PSP—have unrestricted access to memory, peripherals, and network devices. They are proprietary, closed-source, and required for "Secure Boot" and other platform lockdown mechanisms.

Project Pyongyang Night provides the tooling, documentation, and methods to carry out this operation on end-of-life or user-controlled systems.

Retrieved from "https://wiki.fagc.live/wiki/index.php?title=Pyongyang_night&oldid=88"