Inception - gain root on any machine you have physical access to

12

Inception - gain root on any machine you have physical access to ☶ linux mac security windows breaknenter.org
via phinze 5 years ago | cached | 5 comments

5

“Inception aims to provide a stable and easy way of performing intrusive and non-intrusive memory hacks on live computers using FireWire SBP-2 DMA. It is primarily intended to do its magic against computers that utilize full disk encryption such as BitLocker, FileVault, TrueCrypt or Pointsec.”

3

wilkie edited 5 years ago | link

Ah! Clever! Using something like an IO-MMU (Intel VT-D, AMD-Vi) would probably solve this little problem. The IO-MMU is a virtual address translator for DMA, so you can enforce that the device can only read and write certain pages in memory, not any of them. The idea is that this would help manage virtualized devices and allow them to use some form of DMA with a hypervisor, but, I find the virtualization argument for it rather short-sighted. We can use it to better secure a general-purpose, single-instance, mostly-single-user OS too!
2

phinze 5 years ago | link

As I read it – this means that if your computer is on, your full disk encryption is useless against this tool? Seems incredibly scary.
1. 6
  
  jcs 5 years ago | link
  
  Except on OS X, where enabling full disk encryption automatically disables DMA for firewire/thunderbolt.
  
  Caveats
  
  OS X Lion disables DMA when the user is logged out/screen is locked and FileVault is enabled. Attacking will only work while the user is logged in, or if user switching is enabled.
  
  If you have a OF/EFI firmware password set on the target Mac OS X, FireWire DMA is off by default.
2

jphpsf 5 years ago | link

Well, just need to find a FireWire cable and test :) Kind of want to see this thing with my own eyes :)
1. 1
  
  phinze 5 years ago | link
  
  Would love to see a demo if you end up doing this.