The Ethical Hacker Network

Latest Additions

Who's Online

EH-Net Donations

EH-Net News Feeds

Latest Additions

Google Ads

Book Recommendations

timmedin

Sr. Member

Offline

Posts: 454

USB & DMA?

« on: February 18, 2009, 10:27:38 PM »

It has been known for a while that firewire allows direct memory access (DMA) which allows you to

Quote

read arbitrary RAM contents from the victim's system,
overwrite arbitrary RAM contents with whatever you want,
and perform many, many severe attacks based on the two issues above. Examples include grabbing a full RAM dump via Firewire (takes only a few minutes), grabbing ssh-agent keys, grabbing screen contents, modifying screen contents, bypassing login/password screens, and many, many more...

http://www.hermann-uwe.de/blog/physical-memory-attacks-via-firewire-dma-part-1-overview-and-mitigation

This also includes unlocking a locked windows machine.

I was a a DefCon group meeting and one of the guys told me there was a similar attack for unlocking a windows machine but with a USB stick. He was pretty adamant, but I don't think it is possible since I don't believe there is DMA with USB. Can someone shed some light on the subject. I am not talking about AutoRun.


« Last Edit: February 18, 2009, 10:29:55 PM by timmedin »	Logged

twitter.com/timmedin | http://blog.securitywhole.com

timmedin

Sr. Member

Offline

Posts: 454

Re: USB & DMA?

« Reply #1 on: March 03, 2009, 05:27:58 PM »

... I take that as me being right Grin


	Logged

twitter.com/timmedin | http://blog.securitywhole.com

Ketchup

Hero Member

Online

Posts: 709

Re: USB & DMA?

« Reply #2 on: March 03, 2009, 09:07:27 PM »

The way I understand it is that USB does indeed use DMA, bypassing the CPU and thus enable decent transfer speeds. When I did research on this, people are saying that Firewire is a BUS, while USB is a PORT. While both use DMA, Firewire is more unrestricted. When Microsoft implemented Firewire, they assumed that it was going to be running very fast things like hard drives. Interestingly enough, people are saying that the DMA works on eSATA as well.

I am not sure if any of this is true, but that's what I found while researching this topic.


	Logged

~~~~~~~~~~~~~~
Ketchup

awesec

Hero Member

Offline

Posts: 775

Re: USB & DMA?

« Reply #3 on: June 13, 2009, 11:40:08 AM »

Hi Ketchup,
recently I am very interested in this kind of attacks for various reasons. Unfortunately I haven't find any reliable sources about USB and DMA or similar. Would you mind to supply me with the sources you have found?
I would be really interested in this.


	Logged

Ketchup

Hero Member

Online

Posts: 709

Re: USB & DMA?

« Reply #4 on: June 13, 2009, 05:26:28 PM »

I think that logically it should work, but I was never able to get it to work or find anyone else that has. I think it's a matter of how Firewire vs USB are implemented in Windows.