Inception - Attacking FireWire Devices
Inception is a FireWire physical memory manipulation and hacking tool
exploiting IEEE 1394 SBP-2 DMA. The tool can unlock (any password accepted)
and escalate privileges to Administrator/root on almost* any powered on
machine you have physical access to. The tool can attack over FireWire,
Thunderbolt, ExpressCard, PC Card and any other PCI/PCIe interfaces.
Inception aims to provide a stable and easy way of performing intrusive and
non-intrusive memory hacks in order to unlock live computers using FireWire
SBP-2 DMA. It it primarily attended to do its magic against computers that
utilize full disk encryption such as BitLocker, FileVault, TrueCrypt or
Pointsec. There are plenty of other (and better) ways to hack a machine that
doesn't pack encryption.
As of version 0.3.5, it is able to unlock the following x86 and x64 operating
systems:
OS | Version | Unlock lock screen | Escalate privileges | Dump memory < 4 GiB |
---|---|---|---|---|
Windows 8 | 8.1 | Yes | Yes | Yes |
Windows 8 | 8.0 | Yes | Yes | Yes |
Windows 7 | SP1 | Yes | Yes | Yes |
Windows 7 | SP0 | Yes | Yes | Yes |
Windows Vista | SP2 | Yes | Yes | Yes |
Windows Vista | SP1 | Yes | Yes | Yes |
Windows Vista | SP0 | Yes | Yes | Yes |
Windows XP | SP3 | Yes | Yes | Yes |
Windows XP | SP2 | Yes | Yes | Yes |
Windows XP | SP1 | Yes | ||
Windows XP | SP0 | Yes | ||
Mac OS X | Mavericks | Yes (1) | Yes (1) | Yes (1) |
Mac OS X | Mountain Lion | Yes (1) | Yes (1) | Yes (1) |
Mac OS X | Lion | Yes (1) | Yes (1) | Yes (1) |
Mac OS X | Snow Leopard | Yes | Yes | Yes |
Mac OS X | Leopard | Yes | ||
Ubuntu (2) | Saucy | Yes | Yes | Yes |
Ubuntu | Raring | Yes | Yes | Yes |
Ubuntu | Quantal | Yes | Yes | Yes |
Ubuntu | Precise | Yes | Yes | Yes |
Ubuntu | Oneiric | Yes | Yes | Yes |
Ubuntu | Natty | Yes | Yes | Yes |
Ubuntu | Maverick | Yes (3) | Yes (3) | Yes |
Ubuntu | Lucid | Yes (3) | Yes (3) | Yes |
Linux Mint | 13 | Yes | Yes | Yes |
Linux Mint | 12 | Yes | Yes | Yes |
Linux Mint | 12 | Yes | Yes | Yes |
(1): If FileVault 2 is enabled, the tool will only work when the operating
system is unlocked.
(2): Other Linux distributions that use PAM-based authentication may also work
using the Ubuntu signatures.
(3): x86 only.
The tool also effectively enables escalation of privileges, for instance via
the
runas
or sudo -s
commands, respectively. More signatures will be added.
The tool makes use of the libforensic1394
library courtesy of Freddie Witherden
under a LGPL license.
Inception - Attacking FireWire Devices
Reviewed by Zion3R
on
2:05 PM
Rating: