Inception - Attacking FireWire Devices
Inception is a FireWire physical memory manipulation and hacking tool exploiting IEEE 1394 SBP-2 DMA. The tool can unlock (any password accepted) and escalate privileges to Administrator/root on almost* any powered on machine you have physical access to. The tool can attack over FireWire, Thunderbolt, ExpressCard, PC Card and any other PCI/PCIe interfaces.
Inception aims to provide a stable and easy way of performing intrusive and non-intrusive memory hacks in order to unlock live computers using FireWire SBP-2 DMA. It it primarily attended to do its magic against computers that utilize full disk encryption such as BitLocker, FileVault, TrueCrypt or Pointsec. There are plenty of other (and better) ways to hack a machine that doesn't pack encryption.
As of version 0.3.5, it is able to unlock the following x86 and x64 operating systems:
| OS | Version | Unlock lock screen | Escalate privileges | Dump memory < 4 GiB |
|---|---|---|---|---|
| Windows 8 | 8.1 | Yes | Yes | Yes |
| Windows 8 | 8.0 | Yes | Yes | Yes |
| Windows 7 | SP1 | Yes | Yes | Yes |
| Windows 7 | SP0 | Yes | Yes | Yes |
| Windows Vista | SP2 | Yes | Yes | Yes |
| Windows Vista | SP1 | Yes | Yes | Yes |
| Windows Vista | SP0 | Yes | Yes | Yes |
| Windows XP | SP3 | Yes | Yes | Yes |
| Windows XP | SP2 | Yes | Yes | Yes |
| Windows XP | SP1 | Yes | ||
| Windows XP | SP0 | Yes | ||
| Mac OS X | Mavericks | Yes (1) | Yes (1) | Yes (1) |
| Mac OS X | Mountain Lion | Yes (1) | Yes (1) | Yes (1) |
| Mac OS X | Lion | Yes (1) | Yes (1) | Yes (1) |
| Mac OS X | Snow Leopard | Yes | Yes | Yes |
| Mac OS X | Leopard | Yes | ||
| Ubuntu (2) | Saucy | Yes | Yes | Yes |
| Ubuntu | Raring | Yes | Yes | Yes |
| Ubuntu | Quantal | Yes | Yes | Yes |
| Ubuntu | Precise | Yes | Yes | Yes |
| Ubuntu | Oneiric | Yes | Yes | Yes |
| Ubuntu | Natty | Yes | Yes | Yes |
| Ubuntu | Maverick | Yes (3) | Yes (3) | Yes |
| Ubuntu | Lucid | Yes (3) | Yes (3) | Yes |
| Linux Mint | 13 | Yes | Yes | Yes |
| Linux Mint | 12 | Yes | Yes | Yes |
| Linux Mint | 12 | Yes | Yes | Yes |
(1): If FileVault 2 is enabled, the tool will only work when the operating system is unlocked. (2): Other Linux distributions that use PAM-based authentication may also work using the Ubuntu signatures. (3): x86 only.
The tool also effectively enables escalation of privileges, for instance via the
runas or sudo -s commands, respectively. More signatures will be added. The tool makes use of the libforensic1394 library courtesy of Freddie Witherden under a LGPL license.