hacking in physically addressable memory a proof of concept

Several advances in hacking via DMA will be introduced; attacks to steal ssh private keys, inject code and obtain an interactive shell via firewire only will be presented. All of these advances are based on data structures that are required by the CPU to provide virtual address spaces for each process running on the system. These data structures are searched and then parsed to solve the puzzle of randomly scattered pages in the physical memory, thus being able to read and write in each processes virtual address space. Most of the attacks introduced will be adaptable to all kinds of operating system and hardware combinations, but as a sample target, Linux on an IA-32 system with the kernel-options CONFIG NOHIGHMEM or CONFIG HIGHMEM4G, CONFIG VMSPLIT 3G and CONFIG PAGE OFFSET=0xC0000000 is used.

[1]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[2]  Bin Ma,et al.  The similarity metric , 2001, IEEE Transactions on Information Theory.

[3]  Paul M. B. Vitányi,et al.  Clustering by compression , 2003, IEEE Transactions on Information Theory.

[4]  Ming Li,et al.  An Introduction to Kolmogorov Complexity and Its Applications , 2019, Texts in Computer Science.

[5]  Stephanie Wehner,et al.  Analyzing worms and network traffic using compression , 2005, J. Comput. Secur..

[6]  Axthonv G. Oettinger,et al.  IEEE Transactions on Information Theory , 1998 .

[7]  John Viega,et al.  Network Security with OpenSSL , 2002 .

[8]  Otto Spaniol,et al.  Sicherheit in Kommunikationsnetzen - Skript zur Vorlesung an der RWTH-Aachen , 2000, Aachener Beiträge zur Informatik.

[9]  No License,et al.  Intel ® 64 and IA-32 Architectures Software Developer ’ s Manual Volume 3 A : System Programming Guide , Part 1 , 2006 .

[10]  Adi Shamir,et al.  Playing "Hide and Seek" with Stored Keys , 1999, Financial Cryptography.