Removing McAfee Endpoint Encryption

[Cyran]

Found a thrown away HP Elitebook at work with McAfee endpoint encryption and its impossible for me to gain access to it or install a fresh OS.
1. I've removed the harddrive, docked it, deleted volume and formated it successfully.
2. Did this http://www.instructables.com/id/Install-Windows-7-without-USB-or-DVD-without-upgra/

Reason for doing 2, is because I cant boot with CD/DVD. It only finds harddrive and ethernet in boot menu. I cant even get access to BIOS because it's password protected.

What boggles my mind is how the McAffe Endpoint encryption can still survive after the format.. Seems to me that it nested itself somewhere else and not in the hard-drive so that what I'm trying to do wont be possible.
What do you guys think?

[0E 800]

This might be your lucky day. What model elitebook do you have?

BTW - have you tried this?

https://evilzone.org/hacking-and-security/hp-probooks/msg92742/#msg92742

[Cyran]

This might be your lucky day. What model elitebook do you have?

BTW - have you tried this?

https://evilzone.org/hacking-and-security/hp-probooks/msg92742/#msg92742

It's a 8570p. Sadly what's suggested in the link doesn't work. Takes me straight to the BIOS Login where I have to enter password. Even if I where to remove the CMOS battery under the keyboard theres no guarantee that it would work from what I've read recently... Not to mention the trouble of just removing that battery..

[0E 800]

Review:
http://bios-pw.org/
http://mazzifsoftware.blogspot.com/2014/01/hp-bios-unlock-for-dos.html
https://www.youtube.com/watch?v=VHRcCRi4KZY

D/L:
http://www.mediafire.com/download/7uaxht01pt7jh57/HPBR.rar

Use Win32 Disk Imager to extract img to usb
http://sourceforge.net/projects/win32diskimager/

If you are unable to boot from the usb, try running HP BIOS Unlock from within windows.


Found someone poo-pooing the tool but the info is valid.

03-09-2015 01:16 AM
FYI: Mazzif’s "program" is basically a hex editor combined with illegally reverse engineered HP Restricted Secret Technology.  This is extreamly obvious in this older versions where he was too lazy to even hex out the "HP Restricted" text in some of the tools.
 
Don't believe me?  Download "his" tools and look in the hidden "bin" folder, then run the binary (which was made by HP) that matches your notebook model.  You'll get a message stating the UUID is incorrect and that it can't be used on that machine.  Then run his tool and you will notice it copies the file you just ran to a different location,  makes an WMI call enumerating the UUID, then hex edits your UUID into the copy of the binary, thus replacing the original.  Then his tool executes the newly updated binary, supressing the output of the HP Tool and the BIOS gets reset.
 
He must work in a computer repair shop or in an IT department or something which gives him access to call HP support officially to reset the BIOS using the official HP tools. Then he turns around, slaps them into "his" own tools and proceeds to commit Interstate Wire Fraud (along with a numerous other charges) by charging people $25 to reset the BIOS in the laptop that people "found", stole,  had the misfortune to unknownly purchase a "found" or stolen laptop,  or the remaining .05% of the laptop owners who actually purchased the laptop's new, set a password, and forgot it... all with tools and technology he stole from HP.
 
 
-Leiptr

Also worth reviewing:
http://dogber1.blogspot.com/2009/05/table-of-reverse-engineered-bios.html
http://superuser.com/questions/896305/is-it-possible-to-re-install-an-operating-system-over-an-encrypted-system

[gray-fox]

2. Did this http://www.instructables.com/id/Install-Windows-7-without-USB-or-DVD-without-upgra/

How and when was the point you hit the wall when doing this. Somewhere in booting from the drive I guess, but what actually happend, error messages or something?

Edit:

But anyways I think it has something to do in the way you formated that hard drive. Some sort of quick format? If so then e.g. MBR is still untouched AFAIK. Maybe reading this will help you understand what's going on: https://wiki.archlinux.org/index.php/Dual_boot_with_Windows_when_SafeBoot_is_installed

Or read this atleast(safeboot is old name of mcafee eep):

The situation of a fully encrypted system is a difficult one because even the MBR is encrypted and SafeBoot uses its encrypted bootloader to load the real partition table and load Windows. Thus, if one attempts to simply partition the disk with [c]fdisk, writing the partition table will render one's system unbootable. Likewise, even if there is a free partition, a) one isn't able to update the partition table with the correct type (which is necessary), b) one can't install the bootloader (e.g. grub) to the MBR, and c) even if one installs the bootloader to the partition instead of the MBR, there is no way to make the system aware that such a bootloader exists via the partition table. It is quite a difficult situation to work with.

[Cyran]

Review:
http://bios-pw.org/
http://mazzifsoftware.blogspot.com/2014/01/hp-bios-unlock-for-dos.html
https://www.youtube.com/watch?v=VHRcCRi4KZY

D/L:
http://www.mediafire.com/download/7uaxht01pt7jh57/HPBR.rar
.....

Thing is I cant boot from USB. The option doesn't exist in boot menu, only hard-drive and Ethernet. And I cant unlock it in windows because I don't know the account password. I could never imagine it would be this hard..

I can only see maybe removing the CMOS battery would do the trick, but its no guarantee. Sadly I dont have the expertise to do that myself, never done it on a laptop.

How and when was the point you hit the wall when doing this. Somewhere in booting from the drive I guess, but what actually happend, error messages or something?

Edit:

But anyways I think it has something to do in the way you formated that hard drive. Quick format? If so then e.g. MBR is still untouched. Maybe reading this will help you: https://wiki.archlinux.org/index.php/Dual_boot_with_Windows_when_SafeBoot_is_installed

Or read this atleast(safeboot is old name of mcafee eep):

I got through all steps in the guide, except maybe for the last one. It passed but I got some message telling me that something was locked or denied I'm not sure. But the problem is that the encryption seems to be located in UEFI so it doesn't matter that I formated the drive. Quick format or something else it will still not erase the encryption. As soon as I booted with the formated drive containing the bootable windows 7 the McAffe background screen showed up asking me for the password.
EDIT: To answer your question I did use quick format.
EDIT2: I'm probably talking gibberish because I'm no expert, its just what I think. What your telling me is probably correct but this is all rather new to me, I'm overwhelmed atm.

Staff Edit: Do not double post

[0E 800]

I would suggest installing Win7/8/10 from over the network:

Review:
http://www.rmprepusb.com/tutorials/serva

You are not doing a correct format. You will need use diskpart:
http://www.pronetworks.org/forums/using-diskpart-on-the-windows-7-dvd-t112571.html

BTW- taking out the CMOS battery will not help you  for this model.

Review:
https://forums.hak5.org/index.php?/topic/31526-hp-probookelitebook-bios-password-reset-utility/

[LOCKED BOOT ORDER]
If your BIOS has a locked set boot order, and will only boot to HDD,
you need to take a laptop sata drive and use an external adapter and
make it dos bootable on another host machine also placing the files
on this drive, then replace the internal hdd with your created dos
boot-able HDD. Powering on the machine will boot to the dos
environment. Using DOS commands, navigate to your files and
execute them following directions on screen. BIOS will be free of
passwords, TPM will be cleared.

[Darkvision]

Thing is I cant boot from USB. The option doesn't exist in boot menu, only hard-drive and Ethernet. And I cant unlock it in windows because I don't know the account password. I could never imagine it would be this hard..

I can only see maybe removing the CMOS battery would do the trick, but its no guarantee. Sadly I dont have the expertise for that, never done it on a laptop.

Heh i remember when i popped my laptop cherry. Felt soo goood man. Anyway if you are that scared(no reason you should be, but meh) then just search on youtube for your make/model and a take apart video and follow it along.

[gray-fox]

EDIT: To answer your question I did use quick format.

Then I think the same think applies even if it's uefi machine.  GPT actually stores boot data in multiple places on drive unlike the MBR would and the EPP has propably encrypted all that, so  it's even more likely to give you trouble if you don't correctly wipe the drive and that way get rid of EEP's bootloader.

So just do as OE 800 suggested and use diskpart.

@OE 800 . Not sure if you meant those instructions in that diskpart link to be used in this case, but wouldn't those most likely just left the same issues as it's instructing only to do quick format once again and then to create new primary partition in unallocated space.  Don't have much experience on diskpart myself, but isn't it needed to use "clean" or even "clean all" in this case?

[Riddler]

I am facing nearly identical issues on a nearly identical HP.

i have used the 'bios hack' instructions from the 'this is your lucky day' post, which worked like a charm [ the windows-key + up and down arrow and on/off button, then F10 slamming]

however, this is all very informative and great educational as i've now learned how to bypass BIOS security, remove fingerprint identification, but i have yet to find the step regarding Mcafee Endpoint Encryption removal.

it simply comes back up every time [password token].

and i have no clue bypassing it/removing it.

did any method find success that i can't find [yet]?