acoustic-keylogger
tpm.dev.tutorials
acoustic-keylogger | tpm.dev.tutorials | |
---|---|---|
4 | 3 | |
86 | 80 | |
- | - | |
0.0 | 10.0 | |
over 1 year ago | about 2 years ago | |
Python | Shell | |
- | Creative Commons Attribution Share Alike 4.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
acoustic-keylogger
-
AMD's Firmware TPMs Vulnerable to Hardware Attacks, Defeating Disk Encryption
You don't even need to attach it, other placements are sufficient as well. <https://github.com/shoyo/acoustic-keylogger/tree/master/acou...>
-
Crooks’ Mistaken Bet on Encrypted Phones
It's worse than that. Physical access to target hardware in any state for any length of time can result in full compromise in the future.
Brief access to target's premises can result in full compromise without even using a camera:
https://github.com/shoyo/acoustic-keylogger
-
ELI5 hardware keylogging
On the hardware side, we've had enough advances in machine learning that acoustic "keyloggers" that can reconstruct a series of keystrokes based on an audio recording are starting to become viable: https://github.com/shoyo/acoustic-keylogger
- Sound-based keylogging: Clustering keystroke audio recordings with t-SNE
tpm.dev.tutorials
-
Bypassing Bitlocker using a cheap logic analyzer on a Lenovo laptop
>> The discrete TPM's threat model was never designed to cover you from attackers using oscilloscope to probe your laptop's SPI bus during the boot process for unencrypted data.
This is not really true. All TPMs (or at least since v2.0, but no matter if discrete or not) support encrypted session against passive eavesdroppers. There is also the possibility to protect against MiTM attacks, but that is more complex (since you then need to setup credentials).
See here [0]:
"Encryption sessions are useful for when the path to a TPM is not trused, such as when a TPM is a remote TPM, or when otherwise the path to the TPM is not trusted."
The issue is that the OS / Bootloader does not implement such mechanism.
[0] https://github.com/tpm2dev/tpm.dev.tutorials/blob/master/Int...
-
AMD's Firmware TPMs Vulnerable to Hardware Attacks, Defeating Disk Encryption
> A dTPM uses an unencrypted protocol to communicate with the CPU
While that is strictly speaking true, the TPM command set allows you to set up an encrypted session to the TPM using an ECDH or RSA key for key exchange that authenticates the TPM.
The problem is that the BMCs and BIOSes out there don't record a public key for a primary key on the TPM and then don't bother using encrypted sessions (not even opportunistically getting that public key from the TPM, which would defeat passive attacks).
That's a software problem, not a TPM problem!
I know that TPM 2.0 is a huge topic, so it's quite forgivable that people don't know these things. I've written a tutorial that might help: https://github.com/tpm2dev/tpm.dev.tutorials/tree/master/Int...
-
The Trusted Platform Module Key Hierarchy
https://github.com/tpm2dev/tpm.dev.tutorials/tree/master/Int...
I have learned a fair bit since I wrote it, so I should probably edit it.
What are some alternatives?
Stitch - Python Remote Administration Tool (RAT)
systemd - The systemd System and Service Manager
HiddenEye-Legacy - Modern Phishing Tool With Advanced Functionality And Multiple Tunnelling Services [ Android-Support-Available ]
pulseview - Read-only mirror of the official repo at git://sigrok.org/pulseview. Pull requests welcome. Please file bugreports at sigrok.org/bugzilla.
Revisiting-Contrastive-SSL - Revisiting Contrastive Methods for Unsupervised Learning of Visual Representations. [NeurIPS 2021]
KeyLogger-WebService - "KeyLogger-WebService" Is a Keylogger Write In python.