Inception - Attacking FireWire Devices
Inception is a FireWire physical memory manipulation and hacking tool
exploiting IEEE 1394 SBP-2 DMA. The tool can unlock (any password accepted)
and escalate privileges to Administrator/root on almost* any powered on
machine you have physical access to. The tool can attack over FireWire,
Thunderbolt, ExpressCard, PC Card and any other PCI/PCIe interfaces.
Inception aims to provide a stable and easy way of performing intrusive and
non-intrusive memory hacks in order to unlock live computers using FireWire
SBP-2 DMA. It it primarily attended to do its magic against computers that
utilize full disk encryption such as BitLocker, FileVault, TrueCrypt or
Pointsec. There are plenty of other (and better) ways to hack a machine that
doesn't pack encryption.
As of version 0.3.5, it is able to unlock the following x86 and x64 operating
systems:
| OS | Version | Unlock lock screen | Escalate privileges | Dump memory < 4 GiB |
|---|---|---|---|---|
| Windows 8 | 8.1 | Yes | Yes | Yes |
| Windows 8 | 8.0 | Yes | Yes | Yes |
| Windows 7 | SP1 | Yes | Yes | Yes |
| Windows 7 | SP0 | Yes | Yes | Yes |
| Windows Vista | SP2 | Yes | Yes | Yes |
| Windows Vista | SP1 | Yes | Yes | Yes |
| Windows Vista | SP0 | Yes | Yes | Yes |
| Windows XP | SP3 | Yes | Yes | Yes |
| Windows XP | SP2 | Yes | Yes | Yes |
| Windows XP | SP1 | Yes | ||
| Windows XP | SP0 | Yes | ||
| Mac OS X | Mavericks | Yes (1) | Yes (1) | Yes (1) |
| Mac OS X | Mountain Lion | Yes (1) | Yes (1) | Yes (1) |
| Mac OS X | Lion | Yes (1) | Yes (1) | Yes (1) |
| Mac OS X | Snow Leopard | Yes | Yes | Yes |
| Mac OS X | Leopard | Yes | ||
| Ubuntu (2) | Saucy | Yes | Yes | Yes |
| Ubuntu | Raring | Yes | Yes | Yes |
| Ubuntu | Quantal | Yes | Yes | Yes |
| Ubuntu | Precise | Yes | Yes | Yes |
| Ubuntu | Oneiric | Yes | Yes | Yes |
| Ubuntu | Natty | Yes | Yes | Yes |
| Ubuntu | Maverick | Yes (3) | Yes (3) | Yes |
| Ubuntu | Lucid | Yes (3) | Yes (3) | Yes |
| Linux Mint | 13 | Yes | Yes | Yes |
| Linux Mint | 12 | Yes | Yes | Yes |
| Linux Mint | 12 | Yes | Yes | Yes |
(1): If FileVault 2 is enabled, the tool will only work when the operating
system is unlocked.
(2): Other Linux distributions that use PAM-based authentication may also work
using the Ubuntu signatures.
(3): x86 only.
The tool also effectively enables escalation of privileges, for instance via
the
runas or sudo -s commands, respectively. More signatures will be added.
The tool makes use of the libforensic1394 library courtesy of Freddie Witherden
under a LGPL license.
Inception - Attacking FireWire Devices
Reviewed by Zion3R
on
2:05 PM
Rating:
Reviewed by Zion3R
on
2:05 PM
Rating:
