forensic1394_read_device_v: General I/O error
Closed this issue · 11 comments
Hi,
I currently have an error by running the tool (inception on archlinux and locked computer on Windows 7 Enterprise) :
[*] FireWire devices on the bus (names may appear blank):
[1] Vendor (ID): MICROSOFT CORP. (0x50f2) | Product (ID): (0x0)
[] Only one device present, device auto-selected as target
[] Selected device: MICROSOFT CORP.
[/] Initializing bus and enabling SBP-2, please wait or press Ctrl+C
[*] Available targets (known signatures):
[1] Windows 8 MsvpPasswordValidate unlock/privilege escalation
[2] Windows 7 MsvpPasswordValidate unlock/privilege escalation
[3] Windows Vista MsvpPasswordValidate unlock/privilege escalation
[4] Windows XP MsvpPasswordValidate unlock/privilege escalation
[5] Mac OS X DirectoryService/OpenDirectory unlock/privilege escalation
[6] Ubuntu libpam unlock/privilege escalation
[7] Linux Mint libpam unlock/privilege escalation
[?] Please select target (or enter 'q' to quit): 2
[*] Selected target: Windows 7 MsvpPasswordValidate unlock/privilege escalation
[> ] 0 MiB ( 0%)
[!] Warning: Something went dreadfully wrong, full stack trace below: forensic1394_read_device_v: General I/O error
Traceback (most recent call last):
File "incept", line 167, in main
module.run(opts, memspace)
File "/home/nickname/inception/inception/inception/modules/unlock.py", line 599, in run
address, signature, offset = memspace.find(target, verbose=opts.verbose)
File "/home/nickname/inception/inception/inception/memory.py", line 325, in find
for caddr, cand in self.interface.readv(r):
File "/usr/lib/python3.4/site-packages/forensic1394/device.py", line 174, in readv
self._readreq(req, buf)
File "/usr/lib/python3.4/site-packages/forensic1394/device.py", line 134, in _readreq
forensic1394_read_device_v(self, creq, len(creq))
File "/usr/lib/python3.4/site-packages/forensic1394/errors.py", line 61, in process_result
raise IOError(err)
OSError: forensic1394_read_device_v: General I/O error
I used the latest version (the one published two days ago).
I used inception v0.3.5 like 3 months ago and it have worked good with Kali linux.
Now did wanted to try the new Implant but before to get to that point just saw that the Unlock is not working anymore.
I use the same hardware like before and same target but it is not working anymore.
Then I have checkout from git the v0.3.5 and its still working
root@kali:~# sudo incept unlock
| _| _| _||| _|||| ||| _||| _| _|| | _|
_| _|| | _| _| _| _| _| _| _| _| _|| |
_| _| _| _| _| _||| _||| _| _| _| _| _| _| _|
_| _| _|| | _| _| _| _| _| _| _| _||
| _| _| _||| _|||| | _| _| _|| _| _|
v.0.4.0 (C) Carsten Maartmann-Moe 2014
Download: http://breaknenter.org/projects/inception | Twitter: @breaknenter
| _| _| _||| _|||| ||| _||| _| _|| | _|
_| _|| | _| _| _| _| _| _| _| _| _|| |
_| _| _| _| _| _||| _||| _| _| _| _| _| _| _|
_| _| _|| | _| _| _| _| _| _| _| _||
| _| _| _||| _|||| | _| _| _|| _| _|
v.0.4.0 (C) Carsten Maartmann-Moe 2014
Download: http://breaknenter.org/projects/inception | Twitter: @breaknenter
[*] FireWire devices on the bus (names may appear blank):
[1] Vendor (ID): MICROSOFT CORP. (0x50f2) | Product (ID): (0x0)
[] Only one device present, device auto-selected as target
[] Selected device: MICROSOFT CORP.
[/] Initializing bus and enabling SBP-2, please wait or press Ctrl+C
[*] Available targets (known signatures):
[1] Windows 8 MsvpPasswordValidate unlock/privilege escalation
[2] Windows 7 MsvpPasswordValidate unlock/privilege escalation
[3] Windows Vista MsvpPasswordValidate unlock/privilege escalation
[4] Windows XP MsvpPasswordValidate unlock/privilege escalation
[5] Mac OS X DirectoryService/OpenDirectory unlock/privilege escalation
[6] Ubuntu libpam unlock/privilege escalation
[7] Linux Mint libpam unlock/privilege escalation
[?] Please select target (or enter 'q' to quit): 4
[*] Selected target: Windows XP MsvpPasswordValidate unlock/privilege escalation
[> ] 0 MiB ( 0%)
[!] Warning: Something went dreadfully wrong, full stack trace below:
forensic1394_read_device_v: General I/O error
Traceback (most recent call last):
File "/usr/local/lib/python3.2/dist-packages/inception-0.4.0-py3.2.egg/EGG-INFO/scripts/incept", line 168, in main
module.run(opts, memspace)
File "/usr/local/lib/python3.2/dist-packages/inception-0.4.0-py3.2.egg/inception/modules/unlock.py", line 599, in run
address, signature, offset = memspace.find(target, verbose=opts.verbose)
File "/usr/local/lib/python3.2/dist-packages/inception-0.4.0-py3.2.egg/inception/memory.py", line 325, in find
for caddr, cand in self.interface.readv(r):
File "/usr/local/lib/python3.2/dist-packages/forensic1394/device.py", line 174, in readv
self._readreq(req, buf)
File "/usr/local/lib/python3.2/dist-packages/forensic1394/device.py", line 134, in _readreq
forensic1394_read_device_v(self, creq, len(creq))
File "/usr/local/lib/python3.2/dist-packages/forensic1394/errors.py", line 61, in process_result
raise IOError(err)
IOError: forensic1394_read_device_v: General I/O error
Okay, seems like more people are experiencing this bug. If you do, please use version 0.3.5 for now, looking into it.
Any updates on this? I am also having this error.
For the time being, how can I download 0.3.5?
No updates as of now, too busy atm to fix. Download 0.3.5 here:
Thank you so much for your prompt response!
@Nicknam3 @SirCosty @ejamesmaul Not having this particular issue with version 0.4.0 myself. Any chance you can run the tool with the delay (-d switch) set to 5 or more seconds and report back:
incept unlock -d 5
Allright, seems like I've fixed this with the last commit #106 , but not when targeting OSX for some strange reason. Keeping this open until I've fixed it.
Still getting this with the latest version but i found that installing the libforensic1394 from the link below works:
I can verify ...
- that incept 0.4.0 works bugless when using libforensic1394-0.2 from the link above by seangambles. remember to uninstall/remove all files of newer versions from libforensic by searching for files containing forensic1394.
- the bug itself: I tried as target kali with attacker ubuntu. always when reaching 94% the error occurs. it doesnt matter which module is chosen. The -d switch doesnt change anything too. I noticed that when using the old libforensic lib, the dumping progress stucks a moment when hitting 94% but then it goes on and finishs successful with BRAAWWRRMMM!!! ;) .
Hello,
This issue still persists apparently. On my setup I get the I/O timeout error everytime the module reaches 86%. I tried the unlock and dump module. What could be the reason for this? (tried it on Win 7 and Win 8.1):
sudo incept dump
| _| _| _||| _|||| ||| _||| _| _|| | _|
_| _|| | _| _| _| _| _| _| _| _| _|| |
_| _| _| _| _| _||| _||| _| _| _| _| _| _| _|
_| _| _|| | _| _| _| _| _| _| _| _||
| _| _| _||| _|||| | _| _| _|| _| _|
v.0.4.0 (C) Carsten Maartmann-Moe 2015
Download: http://breaknenter.org/projects/inception | Twitter: @breaknenter
| _| _| _||| _|||| ||| _||| _| _|| | _|
_| _|| | _| _| _| _| _| _| _| _| _|| |
_| _| _| _| _| _||| _||| _| _| _| _| _| _| _|
_| _| _|| | _| _| _| _| _| _| _| _||
| _| _| _||| _|||| | _| _| _|| _| _|
v.0.4.0 (C) Carsten Maartmann-Moe 2015
Download: http://breaknenter.org/projects/inception | Twitter: @breaknenter
[*] FireWire devices on the bus (names may appear blank):
[1] Vendor (ID): MICROSOFT CORP. (0x50f2) | Product (ID): (0x0)
[] Only one device present, device auto-selected as target
[] Selected device: MICROSOFT CORP.
[] Initializing bus and enabling SBP-2, please wait or press Ctrl+C
[*] Dumping from 0x0 to 0x100000000, a total of 4 GiB:
[-] Error: forensic1394_read_device_v: I/O timeout MiB ( 86%) {0350705703602c58}
Thanks