interesting artical – goes to show why I have autorun turn off on everything…

off topic – but what usb drive that you have is chrome? looks cool haha

Posted at 1:13 pm on Jun 14th, 2006 by strazzere

It’s silver plated http://www.engadget.com/2004/08/17/silver-plated-usb-flash-memory-drive/

Posted at 1:22 pm on Jun 14th, 2006 by Eliot Phillips

The Security Catalyst, who you’ve listed in the past in your “roundup of security podcasts” has a great interview with Abe Usher, who wrote one of the original “podslurping” proof-of-concept utilities.

You can download, or listen direct, here:
http://www.securitycatalyst.com/2006/04/13/security-catalyst-25-insider-interviews-podslurping-with-abe-usher/

Posted at 1:30 pm on Jun 14th, 2006 by Matt

nice, but… can it be done with something a bit cheaper than a U3?

Posted at 4:35 pm on Jun 14th, 2006 by netcrusher88

STOP teasing us with that ultra-sexy pendrive!

Posted at 5:03 pm on Jun 14th, 2006 by fucter

#4: if I understand what’s going on here correctly, the device acts like two devices, a USB CD and a USB storage device. It’s autoruns the files from the faux CD. So to answer your question: bus/battery-powered USB CD drive? Or is that not cheaper than a u3?

Posted at 5:31 pm on Jun 14th, 2006 by josh

Happy national webloggers day.

Posted at 7:09 pm on Jun 14th, 2006 by Crash

The article about USB security that Schneier quotes is a very interesting one.

Social Engineering, the USB way:
http://www.darkreading.com/document.asp?doc_id=95556&WT

Posted at 7:19 pm on Jun 14th, 2006 by Jared

i’m just curious as to how these u3 drives are different from standard flash drives, and whether a standard drive could be “turned into” a u3-capable one.

Posted at 7:27 pm on Jun 14th, 2006 by weaszel

u3 drives are on 20 bucks at buy.com for a 1 gig…. yeah yeah rebates…

Posted at 8:11 pm on Jun 14th, 2006 by lnunu

#9: The only real difference to these U3 drives are basically what he stated in the article. They have a second method of talking to Windows which tells Windows that the device is not removable, thus enabling autorun. iPod’s actually use this non-removable flag as well, meaning that an iPod can do autorun in particular circumstances.

Microsoft has a USB FAQ that makes it a bit more clear: http://www.microsoft.com/whdc/device/storage/usbfaq.mspx

Q: What must I do to trigger Autorun on my USB storage device?

The Autorun capabilities are restricted to CD-ROM drives and fixed disk drives. If you need to make a USB storage device perform Autorun, the device must not be marked as a removable media device and the device must contain an Autorun.inf file and a startup application.

The removable media device setting is a flag contained within the SCSI Inquiry Data response to the SCSI Inquiry command. Bit 7 of byte 1 (indexed from 0) is the Removable Media Bit (RMB). A RMB set to zero indicates that the device is not a removable media device. A RMB of one indicates that the device is a removable media device. Drivers obtain this information by using the StorageDeviceProperty request.

Posted at 9:51 pm on Jun 14th, 2006 by Otto

I don’t want or need U3 compatability.
From what I’ve seen there isn’t that much U3 stuff that impresses me other than Firefox.

What I would like to do is remove the U3 stuff entirely and recover the space for my own use.
How can I do that?

Posted at 10:46 pm on Jun 14th, 2006 by strider_mt2k

awesome comments guys, glad you’re enjoying the writeup.

there is a u3 uninstaller floating around on the internet (and I could swear the u3 folks were hosting it too, but the url escapes me).

Posted at 11:48 pm on Jun 14th, 2006 by wesley mcgrew

#11,

that’s really interesting. i wonder if there is firmware to hack on most usb keys that we can change that bit to zero?

Posted at 12:37 am on Jun 15th, 2006 by mewse

Here’s the URL for the U3 uninstaller. You will have to reformat your stick afterwards. It worked fine for me.

http://rapidshare.de/files/12773731/U3_Uninstaller.exe.html

Posted at 1:12 am on Jun 15th, 2006 by Fermat

Here’s the URL for the U3 uninstaller. You will have to reformat your stick afterwards. It worked fine for me.

http://rapidshare.de/files/12773731/U3_Uninstaller.exe.html

Posted at 1:17 am on Jun 15th, 2006 by Fermat

reallt nice thing, i like alot.

Posted at 7:22 am on Jun 15th, 2006 by xomgaxomg

I wish someone just came up with a hack where you could just put the U3 stuff on a drive, or am I missing something? Is there actually some hardware that allows U3 features?

Posted at 10:10 am on Jun 15th, 2006 by craig

I got to have the fun of playing with a co-worker’s u3 thumbdrive when they first came out. Seems that it has to install software on the computer they are used on, which is a big no-no at most place one would want to use one (Work, library, photo printing machine, etc). When it couldn’t install the software the drive refused to open. Needless to say it didn’t take a lot of talking to get her to take it back and get a standard thumbdrive as all she wanted to do was haul files tween work & home.

Posted at 11:27 am on Jun 15th, 2006 by Pan_theFrog

I have an older Jump Drive Secure 128 MB. Part of its software allows partitioning with a secure and public partitions. It also allows specifying a program to auto run. This bypasses my auto run dissable, and runs it anyways. Must be ran out of the driver, Nice! :D

Posted at 11:40 am on Jun 15th, 2006 by cpp.programmer

http://www.u3.com/uninstall for the uninstall straight from the (w)hor(s)e’s mouth.

Posted at 12:34 pm on Jun 15th, 2006 by carl.rodenbach

Thanks for the U3 uninstall stuff folks!

Posted at 12:55 pm on Jun 15th, 2006 by strider_mt2k

I saw this thing before on http://www.wiibay.nl that free auction site but that was a while ago

Posted at 1:18 pm on Jun 15th, 2006 by beo w

Very interesting article, and that drive. woah! nice i want it :P

Posted at 3:59 pm on Jun 15th, 2006 by Shaun Campbell

someone come up with a way to create u3 fuctinonity to a generic flash drive

Posted at 4:13 pm on Jun 15th, 2006 by werejag

#23: no need, check out http://portableapps.com/ . you don’t have to pay, plus most software repackaged there is open source, unlike most of the apps available through u3. if you want something to start your programs, look into pstart in the utilities section.

Posted at 7:11 pm on Jun 15th, 2006 by nixphoeni

Hmmm. Has anyone else tried this out? Some PCs state that they’ll need to reboot before installing the U3 drive… rendering the “slurp” considerably less effective…

Posted at 7:20 am on Jun 16th, 2006 by Doc

Its all in the controler-chip guys.
IF your drive has the right one , you can flash it… well you can flah them ALL if you can find the tool.My FSC MemBird shows itself as a FIXED disk.

Posted at 6:50 pm on Jun 27th, 2006 by Smith

anyone know how to change the RMB bit to show the device as non-removable and therefor able to enable autorun???

Posted at 11:35 am on Jul 5th, 2006 by dude

@ #29 (dude)
Yes , I know how,if you go to the http://www.911cd.net forum and search
you will find some VERY usefull tips
and links to tools that might let you do it,
but it all depends on what controler-chip your drive uses.

Posted at 10:59 am on Jul 15th, 2006 by smith

Hello all, maybe you can help me out. I’m trying to autoplay a software on my usb key. I configure the autorun.inf to start automaticaly with the program, but not the damn window that ask you what to do (media player, no action, and blablabla). Is that possible? i don’t have a u3, it’s a basic usb key. I read alot on that but, it doesn’t seems to work. Is there a solution? How can i partition my usb key like a cd?

thanks, chris

Posted at 7:51 pm on Aug 21st, 2006 by chris

Dudes, U3 sucks balls.
Installers are for babys, just do it yourself.
I’ve got a 1GB USB with PStart installed and check out the programs I have on it:
Powerpoit Viewer; Firefox Portable;O pera 9 USB; Gaim Portable; Miranda IM; VLC Media Player; Process Explorer; DTask Manager; Portable Wackget; 7-Zip; VisualBoyAdvance; Sudoku Portable; The GIMP; Thunderbird; TweakUI; Xpy; Network Stumbler; ClamWin Portable; RegCleaner; Nokia Wireless Presenter, and I just don’t have the whole OpenOffice Suite because of the space it uses.

If you only use portable apps in PCs where you have Admin rigths, you can also check out MojoPac, which allows you to carry ANY program on your pocket. ANY.
Yes, It can handle stuff like M$Office, Counter-Strike Source (and Half-life 2, of course), Photoshop, etc, etc… whatever you may think of.
It’s here: http://www.mojopac.com
Bad thing I don’t know of any free or “freed” version.

Posted at 6:20 am on Mar 5th, 2007 by Joao

U3 programs are of NO INTERST to most of the profesionals. Interesting part is in construction of a USB drive that lets you AUTORUN (any application) without any prompt (upon insertion into a computer).
I NEED “non-removable” usb drive to play with!!! :[

Posted at 3:43 am on Apr 23rd, 2007 by Someone

i wanna to download usb hack

Posted at 7:58 am on Apr 28th, 2007 by alex

Now it’s possible to hack launchpad. It has an option to erase whole partition when you forgot the password. I think it’s too simple , since with one click anyone that access sandisk pendrive can delete all protected data. Of course it would be necessary to block somehow launchpad unistaller from sandisk site, that would do the same. Any ideas?

Posted at 5:19 am on Aug 23rd, 2007 by szlovak

I’ve got an idea. There is possibility to change file “version.dat” for a version that never existed ]-) This might cause uninstaller (from website) stop working. I saw a post that someone had an older version of launchpad and newer uninstaller from website. But I don’t know if the uninstaller on pendrive would stop working too. If so, it would be impossible to uninstall launchpad even if it was neccesery. Only sandisk could do it.

Posted at 5:44 am on Aug 23rd, 2007 by szlovak

SOSO

Posted at 5:24 pm on Oct 4th, 2007 by FG

Is there any prog which can copy all the data secretly from usb key whenever it is inserted. Please tell me about this. I am searching for this badly and if you know please tell me.

thanks…

Posted at 3:06 pm on Dec 29th, 2007 by strid3r

A few months ago I saw an article re: installing software that would automatically and transparently copy data from thumb drives inserted in a PC. Reverse thumb sucking, I believe is what the author called it, but I can’t find the article. All I get is links to articles about the movie, Thumbsucker.
All my clients ask that I disable the USB ports for flash drive use, while a couple of others want to know what data employees are copying/stealing to their flash drives from the company network.

Can anyone recommend a program that will accomplish this?

Thanks!

Posted at 3:05 pm on Sep 18th, 2008 by Charlie O'Narley

there is a sftwre i developed that secretly copies the thumbdrives upon insertion, rar or 7zips them into 2mb chunks, n mails them to you.

Posted at 9:04 am on Oct 23rd, 2008 by dragunov

i wanted to kno if i could run a U3 app on my non-U3
pen drive

Posted at 1:49 am on Dec 15th, 2008 by akshay

yes just go to u3smart.com and it’ll ask u if u’d like to download it to ur flash drive but it may eat up half of ur memory..

Posted at 1:45 pm on May 11th, 2009 by daffr

I’ve been playing with autoruns and flash drives since before U3 drives were even available. I still have some of the original UD-RW drives from Hagiwara lying around. (Test models, 1GB each with a resizable U3-like partition.) I’ve used them for years to show why physical security is just as important as network security.

You can read more about my findings and creations here: http://www.GuidoZ.com/U3/

–
Peace. ~G

Posted at 12:37 am on Aug 27th, 2009 by GuidoZ

So, is there any way to crack a password or hack it if USB Drive (aka thumb drive) is password protected? I heard that it’s nearly impossible?

Posted at 5:07 pm on Sep 19th, 2009 by Max