Friday, 25 July 2014

Add a Cold Boot Attack to Easy2Boot

Jamil recently contacted me and asked how to get the Cold Boot Attack (video) (skip to the 3 minutes point to save time) code 'scraper.bin' to work on an Easy2Boot USB drive. This allows you to capture the contents of a computer's memory onto a USB drive (even if it has been switched off for several seconds!). The idea is that the computers memory may still contain un-encoded AES encryption codes, passwords, etc. which can be deciphered later, once the memory's data has been safely captured.
Note that scraper.bin also displays the last key presses from the keyboard buffer too!

The idea that we came up with for getting this to work with Easy2Boot is now available for all to use, so check out Tutorial 124!

Of course, you need to be able to USB-boot from the system and so you will need to know the BIOS password of the target system (so you know how to protect against this type of attack ;-).

The scenario of retrieving data from a system that is switched off seems rather far fetched however and may be something that you would only see Tom Cruise doing in Mission Impossible!:

1. User shuts down PC and walks away
2. Tom approaches system from the ceiling and takes it apart
3. Tom uses freezer spray on the internal DIMMs
4. Tom removes the DIMMs and keeps them cold on top of a frozen cold pack which he has in his utility belt
5. Tom replaced the DIMMs with identical ones which he happens to have with him and leaves the building
6. Tom takes the DIMMs to another system in his lab which takes the same sort of memory
7. Tom carefully dries the DIMMs and fits them and his E2B+'scraper' USB drive and switches on the system - all data is saved to the USB drive
8. Tom analyses the data, gets all the encryption keys and saves the world!

Please tick 'funny' 'interesting' or 'cool' or add a comment to let me know which posts you most enjoy.