

Inception, a FireWire physical memory manipulation and hacking tool - jmgrosen
http://www.breaknenter.org/projects/inception/

======
miles
For Mac users, setting an Open Firmware/EFI password[1] will prevent this
exploit from working. On newer models, OF/EFI passwords can no longer be reset
by swapping out RAM modules[2], though Apple and authorized service providers
apparently have a tool to reset them[3].

Of course, if the machine had to be rebooted or turned off as part of the
OF/EFI password reset, the sought-after encryption keys would be lost anyway
(barring a cold boot attack[4]).

[1] [http://www.macinstruct.com/node/507](http://www.macinstruct.com/node/507)

[2]
[http://tinyapps.org/blog/mac/200605110700_open_firmware_pass...](http://tinyapps.org/blog/mac/200605110700_open_firmware_password_hack.html)

[3]
[http://support.apple.com/kb/TS3554?viewlocale=en_US&locale=e...](http://support.apple.com/kb/TS3554?viewlocale=en_US&locale=en_US)

[4]
[http://en.wikipedia.org/wiki/Cold_boot_attack](http://en.wikipedia.org/wiki/Cold_boot_attack)

EDIT: The Inception page links to a method for disabling firewire DMA without
a firmware password: [http://ilostmynotes.blogspot.com/2012/01/os-x-open-
firmware-...](http://ilostmynotes.blogspot.com/2012/01/os-x-open-firmware-
settings-use-nvram.html)

