SlideShare a Scribd company logo

Owned By An iPod

Download as PPT, PDF
K
KarlFrank99
TechnologyEntertainment & Humor
1 of 32
i P o d Ma xi mil lian Do rns eif Pac Sec Laboratory for Dependable Distributed Systems 20
Agenda • Who we are and what we do • Introduction to Firewire • Demo • Technical Details of hacking by FireWire • Forensics by FireWire • What to do about it Maximillian Dornseif • Laboratory for Dependable Distributed Systems
Who are we? • RWTH Aachen University, Germany • Laboratory for Dependable Distributed Systems Laboratory for Dependable Distributed Systems • Michael Becher, Maximillian Dornseif, Halvar Flake, Christian Klein Maximillian Dornseif • Laboratory for Dependable Distributed Systems
w i r e
What is Firewire? • Developed by Apple Computers since 1985 • IEEE 1394 (1995), IEEE 1394a (2000), IEEE 1394b (2002). • Marketed by Apple as Firewire or FireWire • Marketed by Sony as iLink Maximillian Dornseif • Laboratory for Dependable Distributed Systems
FireWire • Serial bus, similar but more sophisticated than USB • Faster • Peer-to-Peer, needs no computer • More Power Maximillian Dornseif • Laboratory for Dependable Distributed Systems
Marketplace • Apple - pushing FireWire hard: • Since January 1999 in Desktops • Since January 2000 in Notebooks • September 2000 where the last non- FireWire machines shipped • October 2001: iPod as FireWire killer-app • Sony - we’ll come to that • Others: most upper class systems come with FireWire Maximillian Dornseif • Laboratory for Dependable Distributed Systems
FireWire by Sony Maximillian Dornseif • Laboratory for Dependable Distributed Systems
Other FireWire • Audio • Printers • Scanners • Cameras • GPS • Lab Equipment • Industrial Control Maximillian Dornseif • Laboratory for Dependable Distributed Systems
Things to come Maximillian Dornseif • Laboratory for Dependable Distributed Systems
Confusion Maximillian Dornseif • Laboratory for Dependable Distributed Systems
Target Disk Mode • Press “T” while powering up • Macintosh will emulate a Firewire disk drive Maximillian Dornseif • Laboratory for Dependable Distributed Systems
iBook (Dual USB may 2001) PowerBook G3 (FireWire) Feb 2000 Power Macintosh G3 (Blue & White) Jan 1999 iBook/iBook SE (FireWire Sept 2000) Maximillian Dornseif • Laboratory for Dependable Distributed Systems
e m o s
t e m s
Maximillian Dornseif • Laboratory for Dependable Distributed Systems
Maximillian Dornseif • Laboratory for Dependable Distributed Systems
Maximillian Dornseif • Laboratory for Dependable Distributed Systems
Maximillian Dornseif • Laboratory for Dependable Distributed Systems
t a il s
Unified Memoryspace Maximillian Dornseif • Laboratory for Dependable Distributed Systems
OHCI • Asynchronous functions • Can be used to access on-board RAM and RAM on extension cards (PCI) physical requests - physical requests, including physical read, physical write and lock requests to some CSR registers (section 5.5), are handled directly by the Host Controller without assistance by system software.” (OHCI Standard) Maximillian Dornseif • Laboratory for Dependable Distributed Systems
OHCI Filters • “Asynchronous Request Filters” “The 1394 Open HCI allows for selective access to host memory and the Asynchronous Receive Request context so that software can maintain host memory integrity. The selective access is provided by two sets of 64-bit registers: PhysRequestFilter and AsynchRequestFilter. These registers allow access to physical memory and the AR Request context on a nodeID basis.” (OHCI Standard) • PhysicalRequestFilter Registers (set and clear) “If an asynchronous request is received, passes the AsynchronousRequestFilter, and the offset is below PhysicalUpper-Bound (section 5.15), the sourceID of the request is used as an index into the PhysicalRequestFilter. If the corresponding bit in the PhysicalRequestFilter is set to 0, then the request shall be forwarded to the Asynchronous Receive Request DMA context. If however, the bit is set to 1, then the request shall be sent to the physical response unit.” (OHCI Standard) Maximillian Dornseif • Laboratory for Dependable Distributed Systems
Exploiting Reads • We can read arbitrary memory locations. So we can: • Grab the Screen contents • Just search the memory for strings • Scan for possible key material • Parse the whole physical memory to understand logical memory layout. Maximillian Dornseif • Laboratory for Dependable Distributed Systems
Exploiting Writes • We can write arbitrary data to arbitrary memory location. So we can: • Mess up • Change screen content • Change UID/GID of a certain process • Inject code into a process • Inject an additional Process Maximillian Dornseif • Laboratory for Dependable Distributed Systems
w i r e
The forensics schism • Unplug, do post-mortem disk-analysis • Misses Processes, open connections, etc. • Gather information on the live system, afterwards do a clean shutdown and do afterwards disk-analysis • Contaminates evidence during the information gathering Maximillian Dornseif • Laboratory for Dependable Distributed Systems
Live Memory Dumps • Being able to dump the whole memory without software support would solve the schism • Tribble is a specialized pice of hardware being able to dump physical memory via DMA transfers over the PCI bus • If you can do the same via Firewire, you get away with a software only solution Maximillian Dornseif • Laboratory for Dependable Distributed Systems
Forensics Challenges • There is little experience in reconstructing logical/virtual memory from physical memory dumps • To find open network connections etc. we have to parse a bunch of kernel structures Maximillian Dornseif • Laboratory for Dependable Distributed Systems
i o n s
Shields-Up! • Ensure that only fully trusted devices are connected to your FireWire ports • Press you driver/OS vendors about FireWire filtering Maximillian Dornseif • Laboratory for Dependable Distributed Systems
Be Prepared for Forensics • You might want to keep FireWire ports on incident prone systems at hand • Keep them physically secured • Have some Software ready to do memory Dumps via FireWire Maximillian Dornseif • Laboratory for Dependable Distributed Systems

Recommended

DASH7 Capabilities Overview
DASH7 Capabilities OverviewDASH7 Capabilities Overview
DASH7 Capabilities OverviewDASH7 Alliance
 
iDiff 2008 conference #01 IP-Racine : Cinema production infrastructure on 10G...
iDiff 2008 conference #01 IP-Racine : Cinema production infrastructure on 10G...iDiff 2008 conference #01 IP-Racine : Cinema production infrastructure on 10G...
iDiff 2008 conference #01 IP-Racine : Cinema production infrastructure on 10G...Benoit Michel
 
Dsohowto
DsohowtoDsohowto
DsohowtoKarlFrank99
 
Hs P005 Reflective Dll Injection
Hs P005 Reflective Dll InjectionHs P005 Reflective Dll Injection
Hs P005 Reflective Dll InjectionKarlFrank99
 
報告
報告報告
報告future20
 
quickstart
quickstartquickstart
quickstartelitpoint
 
General De Enterob.
General De Enterob.General De Enterob.
General De Enterob.Jose Luis Lopez Carrillo
 
One In Four Overview
One In Four OverviewOne In Four Overview
One In Four Overviewoneinfour
 

Recommended

DASH7 Capabilities Overview
DASH7 Capabilities OverviewDASH7 Capabilities Overview
DASH7 Capabilities OverviewDASH7 Alliance
 
iDiff 2008 conference #01 IP-Racine : Cinema production infrastructure on 10G...
iDiff 2008 conference #01 IP-Racine : Cinema production infrastructure on 10G...iDiff 2008 conference #01 IP-Racine : Cinema production infrastructure on 10G...
iDiff 2008 conference #01 IP-Racine : Cinema production infrastructure on 10G...Benoit Michel
 
Dsohowto
DsohowtoDsohowto
DsohowtoKarlFrank99
 
Hs P005 Reflective Dll Injection
Hs P005 Reflective Dll InjectionHs P005 Reflective Dll Injection
Hs P005 Reflective Dll InjectionKarlFrank99
 
報告
報告報告
報告future20
 
quickstart
quickstartquickstart
quickstartelitpoint
 
General De Enterob.
General De Enterob.General De Enterob.
General De Enterob.Jose Luis Lopez Carrillo
 
One In Four Overview
One In Four OverviewOne In Four Overview
One In Four Overviewoneinfour
 
Abraham Lincoln - P2G130
Abraham Lincoln - P2G130Abraham Lincoln - P2G130
Abraham Lincoln - P2G130mmisuraca
 
Athlone - My Home Town
Athlone - My Home TownAthlone - My Home Town
Athlone - My Home TownIEmichael0
 
Dll injection
Dll injectionDll injection
Dll injectionKarlFrank99
 
English Benchmark Chan Vienna
English Benchmark Chan ViennaEnglish Benchmark Chan Vienna
English Benchmark Chan ViennaInnos
 
Presentation Of The Subject
Presentation Of The SubjectPresentation Of The Subject
Presentation Of The Subjectpascual1
 
Organization of CC Jurisdiction Projects: Overview, Comparisons & Challenges ...
Organization of CC Jurisdiction Projects: Overview, Comparisons & Challenges ...Organization of CC Jurisdiction Projects: Overview, Comparisons & Challenges ...
Organization of CC Jurisdiction Projects: Overview, Comparisons & Challenges ...Haggen So
 
Saudi Electric Company (Sec)
Saudi Electric Company (Sec)Saudi Electric Company (Sec)
Saudi Electric Company (Sec)the1st_expert
 
2.0kristianstad1214
2.0kristianstad12142.0kristianstad1214
2.0kristianstad1214kristianstadsbibliotek
 
FIN301_Ch4
FIN301_Ch4FIN301_Ch4
FIN301_Ch4the1st_expert
 
Lesson Plan One Power Point Lb
Lesson Plan One Power Point LbLesson Plan One Power Point Lb
Lesson Plan One Power Point LbJenny Hulbert
 
Presentazione Intesa Sanpaolo Job Opportunity
Presentazione Intesa Sanpaolo Job OpportunityPresentazione Intesa Sanpaolo Job Opportunity
Presentazione Intesa Sanpaolo Job OpportunityARGON
 
울트라 모바일 PC
울트라 모바일 PC울트라 모바일 PC
울트라 모바일 PCwizard0513
 
Presentation
PresentationPresentation
Presentationrapbhan
 
2011 06 07_personaldemocracyforum
2011 06 07_personaldemocracyforum2011 06 07_personaldemocracyforum
2011 06 07_personaldemocracyforumDoc Searls
 
Muovi i primi passi in Second Life: Nozione di base
Muovi i primi passi in Second Life: Nozione di baseMuovi i primi passi in Second Life: Nozione di base
Muovi i primi passi in Second Life: Nozione di baseARGON
 
Presentazione Kenigma Papp Claudio Simbula
Presentazione Kenigma Papp Claudio SimbulaPresentazione Kenigma Papp Claudio Simbula
Presentazione Kenigma Papp Claudio SimbulaARGON
 
Travesia Final
Travesia FinalTravesia Final
Travesia Finalguestf9192d
 
Argon Project
Argon ProjectArgon Project
Argon ProjectARGON
 
Buzzzzzstory
BuzzzzzstoryBuzzzzzstory
Buzzzzzstoryguest758076
 
Copyright and Creative Commons
Copyright and Creative CommonsCopyright and Creative Commons
Copyright and Creative CommonsHaggen So
 
The New Open Distributed Application Architecture
The New Open Distributed Application ArchitectureThe New Open Distributed Application Architecture
The New Open Distributed Application ArchitectureGordon Haff
 
Null mumbai-reversing-IoT-firmware
Null mumbai-reversing-IoT-firmwareNull mumbai-reversing-IoT-firmware
Null mumbai-reversing-IoT-firmwareNitesh Malviya
 

More Related Content

Viewers also liked

Abraham Lincoln - P2G130
Abraham Lincoln - P2G130Abraham Lincoln - P2G130
Abraham Lincoln - P2G130mmisuraca
 
Athlone - My Home Town
Athlone - My Home TownAthlone - My Home Town
Athlone - My Home TownIEmichael0
 
English Benchmark Chan Vienna
English Benchmark Chan ViennaEnglish Benchmark Chan Vienna
English Benchmark Chan ViennaInnos
 
Presentation Of The Subject
Presentation Of The SubjectPresentation Of The Subject
Presentation Of The Subjectpascual1
 
Organization of CC Jurisdiction Projects: Overview, Comparisons & Challenges ...
Organization of CC Jurisdiction Projects: Overview, Comparisons & Challenges ...Organization of CC Jurisdiction Projects: Overview, Comparisons & Challenges ...
Organization of CC Jurisdiction Projects: Overview, Comparisons & Challenges ...Haggen So
 
Saudi Electric Company (Sec)
Saudi Electric Company (Sec)Saudi Electric Company (Sec)
Saudi Electric Company (Sec)the1st_expert
 
Lesson Plan One Power Point Lb
Lesson Plan One Power Point LbLesson Plan One Power Point Lb
Lesson Plan One Power Point LbJenny Hulbert
 
Presentazione Intesa Sanpaolo Job Opportunity
Presentazione Intesa Sanpaolo Job OpportunityPresentazione Intesa Sanpaolo Job Opportunity
Presentazione Intesa Sanpaolo Job OpportunityARGON
 
울트라 모바일 PC
울트라 모바일 PC울트라 모바일 PC
울트라 모바일 PCwizard0513
 
Presentation
PresentationPresentation
Presentationrapbhan
 
2011 06 07_personaldemocracyforum
2011 06 07_personaldemocracyforum2011 06 07_personaldemocracyforum
2011 06 07_personaldemocracyforumDoc Searls
 
Muovi i primi passi in Second Life: Nozione di base
Muovi i primi passi in Second Life: Nozione di baseMuovi i primi passi in Second Life: Nozione di base
Muovi i primi passi in Second Life: Nozione di baseARGON
 
Presentazione Kenigma Papp Claudio Simbula
Presentazione Kenigma Papp Claudio SimbulaPresentazione Kenigma Papp Claudio Simbula
Presentazione Kenigma Papp Claudio SimbulaARGON
 
Argon Project
Argon ProjectArgon Project
Argon ProjectARGON
 
Copyright and Creative Commons
Copyright and Creative CommonsCopyright and Creative Commons
Copyright and Creative CommonsHaggen So
 

Viewers also liked (20)

Abraham Lincoln - P2G130
Abraham Lincoln - P2G130Abraham Lincoln - P2G130
Abraham Lincoln - P2G130
 
Athlone - My Home Town
Athlone - My Home TownAthlone - My Home Town
Athlone - My Home Town
 
Dll injection
Dll injectionDll injection
Dll injection
 
English Benchmark Chan Vienna
English Benchmark Chan ViennaEnglish Benchmark Chan Vienna
English Benchmark Chan Vienna
 
Presentation Of The Subject
Presentation Of The SubjectPresentation Of The Subject
Presentation Of The Subject
 
Organization of CC Jurisdiction Projects: Overview, Comparisons & Challenges ...
Organization of CC Jurisdiction Projects: Overview, Comparisons & Challenges ...Organization of CC Jurisdiction Projects: Overview, Comparisons & Challenges ...
Organization of CC Jurisdiction Projects: Overview, Comparisons & Challenges ...
 
Saudi Electric Company (Sec)
Saudi Electric Company (Sec)Saudi Electric Company (Sec)
Saudi Electric Company (Sec)
 
2.0kristianstad1214
2.0kristianstad12142.0kristianstad1214
2.0kristianstad1214
 
FIN301_Ch4
FIN301_Ch4FIN301_Ch4
FIN301_Ch4
 
Lesson Plan One Power Point Lb
Lesson Plan One Power Point LbLesson Plan One Power Point Lb
Lesson Plan One Power Point Lb
 
Presentazione Intesa Sanpaolo Job Opportunity
Presentazione Intesa Sanpaolo Job OpportunityPresentazione Intesa Sanpaolo Job Opportunity
Presentazione Intesa Sanpaolo Job Opportunity
 
울트라 모바일 PC
울트라 모바일 PC울트라 모바일 PC
울트라 모바일 PC
 
Presentation
PresentationPresentation
Presentation
 
2011 06 07_personaldemocracyforum
2011 06 07_personaldemocracyforum2011 06 07_personaldemocracyforum
2011 06 07_personaldemocracyforum
 
Muovi i primi passi in Second Life: Nozione di base
Muovi i primi passi in Second Life: Nozione di baseMuovi i primi passi in Second Life: Nozione di base
Muovi i primi passi in Second Life: Nozione di base
 
Presentazione Kenigma Papp Claudio Simbula
Presentazione Kenigma Papp Claudio SimbulaPresentazione Kenigma Papp Claudio Simbula
Presentazione Kenigma Papp Claudio Simbula
 
Travesia Final
Travesia FinalTravesia Final
Travesia Final
 
Argon Project
Argon ProjectArgon Project
Argon Project
 
Buzzzzzstory
BuzzzzzstoryBuzzzzzstory
Buzzzzzstory
 
Copyright and Creative Commons
Copyright and Creative CommonsCopyright and Creative Commons
Copyright and Creative Commons
 

Similar to Owned By An iPod

The New Open Distributed Application Architecture
The New Open Distributed Application ArchitectureThe New Open Distributed Application Architecture
The New Open Distributed Application ArchitectureGordon Haff
 
Null mumbai-reversing-IoT-firmware
Null mumbai-reversing-IoT-firmwareNull mumbai-reversing-IoT-firmware
Null mumbai-reversing-IoT-firmwareNitesh Malviya
 
Geek Night 15.0 - Touring the Dark-Side of the Internet
Geek Night 15.0 - Touring the Dark-Side of the InternetGeek Night 15.0 - Touring the Dark-Side of the Internet
Geek Night 15.0 - Touring the Dark-Side of the InternetGeekNightHyderabad
 
Defcon 2011 - Penetration Testing Over Powerlines
Defcon 2011 - Penetration Testing Over PowerlinesDefcon 2011 - Penetration Testing Over Powerlines
Defcon 2011 - Penetration Testing Over PowerlinesMichael Smith
 
FM & Bluetooth & WIFI, Oh My!
FM & Bluetooth & WIFI, Oh My!FM & Bluetooth & WIFI, Oh My!
FM & Bluetooth & WIFI, Oh My!Aaron Lafferty
 
Toward low-latency Java applications - javaOne 2014
Toward low-latency Java applications - javaOne 2014Toward low-latency Java applications - javaOne 2014
Toward low-latency Java applications - javaOne 2014John Davies
 
Cyberscout Presentation
Cyberscout PresentationCyberscout Presentation
Cyberscout PresentationFiroze Hussain
 
Freeze Drying for Capturing Environment-Sensitive Malware Alive
Freeze Drying for Capturing Environment-Sensitive Malware AliveFreeze Drying for Capturing Environment-Sensitive Malware Alive
Freeze Drying for Capturing Environment-Sensitive Malware AliveFFRI, Inc.
 
Self-Driving Data Center
Self-Driving Data CenterSelf-Driving Data Center
Self-Driving Data CenterAll Things Open
 
Smart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationSmart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationSecureState
 
Optimization Techniques at the I/O Forwarding Layer
Optimization Techniques at the I/O Forwarding LayerOptimization Techniques at the I/O Forwarding Layer
Optimization Techniques at the I/O Forwarding LayerKazuki Ohta
 
Ir da in_linux_presentation
Ir da in_linux_presentationIr da in_linux_presentation
Ir da in_linux_presentationAnshuman Biswal
 
Vulnerability, exploit to metasploit
Vulnerability, exploit to metasploitVulnerability, exploit to metasploit
Vulnerability, exploit to metasploitTiago Henriques
 
LCA14: LCA14-502: The way to a generic TrustZone® solution
LCA14: LCA14-502: The way to a generic TrustZone® solutionLCA14: LCA14-502: The way to a generic TrustZone® solution
LCA14: LCA14-502: The way to a generic TrustZone® solutionLinaro
 
Beginners guide on how to start exploring IoT 2nd session
Beginners guide on how to start exploring IoT 2nd sessionBeginners guide on how to start exploring IoT 2nd session
Beginners guide on how to start exploring IoT 2nd sessionveerababu penugonda(Mr-IoT)
 
Principles of Chaos Engineering
Principles of Chaos EngineeringPrinciples of Chaos Engineering
Principles of Chaos Engineeringh_marvin
 
The Internet-of-things: Architecting for the deluge of data
The Internet-of-things: Architecting for the deluge of dataThe Internet-of-things: Architecting for the deluge of data
The Internet-of-things: Architecting for the deluge of databcantrill
 

Similar to Owned By An iPod (20)

The New Open Distributed Application Architecture
The New Open Distributed Application ArchitectureThe New Open Distributed Application Architecture
The New Open Distributed Application Architecture
 
Null mumbai-reversing-IoT-firmware
Null mumbai-reversing-IoT-firmwareNull mumbai-reversing-IoT-firmware
Null mumbai-reversing-IoT-firmware
 
Geek Night 15.0 - Touring the Dark-Side of the Internet
Geek Night 15.0 - Touring the Dark-Side of the InternetGeek Night 15.0 - Touring the Dark-Side of the Internet
Geek Night 15.0 - Touring the Dark-Side of the Internet
 
Defcon 2011 - Penetration Testing Over Powerlines
Defcon 2011 - Penetration Testing Over PowerlinesDefcon 2011 - Penetration Testing Over Powerlines
Defcon 2011 - Penetration Testing Over Powerlines
 
FM & Bluetooth & WIFI, Oh My!
FM & Bluetooth & WIFI, Oh My!FM & Bluetooth & WIFI, Oh My!
FM & Bluetooth & WIFI, Oh My!
 
Toward low-latency Java applications - javaOne 2014
Toward low-latency Java applications - javaOne 2014Toward low-latency Java applications - javaOne 2014
Toward low-latency Java applications - javaOne 2014
 
Cyberscout Presentation
Cyberscout PresentationCyberscout Presentation
Cyberscout Presentation
 
To Infiniband and Beyond
To Infiniband and BeyondTo Infiniband and Beyond
To Infiniband and Beyond
 
IBM-AIX Online Training
IBM-AIX Online TrainingIBM-AIX Online Training
IBM-AIX Online Training
 
Freeze Drying for Capturing Environment-Sensitive Malware Alive
Freeze Drying for Capturing Environment-Sensitive Malware AliveFreeze Drying for Capturing Environment-Sensitive Malware Alive
Freeze Drying for Capturing Environment-Sensitive Malware Alive
 
Self-Driving Data Center
Self-Driving Data CenterSelf-Driving Data Center
Self-Driving Data Center
 
Smart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationSmart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and Exploitation
 
IBM-AIX Classroom Training
IBM-AIX Classroom TrainingIBM-AIX Classroom Training
IBM-AIX Classroom Training
 
Optimization Techniques at the I/O Forwarding Layer
Optimization Techniques at the I/O Forwarding LayerOptimization Techniques at the I/O Forwarding Layer
Optimization Techniques at the I/O Forwarding Layer
 
Ir da in_linux_presentation
Ir da in_linux_presentationIr da in_linux_presentation
Ir da in_linux_presentation
 
Vulnerability, exploit to metasploit
Vulnerability, exploit to metasploitVulnerability, exploit to metasploit
Vulnerability, exploit to metasploit
 
LCA14: LCA14-502: The way to a generic TrustZone® solution
LCA14: LCA14-502: The way to a generic TrustZone® solutionLCA14: LCA14-502: The way to a generic TrustZone® solution
LCA14: LCA14-502: The way to a generic TrustZone® solution
 
Beginners guide on how to start exploring IoT 2nd session
Beginners guide on how to start exploring IoT 2nd sessionBeginners guide on how to start exploring IoT 2nd session
Beginners guide on how to start exploring IoT 2nd session
 
Principles of Chaos Engineering
Principles of Chaos EngineeringPrinciples of Chaos Engineering
Principles of Chaos Engineering
 
The Internet-of-things: Architecting for the deluge of data
The Internet-of-things: Architecting for the deluge of dataThe Internet-of-things: Architecting for the deluge of data
The Internet-of-things: Architecting for the deluge of data
 

More from KarlFrank99

Sandboxie process isolation with kernel hooks
Sandboxie process isolation with kernel hooksSandboxie process isolation with kernel hooks
Sandboxie process isolation with kernel hooksKarlFrank99
 
Double agent zero-day code injection and persistence technique
Double agent zero-day code injection and persistence techniqueDouble agent zero-day code injection and persistence technique
Double agent zero-day code injection and persistence techniqueKarlFrank99
 
Process Doppelgänging
Process Doppelgänging Process Doppelgänging
Process Doppelgänging KarlFrank99
 
Osteoblast-Osteoclast Interactions
Osteoblast-Osteoclast InteractionsOsteoblast-Osteoclast Interactions
Osteoblast-Osteoclast InteractionsKarlFrank99
 
Role of autophagy in tumor necrosis factor-α- induced apoptosis of osteoblast...
Role of autophagy in tumor necrosis factor-α- induced apoptosis of osteoblast...Role of autophagy in tumor necrosis factor-α- induced apoptosis of osteoblast...
Role of autophagy in tumor necrosis factor-α- induced apoptosis of osteoblast...KarlFrank99
 
Osteoblast and Osteoclast Crosstalks: From OAF to Ephrin
Osteoblast and Osteoclast Crosstalks: From OAF to EphrinOsteoblast and Osteoclast Crosstalks: From OAF to Ephrin
Osteoblast and Osteoclast Crosstalks: From OAF to EphrinKarlFrank99
 
The Tight Relationship Between Osteoclasts and the Immune System
The Tight Relationship Between Osteoclasts and the Immune SystemThe Tight Relationship Between Osteoclasts and the Immune System
The Tight Relationship Between Osteoclasts and the Immune SystemKarlFrank99
 
No association between circulating concentrations of vitamin D and risk of lu...
No association between circulating concentrations of vitamin D and risk of lu...No association between circulating concentrations of vitamin D and risk of lu...
No association between circulating concentrations of vitamin D and risk of lu...KarlFrank99
 
20180426_EcbMeeting_DiffStatement
20180426_EcbMeeting_DiffStatement20180426_EcbMeeting_DiffStatement
20180426_EcbMeeting_DiffStatementKarlFrank99
 
20180420__DanskeResearch_ECBPreview
20180420__DanskeResearch_ECBPreview20180420__DanskeResearch_ECBPreview
20180420__DanskeResearch_ECBPreviewKarlFrank99
 
20180420__DanskeResearcch_WeeklyFocus
20180420__DanskeResearcch_WeeklyFocus20180420__DanskeResearcch_WeeklyFocus
20180420__DanskeResearcch_WeeklyFocusKarlFrank99
 
20180417_DanskeResearch_FX_Forecast_Update
20180417_DanskeResearch_FX_Forecast_Update20180417_DanskeResearch_FX_Forecast_Update
20180417_DanskeResearch_FX_Forecast_UpdateKarlFrank99
 
20180418_NordeaResearch_EAInfl_n_ECB
20180418_NordeaResearch_EAInfl_n_ECB20180418_NordeaResearch_EAInfl_n_ECB
20180418_NordeaResearch_EAInfl_n_ECBKarlFrank99
 
NordeaResearch_EcbWatch_20180423
NordeaResearch_EcbWatch_20180423NordeaResearch_EcbWatch_20180423
NordeaResearch_EcbWatch_20180423KarlFrank99
 
20170426_CommerzbankResearch__BullionWeeklyTechnicals
20170426_CommerzbankResearch__BullionWeeklyTechnicals20170426_CommerzbankResearch__BullionWeeklyTechnicals
20170426_CommerzbankResearch__BullionWeeklyTechnicalsKarlFrank99
 
Atomic Bomb Tutorial En
Atomic Bomb Tutorial EnAtomic Bomb Tutorial En
Atomic Bomb Tutorial EnKarlFrank99
 
Bh Usa 07 Butler And Kendall
Bh Usa 07 Butler And KendallBh Usa 07 Butler And Kendall
Bh Usa 07 Butler And KendallKarlFrank99
 
Vistaceic2007 from CEIC 2007
Vistaceic2007 from CEIC 2007Vistaceic2007 from CEIC 2007
Vistaceic2007 from CEIC 2007KarlFrank99
 

More from KarlFrank99 (20)

Sandboxie process isolation with kernel hooks
Sandboxie process isolation with kernel hooksSandboxie process isolation with kernel hooks
Sandboxie process isolation with kernel hooks
 
Comodo q1 2018
Comodo q1 2018Comodo q1 2018
Comodo q1 2018
 
Double agent zero-day code injection and persistence technique
Double agent zero-day code injection and persistence techniqueDouble agent zero-day code injection and persistence technique
Double agent zero-day code injection and persistence technique
 
Process Doppelgänging
Process Doppelgänging Process Doppelgänging
Process Doppelgänging
 
Osteoblast-Osteoclast Interactions
Osteoblast-Osteoclast InteractionsOsteoblast-Osteoclast Interactions
Osteoblast-Osteoclast Interactions
 
Role of autophagy in tumor necrosis factor-α- induced apoptosis of osteoblast...
Role of autophagy in tumor necrosis factor-α- induced apoptosis of osteoblast...Role of autophagy in tumor necrosis factor-α- induced apoptosis of osteoblast...
Role of autophagy in tumor necrosis factor-α- induced apoptosis of osteoblast...
 
Osteoblast and Osteoclast Crosstalks: From OAF to Ephrin
Osteoblast and Osteoclast Crosstalks: From OAF to EphrinOsteoblast and Osteoclast Crosstalks: From OAF to Ephrin
Osteoblast and Osteoclast Crosstalks: From OAF to Ephrin
 
The Tight Relationship Between Osteoclasts and the Immune System
The Tight Relationship Between Osteoclasts and the Immune SystemThe Tight Relationship Between Osteoclasts and the Immune System
The Tight Relationship Between Osteoclasts and the Immune System
 
No association between circulating concentrations of vitamin D and risk of lu...
No association between circulating concentrations of vitamin D and risk of lu...No association between circulating concentrations of vitamin D and risk of lu...
No association between circulating concentrations of vitamin D and risk of lu...
 
20180426_EcbMeeting_DiffStatement
20180426_EcbMeeting_DiffStatement20180426_EcbMeeting_DiffStatement
20180426_EcbMeeting_DiffStatement
 
20180420__DanskeResearch_ECBPreview
20180420__DanskeResearch_ECBPreview20180420__DanskeResearch_ECBPreview
20180420__DanskeResearch_ECBPreview
 
20180420__DanskeResearcch_WeeklyFocus
20180420__DanskeResearcch_WeeklyFocus20180420__DanskeResearcch_WeeklyFocus
20180420__DanskeResearcch_WeeklyFocus
 
20180417_DanskeResearch_FX_Forecast_Update
20180417_DanskeResearch_FX_Forecast_Update20180417_DanskeResearch_FX_Forecast_Update
20180417_DanskeResearch_FX_Forecast_Update
 
20180418_NordeaResearch_EAInfl_n_ECB
20180418_NordeaResearch_EAInfl_n_ECB20180418_NordeaResearch_EAInfl_n_ECB
20180418_NordeaResearch_EAInfl_n_ECB
 
NordeaResearch_EcbWatch_20180423
NordeaResearch_EcbWatch_20180423NordeaResearch_EcbWatch_20180423
NordeaResearch_EcbWatch_20180423
 
20170426_CommerzbankResearch__BullionWeeklyTechnicals
20170426_CommerzbankResearch__BullionWeeklyTechnicals20170426_CommerzbankResearch__BullionWeeklyTechnicals
20170426_CommerzbankResearch__BullionWeeklyTechnicals
 
Tesi Laurea
Tesi LaureaTesi Laurea
Tesi Laurea
 
Atomic Bomb Tutorial En
Atomic Bomb Tutorial EnAtomic Bomb Tutorial En
Atomic Bomb Tutorial En
 
Bh Usa 07 Butler And Kendall
Bh Usa 07 Butler And KendallBh Usa 07 Butler And Kendall
Bh Usa 07 Butler And Kendall
 
Vistaceic2007 from CEIC 2007
Vistaceic2007 from CEIC 2007Vistaceic2007 from CEIC 2007
Vistaceic2007 from CEIC 2007
 

Recently uploaded

Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 

Recently uploaded (20)

Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 

Owned By An iPod

  • 1. i P o d Ma xi mil lian Do rns eif Pac Sec Laboratory for Dependable Distributed Systems 20
  • 2. Agenda • Who we are and what we do • Introduction to Firewire • Demo • Technical Details of hacking by FireWire • Forensics by FireWire • What to do about it Maximillian Dornseif • Laboratory for Dependable Distributed Systems
  • 3. Who are we? • RWTH Aachen University, Germany • Laboratory for Dependable Distributed Systems Laboratory for Dependable Distributed Systems • Michael Becher, Maximillian Dornseif, Halvar Flake, Christian Klein Maximillian Dornseif • Laboratory for Dependable Distributed Systems
  • 5. What is Firewire? • Developed by Apple Computers since 1985 • IEEE 1394 (1995), IEEE 1394a (2000), IEEE 1394b (2002). • Marketed by Apple as Firewire or FireWire • Marketed by Sony as iLink Maximillian Dornseif • Laboratory for Dependable Distributed Systems
  • 6. FireWire • Serial bus, similar but more sophisticated than USB • Faster • Peer-to-Peer, needs no computer • More Power Maximillian Dornseif • Laboratory for Dependable Distributed Systems
  • 7. Marketplace • Apple - pushing FireWire hard: • Since January 1999 in Desktops • Since January 2000 in Notebooks • September 2000 where the last non- FireWire machines shipped • October 2001: iPod as FireWire killer-app • Sony - we’ll come to that • Others: most upper class systems come with FireWire Maximillian Dornseif • Laboratory for Dependable Distributed Systems
  • 8. FireWire by Sony Maximillian Dornseif • Laboratory for Dependable Distributed Systems
  • 9. Other FireWire • Audio • Printers • Scanners • Cameras • GPS • Lab Equipment • Industrial Control Maximillian Dornseif • Laboratory for Dependable Distributed Systems
  • 10. Things to come Maximillian Dornseif • Laboratory for Dependable Distributed Systems
  • 11. Confusion Maximillian Dornseif • Laboratory for Dependable Distributed Systems
  • 12. Target Disk Mode • Press “T” while powering up • Macintosh will emulate a Firewire disk drive Maximillian Dornseif • Laboratory for Dependable Distributed Systems
  • 13. iBook (Dual USB may 2001) PowerBook G3 (FireWire) Feb 2000 Power Macintosh G3 (Blue & White) Jan 1999 iBook/iBook SE (FireWire Sept 2000) Maximillian Dornseif • Laboratory for Dependable Distributed Systems
  • 16. Maximillian Dornseif • Laboratory for Dependable Distributed Systems
  • 17. Maximillian Dornseif • Laboratory for Dependable Distributed Systems
  • 18. Maximillian Dornseif • Laboratory for Dependable Distributed Systems
  • 19. Maximillian Dornseif • Laboratory for Dependable Distributed Systems
  • 21. Unified Memoryspace Maximillian Dornseif • Laboratory for Dependable Distributed Systems
  • 22. OHCI • Asynchronous functions • Can be used to access on-board RAM and RAM on extension cards (PCI) physical requests - physical requests, including physical read, physical write and lock requests to some CSR registers (section 5.5), are handled directly by the Host Controller without assistance by system software.” (OHCI Standard) Maximillian Dornseif • Laboratory for Dependable Distributed Systems
  • 23. OHCI Filters • “Asynchronous Request Filters” “The 1394 Open HCI allows for selective access to host memory and the Asynchronous Receive Request context so that software can maintain host memory integrity. The selective access is provided by two sets of 64-bit registers: PhysRequestFilter and AsynchRequestFilter. These registers allow access to physical memory and the AR Request context on a nodeID basis.” (OHCI Standard) • PhysicalRequestFilter Registers (set and clear) “If an asynchronous request is received, passes the AsynchronousRequestFilter, and the offset is below PhysicalUpper-Bound (section 5.15), the sourceID of the request is used as an index into the PhysicalRequestFilter. If the corresponding bit in the PhysicalRequestFilter is set to 0, then the request shall be forwarded to the Asynchronous Receive Request DMA context. If however, the bit is set to 1, then the request shall be sent to the physical response unit.” (OHCI Standard) Maximillian Dornseif • Laboratory for Dependable Distributed Systems
  • 24. Exploiting Reads • We can read arbitrary memory locations. So we can: • Grab the Screen contents • Just search the memory for strings • Scan for possible key material • Parse the whole physical memory to understand logical memory layout. Maximillian Dornseif • Laboratory for Dependable Distributed Systems
  • 25. Exploiting Writes • We can write arbitrary data to arbitrary memory location. So we can: • Mess up • Change screen content • Change UID/GID of a certain process • Inject code into a process • Inject an additional Process Maximillian Dornseif • Laboratory for Dependable Distributed Systems
  • 27. The forensics schism • Unplug, do post-mortem disk-analysis • Misses Processes, open connections, etc. • Gather information on the live system, afterwards do a clean shutdown and do afterwards disk-analysis • Contaminates evidence during the information gathering Maximillian Dornseif • Laboratory for Dependable Distributed Systems
  • 28. Live Memory Dumps • Being able to dump the whole memory without software support would solve the schism • Tribble is a specialized pice of hardware being able to dump physical memory via DMA transfers over the PCI bus • If you can do the same via Firewire, you get away with a software only solution Maximillian Dornseif • Laboratory for Dependable Distributed Systems
  • 29. Forensics Challenges • There is little experience in reconstructing logical/virtual memory from physical memory dumps • To find open network connections etc. we have to parse a bunch of kernel structures Maximillian Dornseif • Laboratory for Dependable Distributed Systems
  • 31. Shields-Up! • Ensure that only fully trusted devices are connected to your FireWire ports • Press you driver/OS vendors about FireWire filtering Maximillian Dornseif • Laboratory for Dependable Distributed Systems
  • 32. Be Prepared for Forensics • You might want to keep FireWire ports on incident prone systems at hand • Keep them physically secured • Have some Software ready to do memory Dumps via FireWire Maximillian Dornseif • Laboratory for Dependable Distributed Systems