My order of a mini PC from Aliexpress arrived. It’s an N150 GMKTec G3 Mini PC 2.5G LAN 16GB DDR4 256GB NVME SSD.
I didn’t bother ordering my own separate RAM or SSD to see what it would arrive with stock. Looks like Micron chips on the RAM but could be wrong, what can ye see?
Pics of device for reference:
It’s Micro chips on the RAM, or counterfeit logos. Often a good plan to order them bare bones and put in what you know, only issue is then you normally don’t get a Windows license.
If it has a Windows license, I’d probably pull the drive and store it somewhere, then add in my own drive.
Ya, was too lazy to buy separate and kind of wanted to see what would be supplied by default. If the current parts fail or have performance I’ll swap them out.
As for Windows 11 licence, I doubt it’s real anyway or not even activated maybe so I won’t worry about it. The machine will be Linux based by me anyway.
If they did it right, the windows key is embedded in the bios, but often steps are skipped.
In the BIOS though, really? I would imagine that the OS install has the key only, and that it’s tied to hardware for licencing purposes. Unless you are saying that Windows modifies the UEFI and stores it in there which I never heard of.
Some are programmed in the BIOS, I know HP does this on most of their products now. On the T740 it is the “feature flag”, you have ThinPro as one type of flag, Windows as another, and a third generic flag for no OS. These are encrypted in some form or another so that you can’t just pull the key out, probably hashing against the product code (build ID) or something as there are a few different build ID out there. On a freshly burned BIOS image, you can change these (at least on the T740) if you know what to enter. Made unlocking the BIOS on 5 of my T740 a learning experience.
I think these still need to be activated against MS servers, but mostly it seems to work.
Impossible to say what kind of chip is on there, all I can tell you is what you should already know from appearances. Its a DDR4 SO-DIMM format (meant for compact stuff like laptops).
The tricky bit about ordering stuff from China is you can’t tell if its legit goods or not sometimes. One of those reasons is that they are infamous for counterfeiting chips. I’ve posted here before about supply chain poisoning IIRC, this is one area they can get you.
They have all the necessary equipment to strip the laser printed/engraved info on the chips and put their own on top of it.
There are at least a few known instances of them making press releases like ‘Oh look we have made the fastest chip in the world, and we did it without help from the west’, further hands on inspection revealed the heat spreader had been removed and rebranded with some sus-stuff, in some cases even the micro-code identifying the chip was tampered with. They were actually just older slower versions of chips made by intel.
I own a min-pc from a company called BEE LINK (in China), it seems OK but I don’t own the windows copy thats on here. It shipped with a pre-install, likely a custom image they made for mass installation. There was no registration or anything when I booted it up.
I noticed it had a GPS chip on the WIFI/BT transceiver, and built in microphone. I had commented to them that these were interesting features but also had implications of making it easy to spy on someone. That didn’t belong integrated into a desktop PC in my opinion. Unsurprisingly that review never made it past their moderator, suggesting that the CCP may be or has the desire to spy on anyone is frowned upon.
Ya, I’ve often heard of the counterfeits and supply chain poisoning. I’m not sure what I will do with the hardware included but I’ll definitely be wiping everything before I start using it. I’ll be using Linux instead of Windows too.
Even if I replace the SSD and RAM even the UEFI could be compromised and the whole system is untrustworthy then.
I’m (probably) placing this device on the IoT VLAN also as it’s just for Home Assistant, and firewalling off what I need, so should be okay enough for my risk acceptance.
I haven’t yet heard of a UEFI or BIOS threat from these little machine, but in the OS, yes and there are videos about this subject.
Unfixable UEFI bios attacks did/do exist but I think that vulnerability may be patched now. It happened around 2023/2024. It was a rootkit that loaded a specially coded image into the protected boot area of the drive that had no crc function associated with it, upon reboot it loaded the image and the bios decoded it. Instantly and permanently root kitted at the bios level.
Some OEM’s were more affected than others, such as gigabyte.
