Tools used to crack system passwords when Shutdown (video)

Source: Internet
Author: User

Princeton University published a study in February this year, pointing out that the data in DRAM is in a "gradual" process several seconds after the computer is shut down. If the ambient temperature is low, this time will last for several minutes, which means that some data, such as passwords, in the computer system, does not disappear during this time, you can use special methods to obtain and crack sensitive data.Here). Yesterday, the research team published this group of tools for cracking at the h.o. P. E 2008 hacking conference.Their Home PageReleased the source code of the tool.

This tool consists of three parts: Memory imaging allows you to remotely start a computer using the PXE network, or use USB Memory to obtain a Memory image (the tutorial in the compressed package uses iPOD as an example to illustrate the corresponding steps ), the EFI Netboot Imaging Tools are applicable to the BSD system environment under EFI (Extensible Firmware Interface, Extensible Firmware Interface; the Automatic key-finding function can obtain 128/256-bit AES or RSA keys from the memory image respectively. Error-correction for AES key schedules provides 15% Error correction for the obtained AES keys. The group demonstrated this tool at the conference. The final memory data is only 0.1% different from the original data, and less than 0.01% if it is cooling down,The premise of the entire process is that the system is shut down abnormally (that is, the power cord is forcibly removed or the laptop's battery is removed), and the ECC memory is not used.

Due to the physical characteristics of DRAM, the entire cracking method is applicable to almost all disk encryption technologies (Windows, Mac OS, Linux, or any third-party disk encryption tools ), if the computer is not shut down (including locking or sleep), it means that all the key information in the memory stick can be easily obtained with the help of a small tank of compressed coolant after the computer power is forcibly disconnected. You canDownload hereIf you are interested in the dynamic process of data in the memory, you can do this by yourself.This experimentTo observe the data changes (Linux environment ). The following video details the process of the so-called "Cold Boot Attack:

Video watching

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.