The Inception Tool: “Planting the Idea Into the Memory of the Machine That Every Password is Correct”

Côte Basque: Route de la Corniche by J. Martin

the one and twenty

Most late postmodernity-flavored exploitation tool ever.

Over at Break & Enter, Carsten Maartmann-Moe introduces you to the “Inception” tool for breaking into a suspended or screen-locked computer system with full disk encryption:

Inception’s main mode works as follows: By presenting a Serial Bus Protocol 2 (SBP-2) unit directory to the victim machine over the IEEE1394 FireWire interface, the victim operating system thinks that a SBP-2 device has connected to the FireWire port. Since SBP-2 devices utilize Direct Memory Access (DMA) for fast, large bulk data transfers (e.g., FireWire hard drives and digital camcorders), the victim lowers its shields and enables DMA for the device. The tool now has full read/write access to the lower 4GB of RAM on the victim. Once DMA is granted, the tool proceeds to search through available memory pages for signatures at certain offsets in the operating system’s password authentication modules. Once found, the tool short circuits the code that is triggered if an incorrect password is entered.

An analogy for this operation is planting an idea into the memory of the machine; the idea that every password is correct. In other words, the nerdy equivalent of a memory inception.

Also, it’s stealthy. The tool is non-persistent, and rebooting the machine restores normal password functionality.

Best of all: Inception doesn’t even need an IIEE1394 port. It’s outright uncanny.

  • Share/Bookmark

Feel free to comment (if still open), or join the conversation on Facebook, on Google+, and on Twitter!

Filed under: gadgetry, temes & transitions

Leave a Response

By submitting your comment you agree to the comment and data policy terms. | Voraussetzung für das Absenden eines Kommentars ist die Kenntnis von Kommentarpolitik und Datenschutzhinweisen sowie das Einverständnis zur automatischen Speicherung von E-Mail-Adresse und aktueller IP-Nummer.