PaulDotCom mailing list archives
Kon-Boot on a USB
From: pauldotcom at grymoire.com (Grymoire)
Date: Tue, 7 Jul 2009 09:56:01 -0400
KON can't do it all, and hard disk crypto seems to be the one thing that stops this fun little tool cold. I think from a white hat perspective, it makes for an amazing demo of why FDE is needed.
FDE has some flaws. If you have access to the computer while it's running, there are a few approaches to defeat full disk encryption. They make use of flaws in implementations. 1) Searching memory for crypto material. AES uses tables that contain info for the block scrambling. If you can find this, you might find the encryption key nearby. The coldboot stuff does this. 2) The BIOS-based terminal buffer. http://www.securityfocus.com/bid/15751 You can use coldboot, USB/switchblade, or live hacks to get this info. I know one company that uses FDE, and #2 recovers the password in some cases. Social someone to run a program that e-mails you the FDE password first. I still have to spend some time in reverse engineering the MBR of a disk with FDE.
Current thread:
- Kon-Boot on a USB, (continued)
- Kon-Boot on a USB Michael Douglas (Jul 06)
- Kon-Boot on a USB Adrian Crenshaw (Jul 06)
- Kon-Boot on a USB John Navarro (Jul 06)
- Kon-Boot on a USB Robin Wood (Jul 06)
- Kon-Boot on a USB Adrian Crenshaw (Jul 06)
- Kon-Boot on a USB Robin Wood (Jul 06)
- Kon-Boot on a USB John Navarro (Jul 06)
- Kon-Boot on a USB Michael Douglas (Jul 07)
- Kon-Boot on a USB Bradley McMahon (Jul 07)
- Kon-Boot on a USB infolookup at gmail.com (Jul 07)
- Kon-Boot on a USB Michael Douglas (Jul 06)
- Kon-Boot on a USB Dr Adapter (Jul 07)
- Kon-Boot on a USB Tim Mugherini (Jul 07)
- Kon-Boot on a USB Adrian Crenshaw (Jul 07)
- Kon-Boot on a USB Adrian Crenshaw (Jul 07)
- Kon-Boot on a USB Nils (Jul 08)
- Kon-Boot on a USB Adrian Crenshaw (Jul 08)
- Kon-Boot on a USB Adrian Crenshaw (Jul 08)
- Kon-Boot on a USB Nils (Jul 08)
- Kon-Boot on a USB Adrian Crenshaw (Jul 08)