Blog Ipsa Loquitur

This is the coolest name for the coolest and scariest piece of software I’ve seen in quite some time. Inception: a program that you run on your computer, and then plug your computer into someone else’s locked computer. Inception then breaks into the other guy’s computer. How? By being insanely awesome/scary:

Inception’s main mode works as follows: By presenting a Serial Bus Protocol 2 (SBP-2) unit directory to the victim machine over the IEEE1394 FireWire interface, the victim operating system thinks that a SBP-2 device has connected to the FireWire port. Since SBP-2 devices utilize Direct Memory Access (DMA) for fast, large bulk data transfers (e.g., FireWire hard drives and digital camcorders), the victim lowers its shields and enables DMA for the device.

The tool now has full read/write access to the lower 4GB of RAM on the victim. Once DMA is granted, the tool proceeds to search through available memory pages for signatures at certain offsets in the operating system’s password authentication modules. Once found, the tool short circuits the code that is triggered if an incorrect password is entered.

An analogy for this operation is planting an idea into the memory of the machine; the idea that every password is correct (ed: omg wtf). In other words, the nerdy equivalent of a memory inception.

By virtue of the specific kind of high-speed connection Firewire has, Inception makes the target machine think that every password is the right password. I really really hope it makes that absurdly loud BWAAAAM sound while it works. Then again, that might not be so stealthy.

Either way, I definitely recommend you stick gum in pretty much every port your computer has.