a writer's blog

The Inception Tool: “Planting the Idea Into the Memory of the Machine That Every Password is Correct”

Côte Basque: Route de la Corniche by J. Martin

the one and twenty

Most late postmodernity-flavored exploitation tool ever.

Over at Break & Enter, Carsten Maartmann-Moe introduces you to the “Inception” tool for breaking into a suspended or screen-locked computer system with full disk encryption:

Inception’s main mode works as follows: By presenting a Serial Bus Protocol 2 (SBP-2) unit directory to the victim machine over the IEEE1394 FireWire interface, the victim operating system thinks that a SBP-2 device has connected to the FireWire port. Since SBP-2 devices utilize Direct Memory Access (DMA) for fast, large bulk data transfers (e.g., FireWire hard drives and digital camcorders), the victim lowers its shields and enables DMA for the device. The tool now has full read/write access to the lower 4GB of RAM on the victim. Once DMA is granted, the tool proceeds to search through available memory pages for signatures at certain offsets in the operating system’s password authentication modules. Once found, the tool short circuits the code that is triggered if an incorrect password is entered.

An analogy for this operation is planting an idea into the memory of the machine; the idea that every password is correct. In other words, the nerdy equivalent of a memory inception.

Also, it’s stealthy. The tool is non-persistent, and rebooting the machine restores normal password functionality.

Best of all: Inception doesn’t even need an IIEE1394 port. It’s outright uncanny.


Tagged as: ,