DNA Lounge update

DNA Lounge update, wherein we have a new sign.

Sauron's Nipples

Previously, previously.

Tags: , , ,

Today in Echidna News

Previously, previously.

Tags: , , ,

Bypass full-disk encryption and passwords on any powered-on computer via Firewire.

Inception is a FireWire physical memory manipulation and hacking tool exploiting IEEE 1394 SBP-2 DMA.

The tool can unlock (any password accepted) and escalate privileges to Administrator/root on almost* any machine you have physical access to. [...] It is primarily intended to do its magic against computers that utilize full disk encryption such as BitLocker, FileVault, TrueCrypt or Pointsec. [...]

Inception's main mode works as follows: By presenting a Serial Bus Protocol 2 (SBP-2) unit directory to the victim machine over the IEEE1394 FireWire interface, the victim operating system thinks that a SBP-2 device has connected to the FireWire port. Since SBP-2 devices utilize Direct Memory Access (DMA) for fast, large bulk data transfers (e.g., FireWire hard drives and digital camcorders), the victim lowers its shields and enables DMA for the device. The tool now has full read/write access to the lower 4GB of RAM on the victim. Once DMA is granted, the tool proceeds to search through available memory pages for signatures at certain offsets in the operating system's password authentication modules. Once found, the tool short circuits the code that is triggered if an incorrect password is entered. [...]

The problem is old, but it is not entirely fixable with a driver update, a patch or a new OS version. The problem is in the Firewire specs. All OS vendors that want to include Firewire drivers that are OHCI compliant and works out of the box with SBP-2 devices are vulnerable in some degree. [...]

You can use any interface that expands the PCIe bus, for example PCMCIA, ExpressCards, the new Thunderbolt interface and perhaps SD/IO to hotplug a FireWire interface into the victim machine. The OS will install the necessary drivers on the fly, even when the machine is locked.

So that's, you know, bad.


Tags: , , , ,

SOMA Nature Walk

I chatted with the crane operator: he says this hole is going to be 80' deep, and the drill itself is 200' long. It's currently being disassembled in New York, and will be traveling here by boat, arriving some time in March.

Tags: , , ,

  • Previously