tag:blogger.com,1999:blog-5385036587194404038.post4039369073498753386..comments2023-10-07T04:29:16.932-07:00Comments on Technical notes, my online memory: Firewire and DMA attacks on OS XUnknownnoreply@blogger.comBlogger9125tag:blogger.com,1999:blog-5385036587194404038.post-35815954693023267402012-08-08T18:45:37.096-07:002012-08-08T18:45:37.096-07:00After 10.7.2, screen lock puts firewire into emula...After 10.7.2, screen lock puts firewire into emulation mode, which protects against DMA attacks.Ghttps://www.blogger.com/profile/00562540281391628849noreply@blogger.comtag:blogger.com,1999:blog-5385036587194404038.post-45106925523706984712012-08-07T05:49:04.053-07:002012-08-07T05:49:04.053-07:00Hi,
Is this hack also possible when the mac is set...Hi,<br />Is this hack also possible when the mac is set to require a password after a specified time after going to sleep?<br /><br />So the question is, whether OS effectively locks down the machine after the specified time or if the lock down only takes effect when the machine wakes!?<br /><br />Scenario would be: Lid is closed and the mac is set to require a password after 15 minutes. Someone steals the laptop after 30 minutes and tries to gain DMA control. Will DMA lock down appropriately or will I first have to lock the screen and then close the lid in order to not be vulnerable?<br /><br />Cheers,<br />AnonymousAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-5385036587194404038.post-58797920132994100512012-02-08T18:14:17.064-08:002012-02-08T18:14:17.064-08:00@Carsten: nice writeup. Summary for other readers:...@Carsten: nice writeup. Summary for other readers: Carsten used a thunderbolt to firewire adapter, so the same defences apply (see his caveats section). It is the same firewire attack, just travelling over the thunderbolt interface.Ghttps://www.blogger.com/profile/00562540281391628849noreply@blogger.comtag:blogger.com,1999:blog-5385036587194404038.post-21468812434434448292012-02-06T09:07:34.080-08:002012-02-06T09:07:34.080-08:00Hey guys - This may interest you: I can confirm th...Hey guys - This may interest you: I can confirm that this attack works on OS X and Windows 7 - and also over the Thunderbolt interface:<br /><br />http://www.breaknenter.org/2012/02/adventures-with-daisy-in-thunderbolt-dma-land-hacking-macs-through-the-thunderbolt-interface/Carstenhttps://www.blogger.com/profile/03613334567369135517noreply@blogger.comtag:blogger.com,1999:blog-5385036587194404038.post-63959744711152156892012-02-02T07:35:54.167-08:002012-02-02T07:35:54.167-08:00Thanks, great research!Thanks, great research!Bradenhttps://www.blogger.com/profile/03312084425322027909noreply@blogger.comtag:blogger.com,1999:blog-5385036587194404038.post-7004482798525541662012-02-01T21:21:54.454-08:002012-02-01T21:21:54.454-08:00Windows: read some of the papers on Uwe's site...Windows: read some of the papers on Uwe's site that I link to, including 'Subverting Windows 7 x64 Kernel with DMA Attacks'.Ghttps://www.blogger.com/profile/00562540281391628849noreply@blogger.comtag:blogger.com,1999:blog-5385036587194404038.post-80992049351458480222012-01-31T14:33:10.648-08:002012-01-31T14:33:10.648-08:00Hi, thanks for nice post.
Did you had chance to t...Hi, thanks for nice post.<br /><br />Did you had chance to try it on windows? Are windows systems are still vulnerable?<br /><br />Thanks.TREMOhttps://www.blogger.com/profile/00697850791006340215noreply@blogger.comtag:blogger.com,1999:blog-5385036587194404038.post-37886180494840502222012-01-14T09:32:31.312-08:002012-01-14T09:32:31.312-08:001. firewire only, hope to play more with thunderbo...1. firewire only, hope to play more with thunderbolt although there is very little information available about it.<br />2. No kext mods<br />3. No firmware password (see nvram security-mode post for more info)<br />4. Retrieved login password, which == filevault2 password.Ghttps://www.blogger.com/profile/00562540281391628849noreply@blogger.comtag:blogger.com,1999:blog-5385036587194404038.post-48921916451397499102012-01-11T09:43:49.303-08:002012-01-11T09:43:49.303-08:00Hello, thanks for the article, very interesting!
...Hello, thanks for the article, very interesting!<br /><br />But, I still have a few questions:<br /><br />- did you only test firewire, thunderbolt or both?<br />- did you modify kext-files?<br />- did you set a open-firmware password?<br />- did you try to get cleartext login-password, filevault-password or all passwords?<br /><br />Thanks_nicohttps://www.blogger.com/profile/15417023379718905927noreply@blogger.com