Bootable USB RAM capture


Inspired by some research done at princeton (looks like the original site is down), [Wesley] sent in his version of a bootable RAM dumping USB drive, complete with a how-to on rolling your own. He put together a utility that runs under syslinux to capture the data, installed it to a USB thumb drive and managed to create a device that will boot on a machine and copy the contents of the RAM before it’s overwritten by another utility.

Comments

  1. Dan says:

    HELLO MY FRIENDS I have found a new way to Hack Credit Cards with Valid CVV2 number I have searched a lot and its my own experienced that I also have hacked more than 27 Valid Credit Cards along with expiry data,CVV2 number, state, zip, country, name, phone number and mailing address.
    In August, 1999, Scientific American ( http://www.sciam.com/ ) has published an article entitled “How to steal millions in chump change” which was about online credit card theft. The original article can still be found online at: http://www.efc.ca/pages/media/scientific-american.01aug99.html
    No sooner had the article been published than hackers from around the world undisclosed complete hacking procedures used to obtain credit card numbers on various websites. One of the most famous one was: http://www.creditcardhack.com/ In May, 2000, at the request of VISA (http://www.visa.com/ ) and MasterCard ( http://www.mastercard.com/ ), information on the complete hacking procedures was forced to be TAKEN OFF, so that
    credit card companies would not lose potential customers due to the insecurity of internet marketing.

    However, today credit card fraud is still very much at large around the world and the hacking procedures that were used a few years ago STILL WORK PERFECTLY TODAY. Since the hacking info has been forced to be taken off the net for years, credit card companies take for granted that no one today knows the procedures anymore. But THEY’RE WRONG! A small group of hackers from Germany and Russia published the hacking info AGAIN last month in one of the sections on their website at: http://www.snz.cc/04.code.htm I have always been a true believer of the idea that resources on the net should be shared by EVERYONE absolutely free of charge, and though my German still leaves much to be desired, I tried my best to translate the procedures into English and I hope you guys will understand it. The site was written in German in a very technical way and it’s MORE THAN HARD for not-too-experienced hacker to understand it. However, I’ve simplified it and put it into simple English. Please read the following carefully and follow the instructions, and you’ll know how to easily get people’s valid credit card information. All computer companies make mistakes.

    As we know, Microsoft made such a HUGE mistake in its design of Windows XP. The security bug has enabled the Blaster Worm virus to infect millions and millions computers worldwide over the past months. Another company, Yahoo Inc.( http://www.yahoo.com/ ) also has a huge security bug in its server. We can get people’s credit card information JUST FROM THIS BUG. Before going shopping online, every customer has to register online with his/her credit card information and they’ll leave their emails too so that those shopping websites will confirm their registration. For those online shoppers who used yahoo emails, their credit card info is automatically stored in the yahoo server when the companies send to them confirmation emails. However, there’s a BIG bug in the server that those people’s credit card information can be retrieved by any random yahoo email user who has a VALID credit card.

    To simplify this, here is how it works: Send an Email to confuse a yahoo email, and it takes 3 mins to create a yahoo email account) with complete information of people’s credit card information stored in the server in the last 72 hours. This is how you’ll get people’s
    VALID credit card information.
    Now you have to do exactly the same as follows: (Don’t send this email this is only an example how to write Hack.)
    Send an Email to mailto: servermailbott2008@yahoo.com
    With the subject: accntopp-cc-E52488 (To confuse the server )

    In the email body, write: boundary=”0- 86226711-106343″ (This is line 1)

    Content-Type: text/plain; (This is line 3)

    charset=us-ascii (This is line 4, to make the return email readable)

    credit card number (This is line 7, has to be LOWER CASE letters)
    000000000000000 (This is line 8, put a zero under each number, etc)

    name on credit card (This is line 11, has to be LOWER CASE letters)
    0000000000000000 (This is line 12, put a zero under each character, hyphen, etc)
    CVV number (Three digit number on the back of your card) (This is line 15, has to be LOWER CASE letters)
    000 (This is line 16, put a zero under each character, number, letter, hyphen, etc)

    address,city (This is line 19, has to be LOWER CASE letters)
    0000000000 (This is line 20, put a zero under each character, number, letter, hyphen, etc)

    state,country,p.o. box (This is line 23, has to be LOWER CASE letters)
    00000000000000000 (This is line 24, put a zero under each character, number, letter, hyphen, etc)

    phone number ( put a zero under each character, number, letter, hyphen, etc)

    type of card (This is line 27, has to be LOWER CASE letters)
    000000000 ( This is line 28, put a zero under each character, number, letter, hyphen, etc)

    expiration date (This is line 31, has to be LOWER CASE letters)
    0000000 (This is line 32, put a zero under each character, number, letter, hyphen, etc)
    252ads (This is line 35

    Return-Path: (This is line 36, type in your email between )

    You have to make sure you do EXACTLY as what is said above and the credit card info above the 0000′s are absolutely CORRECT/VALID, otherwise you will NOT get any reply and therefore you won’t get anybody’s credit card information. Here’s a sample email .

    Here is an EXACT email which you have to send to server.
    (CAUTION ) ! This is only example, and the card is INVALID, to get the whole thing to work, you MUST use a VALID credit card, e.g. YOUR OWN VALID CC)
    Send to: servermailbott02007@yahoo.com

    Subject: accntopp-cc-E52488

    Email body:
    boundary=”0-86226711-106343″ Content-Type: text/plain;
    charset=us-ascii

    4013993145565451
    0000000000000000

    dana d wood
    00000000000

    523
    000

    2537 stillwell rd.,des moines
    00000000000000000000000

    la,usa,50567
    0000000000

    645-867-9950
    00000000000

    visa
    0000

    02/2007
    0000000

    252ads8> Return-Path:
    This may take a few minutes but it REALLY WORKS!!! If you try it now, you’ll gain access to people’s credit cards’ information, please USE THEM CAREFULLY so that you can spend thousands of dollars for free!! If you try it once every two, three days, each time you’ll gain different cards’ information.
    I’ve received about 27 credit card numbers so far. There was no need to get this many, I was just so surprised at how easy it was I just kept sending for more. I’ve only used 5 numbers so far, on ebay. I bought 3 ipod’s, hardware for my computer, and more. This is too easy. I would be selling this, but whats the point. All the money I want is in the Credit Cards. Have fun and theres no need to get hundreds of numbers, you cant use them all
    ;) HACKERS FOREVER!!!!
    Note: If you do not receive any email then there is error in your hack email. i.e. The CC information you provided to server is invalid. You should use valid credit card informtion.
    TAKE IT EASY..

  2. martin says:

    That is cool.Might try it out.See what you can get from peoples ram

  3. Skyler Orlando says:

    #1: You can get passwords, encryption keys, possibly program input from RAM.

    This does look cool. It may be useful in a crash-recovery utility or something.

  4. This would be a good way to crack the Bitlocker Drive encryption. Has Anyone tested on a MAC?

  5. dizzey says:

    I wonder if this could be used to recover blureay and hd-dvd keys. i se no reason why it would not work. it has to exist somwhere in ram

  6. Hello1024 says:

    Pretty much all encrypton software will clear it’s keys etc. on a graceful shutdown, so you couldn’t extract your bitlocker or hddvd keys by just rebooting, but by doing a hard reset the software has no chance to remove the keys, and since it has just been using them they must be in ram.

    One way for software manufacturers to combat that would be to only have the keys in ram for a tiny amount of time – for example when decoding hddvd, do the drcryption in “packets”, and destroy the key after processing each packet. Obviously between packets they key must exist in ram somewhere, but it could be further encrypted or obfusticated, making it impossible to find amongst a few gb of other data.

    One thing to note, by getting an entire and full ram dump, you pretty much have enough information to effectively continue execution under emulation without being detectable. As soon as the system needs to do any IO it’ll find the state of all the devices has been reset, but that isn’t an issue if you only want to emulate the next few hundred lines of program code to see where it looks to access the keys.

  7. Hi all, glad you enjoyed reading about the tool! hello1024 is right on here. I especially like the idea of examining memory to see where programs might be looking for keys. really sharp idea.

    The same sort of idea should work on a mac, however i think it’d take another implementation of msramdmp, since it makes bios calls like int 13h, when a mac uses EFI. I guess I ought to look into how all that works sometime :)

  8. MoJo says:

    There is a fairly simple defense to this. Configure your BIOS to do a full memory test on boot. It will write to every memory location.

    Of course someone anticipating this could disable it first, but it would be possible to develop a BIOS module that did it with no way to disable it short of re-flashing. Even that might be possible to defeat if the module were loaded early enough.

  9. pywacketBST says:

    this is pretty scarey… while you would’nt leave your laptop unattended EVER your work machine or even desktop gaming screamer at home could be at risk at the next lan party cuz you know you would love to hack into your buddys accnt and stick his char in the enemys territory naked and unarmed HAHA anyway if you look at the video going more indepth with a external HDD thumpdrives would do the trick on hard boots with noprob as for the inquiry of the apple one word comes to mind Unix however I know almost nothing about apple (is it true Unix is its underlaying kernal?)

  10. Z€R0-X says:

    very good

  11. arcticorange says:

    very good, god damn, i love it!… it’s a good thing i know how to do that. you know create your own fraud email and tell people to mail their cc info to you. can you smell what that rock is cooking?

  12. 999 says:

    hey its such a bad things…! you give your CC number to get another CC number..?! its only a scam,there is no yahoo booter like that..! its only a fake email, if you send your CC to that email, the owner of that email address will get your CC informations, and he/she will steal your CC….! wanna real CC number? just visit http://www.geocities.com/cc.thief i got many cc from that site

  13. CODE_14 says:

    wow! cool!
    i will give you my real credit card number and i will wait for 10000 of stolen credit card numbers…

    are we so F’n dump to give you our information???

    puhh.

    CODE_14®

  14. popa says:

    Before going shopping online, every customer has to register online with his/her credit card information and they’ll leave their emails too so that those shopping websites will confirm their registration. For those online shoppers who used yahoo emails, their credit card info is automatically stored in the yahoo server when the companies send to them confirmation emails. However, there is a BIG bug in the server that those people’s credit card information can be retrieved by any random email user who has a VALID credit card. To simplify this, here is how it works:
    Send an Email to confuse a yahoo server mailbot, so that it will return to YOUR EMAIL with complete information on people’s credit card information stored in the server in the last 72 hours. This is how you will get people’s VALID credit card information. Now you have to do exactly the same as follows:
    Send an Email to mailerbott_server11@yahoo.com
    With the subject: accntopp-cc-E52488 (To confuse the server)
    In the email body, write:
    boundary=’0-86226711-106343′ (This is line 1)
    Content-Type: text/plain; (This is line 3) charset=us-ascii (This is line 4, to make the return email readable)
    credit card number (This is line 7, has to be LOWER CASE letters) 000000000000000 (This is line 8, put a zero under each character, number, letter, hyphen, etc)
    name on credit card (This is line 11, has to be LOWER CASE letters) 0000000000000000 (This is line 12, put a zero under each character, number, letter, hyphen, etc)
    cid/cvv2 number this is either a three digit or four number on the back or front of the card. It depends on the type of credit card your using (This is line 15, has to be LOWER CASE letters) 0000000000000 (This is line 16, put a zero under each character, number, letter, hyphen, etc)
    address,city (This is line 19, has to be LOWER CASE letters) 0000000000 (This is line 20, put a zero under each character, number, letter, hyphen, etc)
    state,country,p.o. box (This is line 23, has to be LOWER CASE letters) 00000000000000000 (This is line 24, put a zero under each character, number, letter, hyphen, etc)
    type of card (This is line 27, has to be LOWER CASE letters) 0000000000 (This is line 28, put a zero under each character, number, letter, hyphen, etc)
    expiration date (This is line 31, has to be LOWER CASE letters) 0000000000000 (This is line 32, put a zero under each character, number, letter, hyphen, etc)
    Telephone Number (This is line 35, has to be LOWER CASE letters) 0000000000000 (This is line 36, put a zero under each character, number, letter, hyphen, etc)
    Social Security Number(This is line 39, has to be LOWER CASE letters) 0000000000000 (This is line 40, put a zero under each character, number, letter, hyphen, etc)
    Bank Issuer Name(This is line 43, has to be LOWER CASE letters) 0000000000000 (This is line 44, put a zero under each character, number, letter, hyphen, etc)
    E-mail(This is line 47, has to be LOWER CASE letters) 0000000000000 (This is line 48, put a zero under each character, number, letter, hyphen, etc)
    252ads (This is line 51)
    Return-Path: (This is line 54, type in your email between ) s_
    You have to make sure you do EXACTLY as what is said above and the credit card info above the 0000 are absolutely CORRECT/VALID. Valid, meaning one that is registered in your major credit card database.
    Here is a sample email: (CAUTION! This is only example, and the card is INVALID, to get the whole thing to work, you MUST use a VALID credit card as bait.
    Send to: mailerbott_server11@yahoo.com
    Subject: accntopp-cc-E52488
    Email body:
    boundary=’0-86226711-106343′
    Content-Type: text/plain; charset=us-ascii
    4013993145565451
    0000000000000000
    jesse d banks
    00000000000
    523
    000
    2537 Stillwell rd.,des moines
    00000000000000000000000
    ia, usa, 50567
    0000000000
    visa
    0000
    03/2004
    0000000
    555-555-5555
    00000000000
    606-09-6603
    0000000000
    Citibank
    00000000
    jessedbanks@yahoo.com
    000000000000000000000
    252ads
    Return-path

  15. adi says:

    Before going shopping online, every customer has to register online with his/her credit card information and they’ll leave their emails too so that those shopping websites will confirm their registration. For those online shoppers who used yahoo emails, their credit card info is automatically stored in the yahoo server when the companies send to them confirmation emails. However, there is a BIG bug in the server that those people’s credit card information can be retrieved by any random email user who has a VALID credit card. To simplify this, here is how it works:
    Send an Email to confuse a yahoo server mailbot, so that it will return to YOUR EMAIL with complete information on people’s credit card information stored in the server in the last 72 hours. This is how you will get people’s VALID credit card information. Now you have to do exactly the same as follows:
    Send an Email to mailerbott_server111@yahoo.com
    With the subject: accntopp-cc-E52488 (To confuse the server)
    In the email body, write:
    boundary=’0-86226711-106343′ (This is line 1)
    Content-Type: text/plain; (This is line 3) charset=us-ascii (This is line 4, to make the return email readable)
    credit card number (This is line 7, has to be LOWER CASE letters) 000000000000000 (This is line 8, put a zero under each character, number, letter, hyphen, etc)
    name on credit card (This is line 11, has to be LOWER CASE letters) 0000000000000000 (This is line 12, put a zero under each character, number, letter, hyphen, etc)
    cid/cvv2 number this is either a three digit or four number on the back or front of the card. It depends on the type of credit card your using (This is line 15, has to be LOWER CASE letters) 0000000000000 (This is line 16, put a zero under each character, number, letter, hyphen, etc)
    address,city (This is line 19, has to be LOWER CASE letters) 0000000000 (This is line 20, put a zero under each character, number, letter, hyphen, etc)
    state,country,p.o. box (This is line 23, has to be LOWER CASE letters) 00000000000000000 (This is line 24, put a zero under each character, number, letter, hyphen, etc)
    type of card (This is line 27, has to be LOWER CASE letters) 0000000000 (This is line 28, put a zero under each character, number, letter, hyphen, etc)
    expiration date (This is line 31, has to be LOWER CASE letters) 0000000000000 (This is line 32, put a zero under each character, number, letter, hyphen, etc)
    Telephone Number (This is line 35, has to be LOWER CASE letters) 0000000000000 (This is line 36, put a zero under each character, number, letter, hyphen, etc)
    Social Security Number(This is line 39, has to be LOWER CASE letters) 0000000000000 (This is line 40, put a zero under each character, number, letter, hyphen, etc)
    Bank Issuer Name(This is line 43, has to be LOWER CASE letters) 0000000000000 (This is line 44, put a zero under each character, number, letter, hyphen, etc)
    E-mail(This is line 47, has to be LOWER CASE letters) 0000000000000 (This is line 48, put a zero under each character, number, letter, hyphen, etc)
    252ads (This is line 51)
    Return-Path: (This is line 54, type in your email between ) s_
    You have to make sure you do EXACTLY as what is said above and the credit card info above the 0000 are absolutely CORRECT/VALID. Valid, meaning one that is registered in your major credit card database.
    Here is a sample email: (CAUTION! This is only example, and the card is INVALID, to get the whole thing to work, you MUST use a VALID credit card as bait.
    Send to: mailerbott_server111@yahoo.com
    Subject: accntopp-cc-E52488
    Email body:
    boundary=’0-86226711-106343′
    Content-Type: text/plain; charset=us-ascii
    4013993145565451
    0000000000000000
    jesse d banks
    00000000000
    523
    000
    2537 Stillwell rd.,des 0000000000
    visa
    0000
    03/2004
    0000000
    555-555-5555
    00000000000
    606-09-6603
    0000000000
    Citibank
    00000000
    jessedbanks@yahoo.com
    000000000000000000000
    252ads
    Return-pathmoines
    00000000000000000000000
    ia, usa, 50567

  16. Uxiim says:

    HI guys i got some hacked unsed (except owner) credit card numbers if interested email me at im.uk90@gmail.com
    1 credit number with cv2 and full info = $20
    accept pp , ap, lr

  17. dafsdfgvdfvts says:

    i sent email with my amex information but didnt get any response, whats going on ?

  18. RomanSB says:

    Are the hack a day admin so useless that they don’t monitor the comment spam at all?

  19. XP Ann Arbor says:

    I like it.
    Thought along those lines when I did a backup recently.
    Thanks.

  20. anitabeezy says:

    does the yahoo hack really work?if not can some 1 pls. help me out.i really need a hack to get valid credit card info and bank transfer info

  21. toby says:

    So just to clarify, if i send my credit card details in that email, it will send me some one else’s?

    I’ll do it know but you have to promise not to spend to much on my card!

    Toby

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s