So a while ago I put together a hardware security project. The device I was building was a PCIExpress device to do DMA (Direct Memory Access) attacks on a computer. The idea being you would have a card that you could put in a slot into the computer. Then this card would basically use its privilege on that bus to go and view the contents of memory and other things in the system. The way that a network packet goes from the NIC to memory is DMA. The way graphics go from memory to the video card is the DMA.  So in order to function PCIExpress devices have access to memory– that’s how they do their job. I just wanted to take advantage of that.

There had been a previous project in which they took an FPGA (Field Programmable Array) and they built a board. On the board they synthesized a small core in the FPGA and it ran a bunch of code. This board sat in the PCI Express slot which is inside a Thunderbolt enclosure which is connected to a Thunderbolt cable to a Mac. This device would appear to the Mac as if it was an SD card adapter and Mac OS would gladly give it access to memory. Then the device would search through memory for the code that managed the password prompt. Then the device would make it so that no matter what you entered for your password it would be true.

The lock screen would go away and it breaks into the system. Note, there are many more things you can do with this level of access; bypassing lock screen is just the easiest access to demo.

The project they put together had a cable, an enclosure, an FPGA board, a softcore synthesizer on that, code running on the soft core. A lot of stuff, a lot of pieces. I’m like, “I think that there’s a lighter weight solution.”

In prior work, I had encountered a chip prior that was essentially a PCIExpress to USB bridge. So it was designed to let you use a USB device appear as a PCI Express device or it take a PCI Express device like a graphics card and hook it up via a USB port. So just by twiddling with some of the registers in this device I could make it appear to be an SD card reader on the victim computer, fully controlled via a USB cable connected to my attack computer. I would then have software on my attack computer send commands over USB, direct the fake SD card reader to do memory accesses within the victim computer.

Eventually, I distilled the former solution into just 20 bytes of firmware for this USB PCIExpress bridge chip and 8 lines of Python code that I ran on my laptop. So the 8 lines of Python tells the card to do the memory reads and writes. The 20 bytes of firmware tells the card to show up as both a USB device to my attack computer and a PCIExpress SD card reader to the victim computer. I plug the device into the PCIe slot and hook it all together. Suddenly I have the same ability as the former solution by just patching together existing software tools to give me memory access to bypass a lock screen.

The firmware provides the flexibility to my solution. What I am doing with the firmware is just setting configuration registers within the bridge chip. When the chip powers on and you power on the victim computer and it powers on my malicious PCIExpress card plugged into it’s slot. When the victim computer asks the malicious PCIe device ”what is your vendor id and device id”, the device looks those up in it’s 20 bytes of firmware. The firmware also gives the PCIe device instructions to enable remote control via it’s USB port. With 20 bytes I was able to do all that. When the card powered on the silicon just did its job. Which was to pass my attack computer’s USB requests over to PCIExpress on the victim computer, and PCI Express has read and write privileges to the memory on the victim computer.

Then to by-pass the lock screen’s password, I added my 8 lines of Python to an existing forensics tool. This would first read through memory to find the code responsible for password checking. Then, it would write to memory- to patch the code to accept any password. Finally, I log into the system and now I can do whatever I want on the system. I did this all with a lighter weight solution. In this case, the fewer parts also cost less, about $60 worth of equipment. Now figuring out that 20 bytes of firmware- well that took me much longer than I had expected. That’s a story that goes deeper into figuring this all out.

Have a Productive Day,

Joe FitzPatrick

Dear Reader, please share your comments and stories that are sparked by this piece. Have you ever taken a complex solution and replaces it with something simpler but just as effective?  See Contribute for how you can share a story at The Engineers’ Daughter.

Additional Reading

To explore some of the technology mentioned in this post we have selected a few places for you to start.

First some more about Direct Memory Access:  A brief video from a Udacity course. A deeper introduction to Direct Memory Access. An overview of DMA attacks and strategies to prevent such attacks.

USB and PCI Express are industry standard hardware interfaces which have specifications.  PCI Express Spec and USB Spec.

Remaining transcript from this story collection between Joe FitPatrick and Anne Meixner, edited for clarity.  Sharing it because it describes how these types of systems which break into a computer with hardware access and used and gives a back story to the Government Apple exchange regarding giving access to an iPhone.

Anne: So this is really a hardware way of getting a password as opposed to what you hear in the press all the time it takes a computer to run through all these numbers.  Your telling me you don’t need a random number generator to find the password.

Joe: If you were to have a hashable password it would take you a long time to crack that password. But if you have direct access to the memory of the system you can just tell the code that you don’t need a password. The tool that is most readily available to do this is called Inception. Like the movie where you jump into people’s minds and change their memories. You jump into the computer and change its memory to make it think that you have the right password.

Anne:  Well that means you have to physically connect to the computer.

Joe: Yes, so that’s one of the downsides of this is physical access. But a lot of times this is used is in forensic investigations. So that they seize a bunch of computers, their still running, they can go and use this to by-pass the lock screen and then have access to the system.

Anne:  That reminds me of the terrorist incident in Southern California and Apple giving access to an I-phone owned by one of the terrorists.

Joe: It’s the exact same thing problem and its actually projects like what I have done have made Apple go and harden and secure against these things.

Anne: Which was why when the government was asking can’t we use a backdoor and Apple saying “No we made it so we can’t.”

Joe:  It use to be like it took tens of thousands of dollars of equipment to do this. Then there was this other FPGA based system which is about a thousand dollars’ worth of equipment. My version is about sixty dollars’ worth of equipment. So as the cost of the equipment to do these things gets cheaper its more compelling for companies to secure them.

Anne: So no matter how much I change my password, it wouldn’t matter because if you have physical access to it you can get into it.

Joe: It’s gotten much better than that. There are mechanisms in place that can protect you right now since Mac OS 10.8.2. They mostly block it.

Anne:  What about Windows based machines?

Joe: Well that’s another story, (Laughter) and I don’t know that story.