Full Disclosure mailing list archives
Re: Firewire Attack on Windows Vista
From: Bryon Roche <kain () kain org>
Date: Fri, 7 Mar 2008 21:53:40 +0000 (UTC)
On Fri, 07 Mar 2008 14:51:07 -0500, Larry Seltzer wrote:
Let's say the computer is off. You can turn it on, but that gets youto a login screen. What can the Firewire device do? OK, I guess I misunderstood the original paper (http://www.sec-consult.com/fileadmin/Whitepapers/Vista_Physical_Attacks .pdf). It now looks to me like they are claiming they can disable password authentication *even while the system is not logged on* - do I have that right?
Larry, Are you familiar with ICE or JTAG debugging hardware? ieee1394 is implemented by default in such a fashion that a ieee1394 port can basically be used as a hardware debugger to memory. i.e. any ieee1394 device can poke/peek the entire _physical memory space_ of any other device on the bus. With that capability you can do anything that could be accomplished from the internals of the operating system. The essential flaw here is that current SBP-2 drivers do not set up a proper virtual memory map between the firewire chipset and the host, and just expose the entire host's physical address space. Fixing this requires reimplementing a good deal of design and buffering for the SBP-2 (that's the firewire SCSI block protocol) drivers. I however, don't know enough about windows drivers and disk access to elaborate from there about how hard that will be to fix in the windows world. What people seem to be missing is that this condition is *fixable*, but the real impetus may not be there outside of folks from the Trusted Computing crowd etc etc. What points are you trying to stab at for an article? _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Firewire Attack on Windows Vista, (continued)
- Re: Firewire Attack on Windows Vista Larry Seltzer (Mar 06)
- Re: Firewire Attack on Windows Vista Tim (Mar 06)
- Re: Firewire Attack on Windows Vista Larry Seltzer (Mar 06)
- Re: Firewire Attack on Windows Vista Tim (Mar 06)
- Message not available
- Re: Firewire Attack on Windows Vista Tim (Mar 06)
- Re: Firewire Attack on Windows Vista Thor (Hammer of God) (Mar 07)
- Re: Firewire Attack on Windows Vista Thor (Hammer of God) (Mar 07)
- Re: Firewire Attack on Windows Vista Larry Seltzer (Mar 07)
- Re: Firewire Attack on Windows Vista Larry Seltzer (Mar 07)
- Re: Firewire Attack on Windows Vista Thor (Hammer of God) (Mar 07)
- Re: Firewire Attack on Windows Vista Bryon Roche (Mar 07)
- Re: Firewire Attack on Windows Vista Larry Seltzer (Mar 08)
- Re: Firewire Attack on Windows Vista Tim (Mar 08)
- Re: Firewire Attack on Windows Vista Larry Seltzer (Mar 08)
- Re: Firewire Attack on Windows Vista Tim (Mar 08)
- Message not available
- Re: Firewire Attack on Windows Vista Larry Seltzer (Mar 09)
- Re: Firewire Attack on Windows Vista Stefan Kanthak (Mar 09)
- Re: Firewire Attack on Windows Vista Larry Seltzer (Mar 09)
- Re: Firewire Attack on Windows Vista Jardel Weyrich (Mar 09)
- Re: Firewire Attack on Windows Vista Kern (Mar 10)
- Re: Firewire Attack on Windows Vista Stefan Kanthak (Mar 10)