Direct Memory Access Attacks - An easy way to hack into memory, bypass logon screens and ignore device encryption | Blog

Posted On: May 28 , 2024
Written By: Steve Velcev

Have you ever come across a laptop, server or desktop computer that has Full Device Encryption (FDE) and protected by a password/logon screen that you would like to hack into easily? Well Direct Memory Access (DMA) attacks can easily bypass these security measures given a few preconditions.

In this blog post we are going to explore how a hacker can easily utilise Direct Memory Access attacks to gain full control over a computer system and discuss what you and your organisation can do to prevent such types of attacks.

What is Direct Memory Access (DMA)?

Direct Memory Access is a legitimate feature of computer systems that allows certain hardware subsystems to access main system memory independently of the central processing unit (CPU) allowing for high-speed data transfer. Numerous hardware devices use DMA, including disk drive controllers, graphics cards, network cards and sound cards.

These hardware devices connect to the computer via several DMA capable connections such as PCI Express, PCI, Thunderbolt, USB 4.0, FireWire, ExpressCard and CardBus. These connections allow for transfer of data between the device itself and the computer at maximum speeds possible by having direct read and write access to the main memory without any Operating System (OS) supervision or interaction.

All modern computer systems such as laptops, servers and desktop computers have at least one form of a DMA capable connection such as Thunderbolt or PCI Express. These common connections can give a hacker an opportunity to potentially bypass all OS security mechanisms such as the Windows password logon/lock screen, gain access to all physical memory address space despite having FDE as the operating system memory is decrypted when in operation which allows for stealing of the systems unencrypted data such as cryptographic keys and even allows for the installation of various malware such as keyloggers and backdoors for example.

DMA attack scenarios

There are a several scenarios where a hacker can try to perform a DMA attack such as a gaining access to a stolen device like a laptop, performing a DMA drive by attack where the hacker quickly plugs a DMA attack device into a PCI Express slot or Thunderbolt port while the device is not attended or by sending a victim a rouge DMA device disguised as a normal everyday device as part of a social engineering attack.

At SureCloud, one of the scenarios we like to test as part of a Red Team engagements is what happens if a client’s devices such as a laptop gets stolen by a hacker and what can they do with it? Most organisations these days implement Full Device Encryption via BitLocker for example and are protected by operating system logon screens such as the Windows logon screen that prompt for the user’s password when starting up a Windows based device. There are currently no publicly known software-based vulnerabilities that bypass these security mechanisms, and this is where DMA attacks can be useful for hackers as it allows them to bypass these security measures with the help of a specialised DMA device such as the Screamer PCIe Squirrel, LeetDMA, Enigma-x1 and USB3380-EVB to name a few. These devices can easily be purchased online are commonly used for various other purposes such as game hacking and kernel code debugging. The specialised DMA device is plugged into the stolen laptop either via PCI Express capable slot such as a M.2 slot or via a Thunderbolt port. It should be noted that for this attack to work a few security features in the BIOS need to be off which are sometimes set to off by default or can be changed by a hacker if there is no BIOS password. Thus, if your organisation or your personal device does not have a BIOS password, we highly recommend implementing one to prevent a hacker from switching off security features that help protect against various attacks such as DMA attacks.

Figure 1: DMA Attack Devices

Another important part of the DMA attack is the software that helps to make the DMA attacks easily executable. The most popular DMA attack software is called PCILeech created by the father of DMA attacks Ulf Frisk which uses the DMA hardware device to read and write to the system memory allowing for easy access to live memory and the file system via a mounted drive. PCILeech also makes it possible to remove the OS logon password requirements, loading of unsigned drivers, execution of code and spawning of system shells and it supported target system is currently the x64 versions of: UEFI, Linux, FreeBSD and Windows.

Here are some of the features that PCILeech is capable of:

- Retrieve memory from the target system at >150MB/s
- Write data to the target system memory.
- ALL memory can be accessed in native DMA mode (FPGA hardware).
- ALL memory can be accessed if kernel module (KMD) is loaded.
- Mount live RAM as file [Linux, Windows, macOS Sierra*].
- Mount file system as drive [Linux, Windows, macOS Sierra*].
- Execute kernel code on the target system.
- Spawn system shell and other executables [Windows].
- Pull and Push files [Linux, FreeBSD, Windows, macOS Sierra*].
- Patch / Unlock (remove password requirement) [Windows, macOS Sierra*].
- Easy to create own kernel shellcode and/or custom signatures.
- Dump physical memory over the network.
- Execute Python memory analysis scripts on the remote host.
- *macOS High Sierra and above are not supported.

Source: https://github.com/ufrisk/pcileech

As you can see these features are a treasure trove for hackers as it allows the hacker to perform some very powerful operations to bypass security on almost all popular Operating Systems such as Linux and Windows. The next section will demonstrate some of these attacks here.

Hands on DMA attack demonstration.

The target device is a modern-day Windows 10 based laptop that is password protected and has no BIOS password. The DMA Device (Screamer PCIe Squirrel) was connected to a free M.2 slot on the Laptops Motherboard with a M.2 to PCI Express 4x extension cable. The hacker then attaches a USB Type C cable from the DMA device to the hacker’s laptop to run PCILeech software and can execute various command such as:

- pcileech.exe kmdload -kmd WIN10_X64_3 (Loads a kernel module into Windows 10 system which returns the kernel memory address which is required for the next attacks .e.g 0x7fffe000)
- pcileech.exe wx64_pscmd -kmd 0x7fffe000 (Spawns a system shell on the target system at the memory address space of 0x7fffe000 where the first kernel module was loaded)
- pclileech.exe wx64_unlock -kmd 0x7fffe000 -0 1(Removes the password requirement when logging on to Windows)
- pcileech.exe mount -kmd 0x7fffe000 (Mounts the target system live RAM and file system for easy exploration as a mounted drive)
- pcileech.exe dump -kmd 0x7fffe000 (Dumps all memory from the target system)

Figure 2: DMA Attack against a Laptop using Screamer PCIE Squirrel DMA device and PCILeech Software to spawn a cmd.exe shell as NT/System Authority.

Figure 3: PCILeech software used to load code into the Kernel on the Windows 10 Laptop and spawn a cmd.exe shell as NT/System Authority.

Figure 4: Mounting the target systems memory using PCILeech and using file explorer to view the contents.

Mitigations

To prevent DMA attacks the first and most obvious part is physical security. Preventing unauthorised access to a physical device and its slots/ports will prevent hackers from performing this type of attack as physical access is required. If the device is within public spaces and can’t be securely stored away or is stolen the following settings are crucial to prevent DMA attacks.

- Ensure there is a sufficiently strong BIOS password to prevent disabling of the next BIOS security settings related to helping protect against DMA attacks.

- Enable Input–output memory management unit (IOMMU) within the BIOS. Intel brands its IOMMU as VT-d and AMD brands its IOMMU as AMD-Vi. Linux and Windows 10 support these IOMMUs and can use them to block I/O transactions that have not been allowed.

- To protect Thunderbolt ports, ensure that the Thunderbolt security policy level is set to 1 or above within the BIOS.

- Enable Secure Boot and/or Trusted Boot within the BIOS. Secure Boot is a Unified Extensible Firmware Interface (UEFI) feature which is designed to block execution of non-verified OS code during the boot process. Trusted Boot takes over where Secure Boot ends and is typically implemented in a system's firmware and is designed to be more resilient than software-based security measures, such as Secure Boot.
- If BitLocker is enabled ensure that Pre-boot authentication is enabled with a PIN or password, or both combined with a Trusted Platform Module (TPM).

- Enable Microsoft Virtualization-Based Security (VBS) features such as Device Guard. Device Guard is a security feature that helps prevent the execution of malicious software on a device. It does this by only allowing trusted apps to run, based on predetermined criteria such as the applications publisher or the location where the app was downloaded from. Also consider enabling Credential Guard to protect against other attacks attempting to steal credentials from the system.

- In Windows 10 and 11 enable the Kernel DMA protection feature. (IMMOU and SecureBoot must be enabled)

Go to Windows Security -> Device security > Core isolation details > Memory access protection

This setting can also be enabled via InTune/MDM using below two policies:

It’s recommended that as much of these settings be enabled, if possible, to prevent DMA attacks as there is no single security solution that can protect against DMA attacks alone. DMA attacks are just one type of a physical attack and there are many more that an organisation needs to be aware of such as malicious USB devices, attacks that target the BIOS/UEFI firmware and attacks against the TPM module.