Shmoocon 2006: Cardbus Bus-Mastering: 0wning the Laptop

shmoocon

David Hulton (h1kari) talked about the implications of cardbus bus-mastering. It goes pretty much hand-in-hand with David Maynor’s USB direct memory access work. The idea is using bus-mastering to take over other PCI devices, download passwords and keys from memory, unlock screensavers, and plant memory-based or firmware-based trojans. So, what kind of device could do all this? David works for Pico Computing which is developing cardbus based FPGAs. They’re pretty cool little devices and for dedicated tasks like brute force cracking they’re really efficient. Check out OpenCiphers for details on using FPGAs with modern cryptography. Unfortunately h1kari didn’t have a demo, but David Maynor was there to talk about his USB stuff. An interesting tidbit was what USB device he used for his exploration: a Motorola MPx200. It was released before the USB 2.0 spec was finalized so the phone was designed to have its USB firmware upgraded, handy for hacking.

Comments

  1. digitallysick says:

    this is to the “first post” guy, that says w00t, well guess what, first post, w00t!

  2. winphreak says:

    this is the second post guy who says first post guy sucks because i missed it.

    AFTA: Quite interesting. It seems the advancements in portability may eventually become security risks. I’m interested to see how far a PCcard can be push like that.

  3. pacobell says:

    @winphreak: If your “afta” blurb was intended as the acronym “atfa”, it is quite funny if you think about it ;)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 96,725 other followers