Inception - Attacking FireWire Devices
Inception is a FireWire physical memory manipulation and hacking tool exploiting IEEE 1394 SBP-2 DMA. The tool can unlock (any password accepted) and escalate privileges to Administrator/root on almost* any powered on machine you have physical access to. The tool can attack over FireWire, Thunderbolt, ExpressCard, PC Card and any other PCI/PCIe interfaces.
Inception aims to provide a stable and easy way of performing intrusive and non-intrusive memory hacks in order to unlock live computers using FireWire SBP-2 DMA. It it primarily attended to do its magic against computers that utilize full disk encryption such as BitLocker, FileVault, TrueCrypt or Pointsec. There are plenty of other (and better) ways to hack a machine that doesn't pack encryption.
As of version 0.3.5, it is able to unlock the following x86 and x64 operating systems:
OS | Version | Unlock lock screen | Escalate privileges | Dump memory < 4 GiB |
---|---|---|---|---|
Windows 8 | 8.1 | Yes | Yes | Yes |
Windows 8 | 8.0 | Yes | Yes | Yes |
Windows 7 | SP1 | Yes | Yes | Yes |
Windows 7 | SP0 | Yes | Yes | Yes |
Windows Vista | SP2 | Yes | Yes | Yes |
Windows Vista | SP1 | Yes | Yes | Yes |
Windows Vista | SP0 | Yes | Yes | Yes |
Windows XP | SP3 | Yes | Yes | Yes |
Windows XP | SP2 | Yes | Yes | Yes |
Windows XP | SP1 | Yes | ||
Windows XP | SP0 | Yes | ||
Mac OS X | Mavericks | Yes (1) | Yes (1) | Yes (1) |
Mac OS X | Mountain Lion | Yes (1) | Yes (1) | Yes (1) |
Mac OS X | Lion | Yes (1) | Yes (1) | Yes (1) |
Mac OS X | Snow Leopard | Yes | Yes | Yes |
Mac OS X | Leopard | Yes | ||
Ubuntu (2) | Saucy | Yes | Yes | Yes |
Ubuntu | Raring | Yes | Yes | Yes |
Ubuntu | Quantal | Yes | Yes | Yes |
Ubuntu | Precise | Yes | Yes | Yes |
Ubuntu | Oneiric | Yes | Yes | Yes |
Ubuntu | Natty | Yes | Yes | Yes |
Ubuntu | Maverick | Yes (3) | Yes (3) | Yes |
Ubuntu | Lucid | Yes (3) | Yes (3) | Yes |
Linux Mint | 13 | Yes | Yes | Yes |
Linux Mint | 12 | Yes | Yes | Yes |
Linux Mint | 12 | Yes | Yes | Yes |
(1): If FileVault 2 is enabled, the tool will only work when the operating system is unlocked. (2): Other Linux distributions that use PAM-based authentication may also work using the Ubuntu signatures. (3): x86 only.
The tool also effectively enables escalation of privileges, for instance via the
runas
or sudo -s
commands, respectively. More signatures will be added. The tool makes use of the libforensic1394
library courtesy of Freddie Witherden under a LGPL license.