神奇嗎?在超低溫下就可以一虧窺小綠人 Android 底細?
We present FROST, a tool set that supports the forensic recovery of scrambled telephones. To this end we perform cold boot attacks against Android smartphones and retrieve disk encryption keys from RAM. We show that cold boot attacks against Android phones are generally possible for the first time, and we perform our attacks practically against Galaxy Nexus devices from Samsung. To break disk encryption, the bootloader must be unlocked before the attack because scrambled user partitions are wiped during unlocking. However, we show that cold boot attacks are more generic and allow to retrieve sensitive information, such as contact lists, visited web sites, and photos, directly from RAM, even though the bootloader is locked.
細究之下,其實這篇研究 FROST: Forensic Recovery Of Scrambled Telephones主要是利用DRAM記憶體的暫存物理效應,在低溫環境下,讓 RAM中資料消失的速度減緩(五至六秒),而在這短短數秒內,便可透過其他機器把資料抓起來或是直接破解加密金鑰(FDE keys)!
當然啦,同樣的方法,也可以應用在筆電、平板等使用 RAM的系統(有哪個電子產品沒有用,摔筆!),研究團隊很大方地將相關工具放在網站上,有興趣的鄉民可以試試看,用低溫冷凍來破解嘗試手機相機電腦平板吧!
當然啦,同樣的方法,也可以應用在筆電、平板等使用 RAM的系統(有哪個電子產品沒有用,摔筆!),研究團隊很大方地將相關工具放在網站上,有興趣的鄉民可以試試看,用低溫冷凍來破解嘗試手機相機電腦平板吧!
- Technical Report: frost.pdf (by Tilo Müller and Michael Spreitzenbarth)
- Recovery Image: frost.gnex.img (for Galaxy Nexus devices, ClockwordMod-based)
- Loadable Kernel Module: frost.lkm.tgz (source code for Linux-kernels; includes Android specific binary)
- Crack 4-digit PINs: frost.crackpin.tgz (source code and statically linked binary for Android; requires PolarSSL)
- Freezing Droid: freezing_droid.tgz (summarized result: droid.png, or original bitmaps: a b c d e)
- External Resources: cross-compiled dmsetup-utility; and the forensics module LiME.
沒有留言:
張貼留言