Really cool "evil maid" tool

[Ron <ron () skullsecurity net>]

Hey everybody,

A friend of mine (@AlexWebr) wrote a neat tool I wanted to share. It's a
bootloader written in 512 bytes that emulates Windows Checkdisk and
prompts the user for their password. When they type it in, it saves it
to the drive and marks it as non-bootable, then reboots, so the system
starts as usual. The attacker can later retrieve the evil usb
stick/sdcard/etc and read the password back.

The code's super tight, and he squeezed everything he could out of those
512 bytes. Totally worth checking out!

Here's the link to github:
https://github.com/AlexWebr/evilmaid_chkdsk

And a video of the attack in action:
http://ascii.io/a/1201

It works on all my machines (although I might be a bit suspicious, since
I'm running Linux. :) )

Here's his Twitter:
https://twitter.com/AlexWebr

Ron

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com