BitLocker, FileVault, dm-crypt, and TrueCrypt Encryption Key Crack via DRAM Cold Boot Attack with Program Source Code Download BitLocker, FileVault, dm-crypt, in TrueCrypt šifrirnega ključa Crack preko hladne DRAM-Boot Napad s Izvorna koda programa Download
A group of researchers in Princeton University have managed to prove and demonstrate that disk encryption mechanism used by BitLocker of Windows Vista; FileVault of MacOS X; dm-crypt of Linux, TrueCrypt and possibly other secure encryption software, can be cracked, hacked and defeated by imaging state of physical memory (DRAM modules) which still carry and retain traces of code bits, in what hackers called cold boot attack by dumping all data in memory to disk. Skupina raziskovalcev na Univerzi Princeton uspela dokazati in pokazati, da na disku Algoritem šifriranja, ki ga uporablja BitLocker za sistem Windows Vista; FileVault za MacOS X; dm-crypt za Linux, TrueCrypt, in morebiti drugih varnih programju za enkripcijo, lahko krekiranega, hacked in porazili slikanje z stanju fizični pomnilnik (DRAM modulov), ki še vedno nosijo in ohranjajo sledi koda bitov, v kakšni hekerji imenovano hladno boot napad z dampingom vse podatke v pomnilnik na disk.
Princeton University Center for Information Technology Policy Princeton University Center za informacijske tehnologije, politika website spletna stran describes how the attack is possible: opisuje, kako je napad je to mogoče, sporočijo:
Contrary to popular assumption, DRAMs used in most modern computers retain their contents for seconds to minutes after power is lost, even at operating temperatures and even if removed from a motherboard. V nasprotju z popularno predpostavki, DRAM se uporablja v večini sodobnih računalnikov ohranijo njihove vsebine, za nekaj sekundah do nekaj minutah po moči se izgubi, celo na delovni temperaturi, in tudi če je odstranjeno iz matične plošče. Although DRAMs become less reliable when they are not refreshed, they are not immediately erased, and their contents persist sufficiently for malicious (or forensic) acquisition of usable full-system memory images. DRAM, čeprav so tem manj zanesljive, kadar se ne obnavljajo, se ne izbrišejo takoj, in njihove vsebine obstajajo zadostni meri za zlonamerno (ali forenzični) pridobitve uporabnega polno sistemski pomnilnik slik. We show that this phenomenon limits the ability of an operating system to protect cryptographic key material from an attacker with physical access. Mi kažejo, da je ta pojav omejuje zmožnost operacijskega sistema za zaščito šifrirnega ključa materiala iz napadalcem s fizičnega dostopa. We use cold reboots to mount attacks on popular disk encryption systems - BitLocker, FileVault, dm-crypt, and TrueCrypt - using no special devices or materials. Mi uporabljamo hladno reboots za montiranje napadi na priljubljen disk šifriranje sistemi - BitLocker, FileVault, dm-crypt, in TrueCrypt - brez posebnih naprav z uporabo ali materialih. We experimentally characterize the extent and predictability of memory remanence and report that remanence times can be increased dramatically with simple techniques. Eksperimentalno smo opisali obseg in predvidljivost pomnilnik remanenco in poročila, da remanenco krat lahko dramatično povečal z enostavnimi tehnikami. We offer new algorithms for finding cryptographic keys in memory images and for correcting errors caused by bit decay. Nudimo Vam nove algoritme za iskanje kriptografske ključe v pomnilniku slike in za popravljanje napak, ki jih povzročajo bit upadanja. Though we discuss several strategies for partially mitigating these risks, we know of no simple remedy that would eliminate them. Čeprav bomo več razpravljali o strategijah za delno ublažitev teh nevarnosti, vemo, da ni enostavnih sredstvo, ki bi jih odpravili.
Video clip published by the team shows that it’s possible to remove a DIMM from one computer after power loss, transport and traffic the RAM module to another PC, aiding by a typical canned-air spray to lower its temperature to lengthen the time which the DIMM will keep the data, and then boot the computer unit using a specially designed microkernel, and finally dump all data on the RAM chip to physical disk. Video posnetek, ki ga je objavila skupina, kažejo, da jih je mogoče odstraniti DIMM iz enega računalnika po izguba moči, prometa in prometa RAM modul na drugi računalnik, pomoč, ki jih tipično v pločevinkah s razpršilcem zraka, nižja je njena temperatura, da bi podaljšale čas, ki se bo DIMM hranijo podatke, in nato zagon računalnika z uporabo enote, posebej zasnovane microkernel, in končno dump vseh podatkov o RAM čip za fizični disk. The amount of bad (decayed) data depended on both the time a DIMM spent unpowered and the temperature at which it was kept. Znesek slabega (gnila) podatkov odvisna od obeh, ko DIMM in izrabljenega Brez temperatura, pri kateri je bilo hranjeno blago. Nonetheless, the researchers managed to successfully reconstruct 128-bit AES encryption keys within seconds, even if 10 percent of the key had already decayed out of memory. Kljub temu pa raziskovalci uspelo uspešno Rekonstruirati 128-bitno AES enkripcijo ključe v nekaj sekundah, tudi če 10 odstotkov od ključnih že gnila iz pomnilnika.
The Princeton University team has also released the Na Princeton University skupina je prav tako sprosti source code izvorne kode for some of the software utilities that is developed in the course of this research. za nekaj programske opreme gospodarskih javnih služb, ki je bil razvit v okviru te raziskave. These prototype applications are intended to illustrate the techniques described in the Ti prototip aplikacije so namenjene ponazoritvi tehnik, kot so opisane v encryption keys cool boot attack ključi za šifriranje kul boot napad research paper, and should not be used for malicious or hacking attempt. raziskave papirja, in se ne sme uporabljati za zlonamerno ali hackiranje.
The source code for applications released for free download include USB / PXE ( Izvorna koda za aplikacije, sproščeno v prosti download vključujejo USB / PXE ( bios_memimage-1.0.tar.gz ) and EFI Netboot ( ) In EFI Netboot ( efi_memimage-1.0.tar.gz ) memory imaging tools, AESKeyFinder ( ) Pomnilnik za preslikovanje, orodja, AESKeyFinder ( aeskeyfind-1.0.tar.gz ) and RSAKeyFinder ( ) In RSAKeyFinder ( rsakeyfind-1.0.tar.gz ) automatic key-finder tools, and AESFix ( ) Avtomatski ključ-najditelja orodja in AESFix ( aesfix-1.0.1.tar.gz ) error-correction utility for AES key schedules. ) Error-AES za komunalne popravka ključnih seznamih.
IMPORTANT : This is a machine translated page which is provided "as is" without warranty. POMEMBNO: To je stroj prevede stran, ki je ponujena "kot je" brez garancije. Machine translation may be difficult to understand. Strojno prevajanje je lahko težko razumljiva. Please refer to Prosimo, glejte original English article Originalno angleško članek whenever possible. kadar je to mogoče.
Share and contribute or get technical support and help at Deliti in prispevati ali dobiti tehnično podporo in pomoč pri My Digital Life Forums Moje digitalno življenje Forumi .
Related Articles Sorodni članki
- Download TrueCrypt Free (Alternative) Encryption Software for Vista Prenesi TrueCrypt free (alternativno) programju za enkripcijo za Vista
- Cold Hard Jolt about Encryption Protection Hladno šifriranje trdih sunkov o varstvu
- Eudora’s Debut To Be An Open Source Email Program Eudora's debut, da je Open Source E-poštni program
- Facebook Source Code Leaked Facebook Izvorna koda je iztekel
- Vista Brute-Force Keygen GUI 0.1 with Source Code Vista Brutalni veljavnosti Keygen GUI 0,1 z izvorno kodo
- Get Ready for Linux Genuine Advantage (LGA) - with Source and Crack Get Ready for Linux Genuine Advantage (LGA) - Vir in s Crack
- Preview C#, Visual Basic, and C++ Source Code files Direct in Attachments Without Opening Predogled C #, Visual Basic in C + + Izvorna koda datoteke Neposredno v Priponke Brez Otvoritev
- Run Windows Programs and Application on Mac OS X without Dual Boot Boot Camp or Virtual PC Machine Zaženite namestitveni program Windows programi in zahtevek za Mac OS X brez dual boot škorenj ostrog ali Virtual PC stroj
- Create Windows Vista Boot Logo with Generator to Customize Boot Screen Ustvarite Windows Vista boot logo s generator, da bi prilagodili zagonski zaslon
- Attack with USB Missile Launcher On Your Desktop Napad z USB izstrelkov launcher na namizju
July 24th, 2008 06:59 24. julij 2008 06:59
The solution I think is putting the keys in the low-memory, so the keys are over written as the computer boots! Raztopine Mislim, da je dajanje ključe v nizko-pomnilnik, tako da so tipke v pisni kot računalnik, škornji!
I really do not know how large the memory chunk has to be in order to record such key, though if 1/2 KB (512 Bytes) is enough, the adress where bios loades the MBR would be nice! Res ne vem, kako velika je pomnilnik Blok je treba, da se evidentira tak ključni, čeprav če 1 / 2 KB (512 bajtov), je dovolj, naslov, kjer biografij loades na MBR bi bilo lepo!
Other neat places might be the adress of the BIOS IDT (Interrupt Description Table), as it’s not needed any longer as the kernel enters PMod! Goveji drugih mestih se lahko naslov BIOS idt (prekinitev Opis Tabela), kakor je ne potrebuje več kot jedra PMod vstopi!