Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: Exploiting Windows Memory via Firewire

  1. #1
    Member
    Join Date
    Aug 2007
    Posts
    468

    Default Exploiting Windows Memory via Firewire


    A security consultant based in New Zealand has released a tool that can unlock Windows computers in seconds without the need for a password.

    Boileau, a consultant with Immunity Inc., said he did not release the tool publicly in 2006 because "Microsoft was a little cagey about exactly whether Firewire memory access was a real security issue or not and we didn't want to cause any real trouble".

    But now that a couple of years have passed and the issue has not resolved, Boileau decided to release the tool on his website.

    To use the tool, hackers must connect a Linux-based computer to a Firewire port on the target machine. The machine is then tricked into allowing the attacking computer to have read and write access to its memory.

    With full access to the memory, the tool can then modify Windows' password protection code, which is stored there, and render it ineffective.
    Blog Spam:

    http://www.theage.com.au/news/securi...402423638.html

    Direct Link {But getting hammered at the moment}: If you google the below link it should be cached

    http://storm.net.nz/projects/16

  2. #2
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    I saw that on a security RSS feed this morning. While it could be a problem, I doubt it's going to be too widely spread. Since you need physical access to the machine. I think the USB Switchblade is a bigger problem than going in via firewire. Best advice is of course, turn off any ports that you're not currently using. I have FW on my laptop, never used it once.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  3. #3
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default

    Windows does firewire??!! I haven't read the article yet, but I saw something like this a few years back. They were using custom applications on an iPod running linux. It would unlock the screen saver password on Macs. Was pretty nifty.
    Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69

  4. #4
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by Barry View Post
    Windows does firewire??!! I haven't read the article yet, but I saw something like this a few years back. They were using custom applications on an iPod running linux. It would unlock the screen saver password on Macs. Was pretty nifty.
    Sure Windows does Firewire, is there anything that Windows can't do?

    I have it, never have used it, but it's there, just in case, much like the heavily used SPDIF port, that's right beside it.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  5. #5
    Member
    Join Date
    Aug 2007
    Posts
    468

    Default

    It was first announced two years ago but the created did not release the code, but since they've have two years and still have not patched it he released the source code.

    Quote Originally Posted by Barry View Post
    Windows does firewire??!! I haven't read the article yet, but I saw something like this a few years back. They were using custom applications on an iPod running linux. It would unlock the screen saver password on Macs. Was pretty nifty.

  6. #6
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by BOFH139 View Post
    It was first announced two years ago but the created did not release the code, but since they've have two years and still have not patched it he released the source code.
    Technically, it's not a bug, and the same thing can be exploited on Linux and OSX, because it's the way firewire communicates with the system. Since Firewire has direct DMA access it of course is going to have direct access to the memory.

    Chances, the fix is not an MS issue, but a driver issue by the suppliers of the Firewire chipsets, as the Driver is what would have direct control of Memory access.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  7. #7
    Member
    Join Date
    Mar 2007
    Posts
    204

    Default

    Something similar to this, a friend of mine wrote a small program to enable the ATL+CTRL+DEL keypress in windows95/98, which then we put as an autorun onto a CD, put it in the drive, ALT+CTRL+DEL then just End Task on the screen saver!

    Very crude, but effective against passworded screen savers

    Cool idea.

  8. #8
    Member ColForbin's Avatar
    Join Date
    Jan 2010
    Posts
    93

    Default Something along the same lines.

    This showed up in the Engadget feed this morning:

    hxxp://mcgrewsecurity.com/projects/msramdmp/

    It utilizes the same cold boot attacks on encryption some folks at Princeton have been studying.

    hxxp://citp.princeton.edu/memory/
    "Whatever happened to playing a hunch, Scully? The element of surprise, random acts of unpredictability? If we fail to anticipate the unforeseen or expect the unexpected in a universe of infinite possibilities, we may find ourselves at the mercy of anyone or anything that cannot be programmed, categorized or easily referenced."

  9. #9
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default

    Quote Originally Posted by streaker69 View Post
    Sure Windows does Firewire, is there anything that Windows can't do?

    I have it, never have used it, but it's there, just in case, much like the heavily used SPDIF port, that's right beside it.
    I'm not even going to go there. I use them both on my laptop all the time. Firewire for drives and digital video, and the spdif connector for attaching my laptop to my sound system. I think I only have one component that's not optical for sound in my system. Stupid old VCR, I tried so hard to lose the vhs tapes in the move, but she found them. There should be a law, if it's on vhs, it should be on dvd.
    Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69

  10. #10
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by Barry View Post
    I'm not even going to go there. I use them both on my laptop all the time. Firewire for drives and digital video, and the spdif connector for attaching my laptop to my sound system. I think I only have one component that's not optical for sound in my system. Stupid old VCR, I tried so hard to lose the vhs tapes in the move, but she found them. There should be a law, if it's on vhs, it should be on dvd.
    You're right, I haven't found Penn & Teller Get Killed on DVD yet, but I do think they released Strange Brew.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •