Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Inception program to unlock windows in matter of minutes?


  • Please log in to reply
33 replies to this topic

#1 resertedlab

resertedlab

  • Members
  • 143 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 10 October 2016 - 05:38 PM

I've just read in other thread about program named Inception that can basicly unlock any machine in matter of just minutes, by connecting the targetet pc/laptop to a host machine, and the program will trick the device memory and letting the attacker to type any words he likes, that the Operating system will consider the normal password? Just watched few videos in youtube about it. Also i found  that this program is being around for many years now, yet there is so little information for it? How can i've never heard of it since i read so much forums about security and stuff? If someone uses that program will it permanently delete/remove or change the original password, or it will remain as it was, so next time you log in normaly you will have no idea someone previously messed with your computer? I never believed such program exists, and they are even free. Jesus Christ.. Does this work on new laptops like Dell Inspiron 15z?


Edited by resertedlab, 10 October 2016 - 05:40 PM.


BC AdBot (Login to Remove)

 


#2 Viper_Security

Viper_Security

  • Members
  • 826 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1
  • Local time:11:43 AM

Posted 10 October 2016 - 05:50 PM

I'm not sure about the "Inception" program, but there is one we use at our shop here that can remove it in seconds from WINXP-10 (not sure if i should name it or not, i leave that up to the mods) 

 

And to remove passwords one would need a program with a higher run-level than NT has. (Normally, things are changing)

 

the program we use completely wipes the password as if one had not been set. 

 

Also i can not definitively say if it will work on newer laptops or not. 


    IT Auditor & Security Professional

hQBT2G3.png


#3 resertedlab

resertedlab
  • Topic Starter

  • Members
  • 143 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 10 October 2016 - 06:09 PM

Yes i know such programs exists, that wipe or reset password, but than you will know someone messed with your pc while you were out and you will take messures at the moment. If inception simple bypass your password without reset/removing it even your computer is encrypted, you could never know someone messed around. Thats what i fear and wonder how i've never heard of it? Thanks for the  responce by the way ;)



#4 Gorbulan

Gorbulan

  • Members
  • 832 posts
  • OFFLINE
  •  
  • Local time:11:43 AM

Posted 10 October 2016 - 06:24 PM

Found the Inception website. Here is an excerpt.

 

 

Inception is a physical memory manipulation and hacking tool exploiting PCI-based DMA. The tool can attack over FireWire, Thunderbolt, ExpressCard, PC Card and any other PCI/PCIe interfaces.

Inception aims to provide a relatively quick, stable and easy way of performing intrusive and non-intrusive memory hacks against live computers using DMA.

How it works

Inception’s modules work as follows: By presenting a Serial Bus Protocol 2 (SBP-2) unit directory to the victim machine over the IEEE1394 FireWire interface, the victim operating system thinks that a SBP-2 device has connected to the FireWire port. Since SBP-2 devices utilize Direct Memory Access (DMA) for fast, large bulk data transfers (e.g., FireWire hard drives and digital camcorders), the victim lowers its shields and enables DMA for the device. The tool now has full read/write access to the lower 4GB of RAM on the victim.

Once DMA is granted, the tool proceeds to search through available memory pages for signatures at certain offsets in the operating system’s code. Once found, the tool manipulates this code. For instance, in the unlock module, the tool short circuits the operating system’s password authentication module that is triggered if an incorrect password is entered.

After running that module you should be able to log into the victim machine using any password.

 

I will not post the link.



#5 resertedlab

resertedlab
  • Topic Starter

  • Members
  • 143 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 10 October 2016 - 06:32 PM

Yes that discription is all i ever found on copied on few different sites, but does anyone ever used it or something? Does the program further resets/wipes the password or leaves it as it is. If it's really working that easily, how can microsoft never made any upgrade or something to prevent it, because it will completely makes password usless? And if it takes really just minutes to to take action.. It sound really scary, if you have to bring you laptop in collage or at work. 



#6 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:43 PM

Posted 11 October 2016 - 09:39 AM

Here's what I wrote in the other thread:

 

 

No, the password is not changed.

 

And Inception works over FireWire, so the laptop needs a FireWire connection, or a PCMCIA connection to plug in a FireWire card.


Edited by Didier Stevens, 11 October 2016 - 09:50 AM.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#7 resertedlab

resertedlab
  • Topic Starter

  • Members
  • 143 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 11 October 2016 - 12:31 PM

Dieder, does it work on windows 8? Also,How can i tell if my laptop has this ports (since i am totaly unaware where they are?) The laptop i am talking about is Dell Inspiron z15 5523, now i dont want to waste your time so if you want i cant take photos of the ports i have to figure out if i have them. I only use the USB ports and the one that connects with tv. Also i have 6GB ram and i read it works best for 4GB. 



#8 Gorbulan

Gorbulan

  • Members
  • 832 posts
  • OFFLINE
  •  
  • Local time:11:43 AM

Posted 11 October 2016 - 12:37 PM

According to every picture I have seen of the Dell Inspiron z15 5523 it only has USB ports and one HDMI port. No FireWire, which makes sense, FireWire is old technology.



#9 resertedlab

resertedlab
  • Topic Starter

  • Members
  • 143 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 11 October 2016 - 01:13 PM

Now from what i checked and if i am not wrong, there are 4 USB, one for the net cable and one that i connect to the tv. 

 

Here is information from a site about my Ultrabook:

 

 

As we already mentioned, the ultrabook has no less equipment than a multimedia notebook. The 15z features aDVD burner and a LAN port, which needed an adapter on most ultrabooks of the first generation. In addition, the notebook has a total of four USB ports - two on each side. The HDMIKensington Lock and the SD card reader were also not forgotten. We are only missing a VGA port, because external monitors and projectors do not always have an HDMI input. All of the interfaces are located on both sides and are not too close to each other. At the front the status LEDs glow discreetly in white.

Like most notebooks, the 15z also has a webcam above the display. It is nothing special with a resolution of 1.3 megapixels. Our test shows some noise in the picture despite the sufficient light. The quality is enough for Skype video calls, but nothing more. A small LED right next to the camera indicates operation. Thanks to the integrated microphone, you can easily "Skype" without any external accessories.



#10 Gorbulan

Gorbulan

  • Members
  • 832 posts
  • OFFLINE
  •  
  • Local time:11:43 AM

Posted 11 October 2016 - 01:33 PM

Correct.

 

1 x HDMI, 1 x Ethernet, 1 x SD Card Reader, 1 x Kensington Lock, 1 x Headphone Jack, and 4 x USB. No FireWire.



#11 resertedlab

resertedlab
  • Topic Starter

  • Members
  • 143 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 11 October 2016 - 01:47 PM

However, look what the official site says about Inception? The creator of this tool seems to be one single guy, i am not sure how much he knows about his own things but here is wrote, but i belive the site is not updated the last years:

 

Q: Isn’t FireWire a dying horse? Few laptops ship with FireWire ports these days, which makes Inception a useless tool.
A: You can use any interface that expands the PCIe bus, for example PCMCIA, ExpressCards, the new Thunderbolt interface and perhaps SD/IO to hotplug a FireWire interface into the victim machine. The OS will install the necessary drivers on the fly, even when the machine is locked.


Edited by resertedlab, 11 October 2016 - 01:49 PM.


#12 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:43 PM

Posted 12 October 2016 - 04:14 AM

Yes, Windows 8 too, all supported OSes are listed on the Inception page.

 

DMA via FireWire uses 32-bit addresses. That's why access is limited to the first 4GB of memory. If you have a 64-bit OS, you can have more than 4GB of memory. And then it can happen that the page which needs to be modified to unlock the OS, is mapped above the 4G limit. In such case Inception can not unlock the PC.

 

But you already have established that your laptop has no FireWire connector, neither a connector to plugin a FireWire card. So your laptop could not have been attacked this way.


Edited by Didier Stevens, 12 October 2016 - 04:14 AM.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#13 resertedlab

resertedlab
  • Topic Starter

  • Members
  • 143 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 12 October 2016 - 11:25 AM

Yes, 64bit, 6GB and no firewire port would be safe, but its good for people that are vulnerable to know about this no trace leaving program thats freely outthere, and to take measures if its possible at all ;) 


Edited by resertedlab, 12 October 2016 - 11:34 AM.


#14 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:43 PM

Posted 12 October 2016 - 12:17 PM

If it is about awareness, I hope you know that the easiest way to compromise a computer without full disk encryption, is to boot the computer from a live OS (CD/DVD/USB) and make changes to the filesystem.

 

Like Inception it requires physical access, but is much easier.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#15 resertedlab

resertedlab
  • Topic Starter

  • Members
  • 143 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 12 October 2016 - 12:21 PM

Yes but this will change or reset the password as far as i know? My main fear is from intrusion that will leave no trace at all?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users