

Inception: firewire password bypass for Windows, OSX and Ubuntu login - casca
http://www.breaknenter.org/projects/inception/

======
mkelley
I'm not a security expert... but I'd love to hear from one about this. I know
the old rule about physical access means your computer is pretty much 0wned
already, but this seems to make it phenomenally easy.... especially
considering this statement:

As of version 0.2.0, it is able to unlock Windows 8 SP0, Windows 7 SP0-1,
Vista SP0 and SP2, Windows XP SP2-3, Mac OS X Snow Leopard, Lion and Mountain
Lion, Ubuntu 11.04, 11.10 and 12.04 x86 and x64-bit machines. Signatures are
added by request. <\--- Basically these are the OS's we've done so far, many
more to come!

tl; dr; Can we get a security wizard's input on this tool?

~~~
georgemcbay
I'm not a security wizard but I do follow security technology enough to know
that this is not a wholly new attack. See, for example (from 2006):

[http://eh2008.koeln.ccc.de/fahrplan/attachments/1068_SEAT139...](http://eh2008.koeln.ccc.de/fahrplan/attachments/1068_SEAT1394-svn-r432-slides.pdf)

This is not a Firewire specific thing either, even much newer versions of
these types of DMA access channels (like Thunderbolt) suffer from the same
problems in most implementations.

While this isn't a new thing, having an easily available all-in-one tool like
this (assuming it works, I haven't tested it personally) is a bit of a
"Firesheep" moment in that it could bring what was always possible but kind of
geeky-hard to the masses in one easy to use tool, which could wreak a lot of
havoc.

------
phazmatis
Ever since the PS3 was hacked with a USB device causing a buffer overflow in
the USB driver, I've been wondering how long it would be before someone
discovered PCs were vulnerable to something similar. This just goes to show
that security experts need to be involved in more aspects of hardware design.

------
SageRaven
Just a new form of the firewire DMA attack, right?

------
csense
Would it be possible to modify the kernel and critical apps to load at
addresses outside the 4GB window on AMD64 if you have enough memory?

~~~
dsl
If you could find an executable page under 4 GB, you could write a program to
it that would make the modification above the 4 GB boundary for you.

