<!DOCTYPE html><html><head> <title>INTEL-SA-00075 Unprovisioning Tool

1. <!DOCTYPE html>
2. <html>
3.  
4. <head>
5. <title>INTEL-SA-00075 Unprovisioning Tool</title>
6. <link type="text/css" href="styles.css" media="screen" rel="stylesheet" title="CSS" />
7. <script type="text/javascript" src="v.js"></script>
8. <script type="text/javascript" src="common-0.0.1.js"></script>
9. <script type="text/javascript" src="amt-wsman-node-0.2.0.js"></script>
10. <script type="text/javascript" src="amt-wsman-0.2.0.js"></script>
11. <script type="text/javascript" src="amt-0.2.0.js"></script>
12. </head>
13.  
14. <body onload="startup()" style="background-color:lightgray;margin:0px;padding:0px">
15. <div style="background:blue;color:white;padding:8px">INTEL-SA-00075 Unprovisioning Tool</div>
16. <div id="toolbar"><input id="startButton" value="Start" type="button" style="text-align:center;width:32%;height:20px" onclick="xstart()" /><input id="clearButton" value="Clear" type="button" style="text-align:center;width:32%;height:20px" onclick="xclear()" /><input id="closeButton" value="Close" type="button" style="text-align:center;width:32%;height:20px" onclick="xexit()" /></div>
17. <div style="position:absolute;left:0;right:0;top:56px;bottom:0px;padding:3px">
18. <div id="results" style="overflow-x:auto;overflow-y:scroll;width:100%;height:100%;font-family:Arial;font-size:12px"></div>
19. </div>
20. <script type="text/javascript">
21. var fs = require('fs');
22. var gui = require('nw.gui');
23. var wsstack = null;
24. var amtstack = null;
25.  
26. var wsstackAdmin = null;
27. var amtstackAdmin = null;
28.  
29. var wsstackAdminPW = null;
30. var amtstackAdminPW = null;
31.  
32. var trySetAdminAcl = true;
33. var tryUberUnconfig = true;
34.  
35. var CCMAllowed = false;
36. var ACMAllowed = false;
37. var Mode = -1;
38. var close = false;
39.  
40. var realm;
41.  
42. //var handles = [];
43. //var osadminHandle;
44.  
45. var adminUserName = "admin";
46. var newAdminPassword = getRandomAmtPass();
47. //var adminHandle = 0;
48.  
49. function startup() {
50. if (gui.App.argv.length > 0) {
51. close = true;
52. xstart();
53. }
54. }
55.  
56. function xclear() {
57. QH('results', '');
58. }
59.  
60. function xexit() {
61. gui.App.quit();
62. }
63.  
64. function xstate(x) {
65. QE('startButton', !x);
66. }
67.  
68. //function debug(x) { QA("results", x + "<br />"); }
69. function debug(x) {
70. console.log(x);
71. var now = new Date();
72. var message = now.toLocaleTimeString() + " - " + x;
73. QA("results", message + "<br />")
74. //fs.appendFile("..\\out.txt", x + "\n", err => function(err) { QA(err + "<br />"); });
75. if (gui.App.argv.length > 0) {
76. fs.appendFileSync(gui.App.argv[0] + "\\log.txt", message + "\r\n");
77. }
78. }
79.  
80. // Start the test
81. function xstart() {
82. xstate(true);
83. debug("INTEL-SA-00075 Unprovisioning Tool version " + version + ".");
84. debug("Connecting to LMS....");
85. wsstack = WsmanStackCreateService("127.0.0.1", 16992, "$$OsAdmin", "whoops", 0);
86. amtstack = AmtStackCreateService(wsstack);
87.  
88. wsstackAdmin = WsmanStackCreateService("127.0.0.1", 16992, adminUserName, "whoops", 0);
89. amtstackAdmin = AmtStackCreateService(wsstackAdmin);
90.  
91. wsstackAdminPW = WsmanStackCreateService("127.0.0.1", 16992, adminUserName, newAdminPassword, 0);
92. amtstackAdminPW = AmtStackCreateService(wsstackAdmin);
93.  
94. //console.log("Starting test.");
95. amtstack.Get("IPS_HostBasedSetupService", hostedBasedSetupServiceCallback);
96. }
97.  
98. function hostedBasedSetupServiceCallback(stack, name, responses, status, tag) {
99. //debug("hostedBasedSetupServiceCallback: Status = " + status + ", Name=" + name);
100. if (status == 200) {
101.  
102. //var mode = getProvisioningType(responses["Body"]["AllowedControlModes"])
103. //if (mode != "") { debug(mode); }
104.  
105. var modes = [];
106. for (i = 0; i < responses["Body"]["AllowedControlModes"].length; i++) {
107. modes.push(getProvisioningType(responses["Body"]["AllowedControlModes"][i]));
108. }
109. Mode = responses["Body"]["CurrentControlMode"];
110. debug("Current Provisioning Mode: " + getProvisioningType(Mode));
111. debug("Available Modes: " + modes.join(', '));
112.  
113. amtstack.Get("AMT_GeneralSettings", generalSettingsCallback);
114. } else if (status == 401) {
115. debug("Intel&reg; AMT reports Unauthorized.");
116. closeApp();
117. } else if (status == 408) {
118. debug("Can't talk to LMS.");
119. closeApp();
120. } else {
121. debug("Error when talking to LMS: " + status);
122. closeApp();
123. }
124. }
125.  
126. function getProvisioningType(typeNumber) {
127. if (typeNumber == 0) {
128. return ("Not provisioned");
129. }
130. if (typeNumber == 1) {
131. CCMAllowed = true;
132. return ("CCM");
133. }
134. if (typeNumber == 2) {
135. ACMAllowed = true;
136. return ("ACM");
137. }
138. return "";
139. }
140.  
141. function generalSettingsCallback(stack, name, response, status) {
142. console.log("generalSettingsCallback", response, status);
143. //debug("generalSettingsCallback: Status = " + status + ", Name=" + name);
144. if (status == 200) {
145. //debug("");
146. //realm = responses["Body"]["DigestRealm"];
147. //debug("Digest Realm: " + realm);
148.  
149. // Set Intel AMT Password
150. if (trySetAdminAcl && Mode == 2) {
151. //debug("Trying to set admin password: " + newAdminPassword);
152. debug("Trying to set admin password.");
153. var NetworkAdminPassword = window.btoa(rstr_md5("admin:" + realm + ":" + newAdminPassword));
154. amtstackAdmin.AMT_AuthorizationService_SetAdminAclEntryEx("admin", NetworkAdminPassword, amtAuthorizationServiceSetAdminAclEntryEx);
155. } else {
156. closeApp();
157. }
158. // Intel AMT is configured. Let's see what else we can do with $$OsAdmin
159. //if (tryUberUnconfig && (Mode == 1 || Mode == 2))
160. //{
161. // debug("Trying to unprovision.");
162. // amtstackAdmin.AMT_SetupAndConfigurationService_Unprovision(1, amtSetupAndConfigurationServiceUnprovisionCallback);
163. //}
164. //else{
165. //if (close) { gui.App.quit();}
166. //}
167.  
168. } else {
169. debug("Failed to get General Intel&reg; AMT Settings: " + status);
170. closeApp();
171. }
172. }
173.  
174. function amtAuthorizationServiceSetAdminAclEntryEx(stack, name, response, status) {
175. console.log("amtAuthorizationServiceSetAdminAclEntryEx", response, status);
176. //debug("amtAuthorizationServiceSetAdminAclEntryEx: Status = " + status + ", Name=" + name);
177. if (status == 200) {
178. var returnVal = (response["Body"]["ReturnValueStr"])
179. if (returnVal = "SUCCESS") {
180. //debug("Successfully set admin password to " + newAdminPassword + ".")
181. debug("Successfully set admin password.")
182. // Intel AMT is configured. Let's see what else we can do with $$OsAdmin
183. if (tryUberUnconfig && (Mode == 1 || Mode == 2)) {
184. debug("Trying to unprovision.");
185. amtstackAdminPW.AMT_SetupAndConfigurationService_Unprovision(1, amtSetupAndConfigurationServiceUnprovisionCallback);
186. } else {
187. closeApp();
188. }
189. } else {
190. debug("Failed to set admin password: " + returnVal);
191. closeApp();
192. }
193. }
194. }
195.  
196. function amtSetupAndConfigurationServiceUnprovisionCallback(stack, name, response, status, tag) {
197. console.log("amtSetupAndConfigurationServiceUnprovisionCallback", response, status);
198. //debug("cimAccountCallback: Status = " + status + ", Name=" + name);
199. if (status == 200) {
200. console.log(response);
201. var returnVal = (response["Body"]["ReturnValueStr"])
202. if (returnVal = "SUCCESS") {
203. debug("Successfully unprovisioned.")
204. } else {
205. debug("Failed to unprovision: " + returnVal + ". Reboot and try again.");
206. }
207. } else {
208. debug("Failed to unprovision: " + status);
209. }
210. closeApp();
211. }
212.  
213. // Close the application after a delay
214. function closeApp() {
215. var t = 10;
216. xstate(false);
217. debug("Done.");
218. if (gui.App.argv.length > 0) {
219. t = 2000;
220. var now = new Date();
221. QA("results", now.toLocaleTimeString() + " - " + "Results in " + gui.App.argv[0] + "\\log.txt" + "<br />");
222. }
223. if (close) {
224. setTimeout(function() {
225. gui.App.quit();
226. }, t);
227. }
228. }
229.  
230. // Check if this is a valid Intel AMT password
231. function passwordcheck(p) {
232. var re = /(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[!@#$%^&*()+-]).{8,}/;
233. return re.test(p);
234. }
235.  
236. // Intel AMT password stuff
237. function xxRandomNonce(xlength) {
238. var xxxRandomNonceX = ["a", "b", "c", "d", "e", "f", "0", "1", "2", "3", "4", "5", "6", "7", "8", "9"],
239. r = "";
240. for (var i = 0; i < xlength; i++) {
241. r += xxxRandomNonceX[Math.floor(Math.random() * 16)];
242. }
243. return r;
244. }
245.  
246. function getRandomAmtPass() {
247. return "@1Aa" + xxRandomNonce(16);
248. }
249.  
250.  
251.  
252.  
253. // EXTRA STUFF
254.  
255. // Returns true if Intel AMT needs to be updated
256. function checkAmtVersion(version) {
257. var vSplit = version.split('.');
258. var v1 = parseInt(vSplit[0]);
259. var v2 = parseInt(vSplit[1]);
260. var v3 = parseInt(vSplit[2]);
261. var vx = ((v2 * 1000) + v3);
262. var ok = 0;
263.  
264. if ((v1 <= 5) || (v1 >= 12)) {
265. ok = 1;
266. } // Intel AMT less then v5 and v12 and beyond, all ok.
267. else if ((v1 == 6) && (vx >= 2061)) {
268. ok = 1;
269. } // 1st Gen Core
270. else if ((v1 == 7) && (vx >= 1091)) {
271. ok = 1;
272. } // 2st Gen Core
273. else if ((v1 == 8) && (vx >= 1071)) {
274. ok = 1;
275. } // 3st Gen Core
276. else if ((v1 == 9)) {
277. if ((v2 < 5) && (vx >= 1041)) {
278. ok = 1;
279. } else if (vx >= 5061) {
280. ok = 1;
281. }
282. } // 4st Gen Core
283. else if ((v1 == 10) && (vx >= 55)) {
284. ok = 1;
285. } // 5st Gen Core
286. else if (v1 == 11) {
287. if ((v2 < 5) && (vx >= 25)) {
288. ok = 1;
289. } // 6st Gen Core
290. else if (vx >= 6027) {
291. ok = 1;
292. } // 7st Gen Core
293. }
294. return (ok == 0);
295. }
296.  
297. function getAmtInfo() {
298. amtstack.BatchEnum("", ["CIM_SoftwareIdentity", "*AMT_SetupAndConfigurationService"], processSystemVersion); // Get Intel AMT version information and plenty more
299. }
300.  
301. function processSystemVersion(stack, name, responses, status) {
302. if (status == 200) {
303. var amtlogicalelements = [];
304. if (responses != null) {
305. if (responses["CIM_SoftwareIdentity"] != null && responses["CIM_SoftwareIdentity"].responses != null) {
306. amtlogicalelements = responses["CIM_SoftwareIdentity"].responses;
307. if (responses["AMT_SetupAndConfigurationService"] != null && responses["AMT_SetupAndConfigurationService"].response != null) {
308. amtlogicalelements.push(responses["AMT_SetupAndConfigurationService"].response);
309. }
310. }
311. }
312. if (amtlogicalelements.length == 0) {
313. disconnect();
314. return;
315. } // Could not get Intel AMT version, disconnect();
316. var v = getInstance(amtlogicalelements, "AMT")["VersionString"];
317. var amtversion = parseInt(v.split('.')[0]);
318. var amtversionmin = parseInt(v.split('.')[1]);
319.  
320. var updateRequired = checkAmtVersion(v);
321. debug("Intel&reg; AMT version: " + v + ", update required: " + updateRequired);
322. }
323. }
324. </script>
325. </body>
326.  
327. </html>