Home Exploitation Tools Hackers Tools Pentest Tools FireWire Physical Memory Manipulation - Inception

FireWire Physical Memory Manipulation - Inception

By
Wednesday, February 10, 2016
Read
Add Comment

Inception is a FireWire physical memory manipulation and hacking tool exploiting IEEE 1394 SBP-2 DMA. The tool can unlock (any password accepted) and escalate privileges to Administrator/root on almost* any powered on machine you have physical access to. The tool can attack over FireWire, Thunderbolt, ExpressCard, PC Card and any other PCI/PCIe interfaces.





FireWire Physical Memory Manipulation

Inception aims to provide a stable and easy way of performing intrusive and non-intrusive memory hacks on live computers using FireWire SBP-2 DMA. It is primarily intended to do its magic against computers that utilize full disk encryption such as BitLocker, FileVault, TrueCrypt or Pointsec. There are plenty of other ways to hack a machine that doesn’t pack encryption. Inception is also useful for incident response teams and digital forensics experts when faced with live machines.


As of version 0.2.2, it is able to unlock Windows 8 SP0, Windows 7 SP0-1, Vista SP0 and SP2, Windows XP SP2-3, Mac OS X Snow Leopard, Lion and Mountain Lion, Ubuntu 11.04, 11.10, 12.04, 12.10, Linux Mint 11, 12 and 13 x86 and x64-bit machines. Signatures are added by request.




Requirements

Inception requires:

Hardware:

ºAttacker machine: Linux or Mac OS X (host / attacker machine) with a FireWire or Thunderbolt interface, or an ExpressCard/PCMCIA expansion port. Linux is currently recommended due to buggy firewire interfaces on OS X
ºVictim machine: A FireWire or Thunderbolt interface, or an ExpressCard/PCMCIA expansion port

Software:

ºPython 3
ºgit
ºgcc (incl. g++)
ºcmake
ºpip (for automatic resolution of dependencies)
ºlibforensic1394
ºmsgpack

Installation

On Debian-based distributions the installation command lines can be summarized as:

sudo apt-get install git cmake g++ python3 python3-pip

On OS X, you can install the tool requirements with homebrew:

brew install git cmake python3

After installing the requirements, download and install libforensic1394:

git clone git://git.freddie.witherden.org/forensic1394.git
cd forensic1394
cmake CMakeLists.txt
sudo make install
cd python
sudo python3 setup.py install

Download and install Inception

git clone git://github.com/carmaa/inception.git
cd inception
./setup.py install

The setup script should be able to install dependencies if you have pip installed.



Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us