Inception - Attacking FireWire Devices

2014-05-30T18:05:00
ID KITPLOIT:2468035488300011059
Type kitploit
Reporter KitPloit
Modified 2014-05-30T18:05:00

Description

Inception is a FireWire physical memory manipulation and hacking tool exploiting IEEE 1394 SBP-2 DMA. The tool can unlock (any password accepted) and escalate privileges to Administrator/root on almost* any powered on machine you have physical access to. The tool can attack over FireWire, Thunderbolt, ExpressCard, PC Card and any other PCI/PCIe interfaces.

Inception aims to provide a stable and easy way of performing intrusive and non-intrusive memory hacks in order to unlock live computers using FireWire SBP-2 DMA. It it primarily attended to do its magic against computers that utilize full disk encryption such as BitLocker, FileVault, TrueCrypt or Pointsec. There are plenty of other (and better) ways to hack a machine that doesn't pack encryption.

As of version 0.3.5, it is able to unlock the following x86 and x64 operating systems:

OS | Version | Unlock lock screen | Escalate privileges | Dump memory < 4 GiB
---|---|---|---|---
Windows 8 | 8.1 | Yes | Yes | Yes
Windows 8 | 8.0 | Yes | Yes | Yes
Windows 7 | SP1 | Yes | Yes | Yes
Windows 7 | SP0 | Yes | Yes | Yes
Windows Vista | SP2 | Yes | Yes | Yes
Windows Vista | SP1 | Yes | Yes | Yes
Windows Vista | SP0 | Yes | Yes | Yes
Windows XP | SP3 | Yes | Yes | Yes
Windows XP | SP2 | Yes | Yes | Yes
Windows XP | SP1 | | | Yes
Windows XP | SP0 | | | Yes
Mac OS X | Mavericks | Yes (1) | Yes (1) | Yes (1)
Mac OS X | Mountain Lion | Yes (1) | Yes (1) | Yes (1)
Mac OS X | Lion | Yes (1) | Yes (1) | Yes (1)
Mac OS X | Snow Leopard | Yes | Yes | Yes
Mac OS X | Leopard | | | Yes
Ubuntu (2) | Saucy | Yes | Yes | Yes
Ubuntu | Raring | Yes | Yes | Yes
Ubuntu | Quantal | Yes | Yes | Yes
Ubuntu | Precise | Yes | Yes | Yes
Ubuntu | Oneiric | Yes | Yes | Yes
Ubuntu | Natty | Yes | Yes | Yes
Ubuntu | Maverick | Yes (3) | Yes (3) | Yes
Ubuntu | Lucid | Yes (3) | Yes (3) | Yes
Linux Mint | 13 | Yes | Yes | Yes
Linux Mint | 12 | Yes | Yes | Yes
Linux Mint | 12 | Yes | Yes | Yes

(1): If FileVault 2 is enabled, the tool will only work when the operating system is unlocked. (2): Other Linux distributions that use PAM-based authentication may also work using the Ubuntu signatures. (3): x86 only.

The tool also effectively enables escalation of privileges, for instance via the runas or sudo -s commands, respectively. More signatures will be added. The tool makes use of the libforensic1394 library courtesy of Freddie Witherden under a LGPL license.

Download Inception