PDA

View Full Version : new boot rootkit on truecrypt hidden volume attack


mar1ll1
August 11th, 2013, 08:41
hi there,

i just stumbled across this document, and find it rather interesting to share. maybe you know the author, for sure he knows "you" as this forum here is mentioned.
it has a crypto relation (truecrypt), but i put my post here, since not the algorithms are attacked.

"revealing the hidden" - "subverting the truecrypt bootloader"

http://k00n.byethost7.com

it's a very indepth guide of attacking the truecrypt bootloader, implementing a true
boot rootkit, targetting the hidden os, ntfs writer, password attack. it shows indepth insight into the truecrypt source code
and behavings (int 13h reentrance, etc.)

full source code of the ninja-boot-root" brk is included as well.

imho a good source of information.

regards,

mar1ll1

Woodmann
August 11th, 2013, 21:56
Howdy,

It is dated but still relevant.

Woodmann