New Windows XP & Vista Full Take-over Hack with Firewire


This Firewire hack seems to be creating a big buzz, from what I’ve read it also works on Vista as for some odd reason the Firewire port gets access to the whole memory space in DMA mode – not just what it needs to function – so you can read from anything stored in memory with the right tools.

Pretty worrying eh? There is a few ways to secure yourself if you feel this is a threat (Disable the 1394 bus or disable DMA).

A security consultant based in New Zealand has released a tool that can unlock Windows computers in seconds without the need for a password.

Adam Boileau first demonstrated the hack, which affects Windows XP computers but has not yet been tested with Windows Vista, at a security conference in Sydney in 2006, but Microsoft has yet to develop a fix.

Interviewed in ITRadio’s Risky Business podcast, Boileau said the tool, released to the public today, could “unlock locked Windows machines or login without a password … merely by plugging in your Firewire cable and running a command”.

If you are interested in the details and want to read about the Windows Vista Firewire hack you can do so here [PDF].

As I’ve always said though, if you have physical access you basically own the machine. Physical security of servers is a lot more important than many people think.

To use the tool, hackers must connect a Linux-based computer to a Firewire port on the target machine. The machine is then tricked into allowing the attacking computer to have read and write access to its memory.

With full access to the memory, the tool can then modify Windows’ password protection code, which is stored there, and render it ineffective.

Older desktop computers do not come equipped with Firewire ports, which are needed for the hack to work, but many recent models do. Most laptops made in the last few years include Firewire ports.

Microsoft has been unavailable for comment about this issue of course. The FD thread is extremely long, if you are interested in reading it you can do so here.

Source: Sydney Morning Herald

Posted in: Exploits/Vulnerabilities, Windows Hacking

, , ,


Latest Posts:


dSploit APK Download - Hacking & Security Toolkit For Android dSploit APK Download – Hacking & Security Toolkit For Android
dSploit APK Download is a Hacking & Security Toolkit For Android which can conduct network analysis and penetration testing activities.
Scallion - GPU Based Onion Hash Generator Scallion – GPU Based Onion Hash Generator
Scallion is a GPU-driven Onion Hash Generator written in C#, it lets you create vanity GPG keys and .onion addresses (for Tor's hidden services).
WiFi-Dumper - Dump WiFi Profiles and Cleartext Passwords WiFi-Dumper – Dump WiFi Profiles and Cleartext Passwords
WiFi-Dumper is an open-source Python-based tool to dump WiFi profiles and cleartext passwords of the connected access points on a Windows machine.
truffleHog - Search Git for High Entropy Strings with Commit History truffleHog – Search Git for High Entropy Strings with Commit History
truffleHog is a Python-based tool to search Git for high entropy strings, digging deep into commit history and branches. This is effective at finding secrets accidentally committed.
AIEngine - AI-driven Network Intrusion Detection System AIEngine – AI-driven Network Intrusion Detection System
AIEngine is a next-generation interactive/programmable Python/Ruby/Java/Lua and Go AI-driven Network Intrusion Detection System engine with many capabilities.
Sooty - SOC Analyst All-In-One CLI Tool Sooty – SOC Analyst All-In-One CLI Tool
Sooty is a tool developed with the task of aiding a SOC analyst to automate parts of their workflow and speed up their process.


7 Responses to New Windows XP & Vista Full Take-over Hack with Firewire

  1. Bogwitch March 21, 2008 at 11:05 am #

    It’s not just MS OSes that are vulnerable to this – anything with an active firewire.
    The reason it can access the memory direclty is that Firewire is a BUS whereas USB etc. is a PORT.

  2. Pantagruel March 21, 2008 at 1:24 pm #

    A fun thing to read.

    Like Bogwitch says, it’s a bus and has direct DMA access, basically needed since most of the firewire attached stuf is a HDD or other drive which want/need DMA access. Did a trial with disabled DMA but trying to capture video from the firewire attached hi-8 cam results in significant more frame loss compared to having DMA turned on. The direct DMA access appears to be needed to ensure a proper dump of the data coming in at the firewire onto the hdd (both p-ATA and s-ATA are fast enough to capture the 4 Mb datastream).

    @Darknet, indeed a makeshift secured broom cupboard (padlock/etc and steel plate reinforced door) is enough to keep out the average purp.

  3. James C March 21, 2008 at 2:40 pm #

    @Darknet
    “As I

  4. zupakomputer March 21, 2008 at 3:30 pm #

    Have to agree too – the ways of taking over a machine are plentiful if you have physical access to it.

  5. fever April 10, 2008 at 4:43 pm #

    another example of disable that which you do not use. Or it will come to bite you in the end.

  6. Clarkson January 5, 2009 at 8:32 pm #

    Just pick up the machine and walk out with it, if you have physical access to the box.

  7. Bogwitch January 5, 2009 at 10:52 pm #

    Clarkson,

    The attack mentioned does have some practical application.
    Imagine a workstation with full disk encryption. Having physical access to the workstation is not much use. Now, if the workstation is powered, but locked, the attacker can gain access to the OS using this method.