Public FPGA based DMA Attacking

Ulf Frisk

Playlists: '34c3' videos starting here / audio / related events

Most thought Direct Memory Access (DMA) attacks were a thing of the past after CPU vendors introduced IOMMUs and OS vendors blocked Firewire DMA. At least until the PCILeech direct memory access attack toolkit was presented a year ago and quickly became popular amongst red teamers and governments alike.

A year later the situation has improved but some firmware and operating systems still remain vulnerable by default. The hardware used to perform the attacks was however limited both in capabilities and supply. FPGA support was introduced and made available to the public to overcome these problems. In this talk I will subvert kernels, defeat full disk encryption and spawn system shells - all by using affordable publically available FPGAs and open source software!


These files contain multiple languages.

This Talk was translated into multiple languages. The files available for download contain all languages as separate audio-tracks. Most desktop video players allow you to choose between them.

Please look for "audio tracks" in your desktop video player.