USB drive hacking

flash drive

[wesley mcgrew] has been playing around with Sandisk’s U3 Smart USB Drives technology. U3 is designed to make implementation of portable applications easier. The USB drive appears as a  CDROM drive and can autorun applications. Wesley has a guide for how to patch in your own CD ISO. This ties in pretty well with the dangers of USB drives that we’ve covered before (one, two) and Schneier has a recent post on USB security issues as well.

[UPDATE: [matt] pointed out a recent Security Catalyst podcast with Abe Usher on podslurping]

Comments

  1. strazzere says:

    interesting artical – goes to show why I have autorun turn off on everything…

    off topic – but what usb drive that you have is chrome? looks cool haha

  2. Matt says:

    The Security Catalyst, who you’ve listed in the past in your “roundup of security podcasts” has a great interview with Abe Usher, who wrote one of the original “podslurping” proof-of-concept utilities.

    You can download, or listen direct, here:
    http://www.securitycatalyst.com/2006/04/13/security-catalyst-25-insider-interviews-podslurping-with-abe-usher/

  3. netcrusher88 says:

    nice, but… can it be done with something a bit cheaper than a U3?

  4. fucter says:

    STOP teasing us with that ultra-sexy pendrive!

  5. josh says:

    #4: if I understand what’s going on here correctly, the device acts like two devices, a USB CD and a USB storage device. It’s autoruns the files from the faux CD. So to answer your question: bus/battery-powered USB CD drive? Or is that not cheaper than a u3?

  6. Crash says:

    Happy national webloggers day.

  7. Jared says:

    The article about USB security that Schneier quotes is a very interesting one.

    Social Engineering, the USB way:
    http://www.darkreading.com/document.asp?doc_id=95556&WT

  8. weaszel says:

    i’m just curious as to how these u3 drives are different from standard flash drives, and whether a standard drive could be “turned into” a u3-capable one.

  9. lnunu says:

    u3 drives are on 20 bucks at buy.com for a 1 gig…. yeah yeah rebates…

  10. Otto says:

    #9: The only real difference to these U3 drives are basically what he stated in the article. They have a second method of talking to Windows which tells Windows that the device is not removable, thus enabling autorun. iPod’s actually use this non-removable flag as well, meaning that an iPod can do autorun in particular circumstances.

    Microsoft has a USB FAQ that makes it a bit more clear: http://www.microsoft.com/whdc/device/storage/usbfaq.mspx

    Q: What must I do to trigger Autorun on my USB storage device?

    The Autorun capabilities are restricted to CD-ROM drives and fixed disk drives. If you need to make a USB storage device perform Autorun, the device must not be marked as a removable media device and the device must contain an Autorun.inf file and a startup application.

    The removable media device setting is a flag contained within the SCSI Inquiry Data response to the SCSI Inquiry command. Bit 7 of byte 1 (indexed from 0) is the Removable Media Bit (RMB). A RMB set to zero indicates that the device is not a removable media device. A RMB of one indicates that the device is a removable media device. Drivers obtain this information by using the StorageDeviceProperty request.

  11. strider_mt2k says:

    I don’t want or need U3 compatability.
    From what I’ve seen there isn’t that much U3 stuff that impresses me other than Firefox.

    What I would like to do is remove the U3 stuff entirely and recover the space for my own use.
    How can I do that?

  12. awesome comments guys, glad you’re enjoying the writeup.

    there is a u3 uninstaller floating around on the internet (and I could swear the u3 folks were hosting it too, but the url escapes me).

  13. mewse says:

    #11,

    that’s really interesting. i wonder if there is firmware to hack on most usb keys that we can change that bit to zero?

  14. Fermat says:

    Here’s the URL for the U3 uninstaller. You will have to reformat your stick afterwards. It worked fine for me.

    http://rapidshare.de/files/12773731/U3_Uninstaller.exe.html

  15. Fermat says:

    Here’s the URL for the U3 uninstaller. You will have to reformat your stick afterwards. It worked fine for me.

    http://rapidshare.de/files/12773731/U3_Uninstaller.exe.html

  16. xomgaxomg says:

    reallt nice thing, i like alot.

  17. craig says:

    I wish someone just came up with a hack where you could just put the U3 stuff on a drive, or am I missing something? Is there actually some hardware that allows U3 features?

  18. Pan_theFrog says:

    I got to have the fun of playing with a co-worker’s u3 thumbdrive when they first came out. Seems that it has to install software on the computer they are used on, which is a big no-no at most place one would want to use one (Work, library, photo printing machine, etc). When it couldn’t install the software the drive refused to open. Needless to say it didn’t take a lot of talking to get her to take it back and get a standard thumbdrive as all she wanted to do was haul files tween work & home.

  19. cpp.programmer says:

    I have an older Jump Drive Secure 128 MB. Part of its software allows partitioning with a secure and public partitions. It also allows specifying a program to auto run. This bypasses my auto run dissable, and runs it anyways. Must be ran out of the driver, Nice! :D

  20. http://www.u3.com/uninstall for the uninstall straight from the (w)hor(s)e’s mouth.

  21. strider_mt2k says:

    Thanks for the U3 uninstall stuff folks!

  22. beo w says:

    I saw this thing before on http://www.wiibay.nl that free auction site but that was a while ago

  23. Very interesting article, and that drive. woah! nice i want it :P

  24. werejag says:

    someone come up with a way to create u3 fuctinonity to a generic flash drive

  25. nixphoeni says:

    #23: no need, check out http://portableapps.com/ . you don’t have to pay, plus most software repackaged there is open source, unlike most of the apps available through u3. if you want something to start your programs, look into pstart in the utilities section.

  26. Doc says:

    Hmmm. Has anyone else tried this out? Some PCs state that they’ll need to reboot before installing the U3 drive… rendering the “slurp” considerably less effective…

  27. Smith says:

    Its all in the controler-chip guys.
    IF your drive has the right one , you can flash it… well you can flah them ALL if you can find the tool.My FSC MemBird shows itself as a FIXED disk.

  28. dude says:

    anyone know how to change the RMB bit to show the device as non-removable and therefor able to enable autorun???

  29. smith says:

    @ #29 (dude)
    Yes , I know how,if you go to the http://www.911cd.net forum and search
    you will find some VERY usefull tips
    and links to tools that might let you do it,
    but it all depends on what controler-chip your drive uses.

  30. chris says:

    Hello all, maybe you can help me out. I’m trying to autoplay a software on my usb key. I configure the autorun.inf to start automaticaly with the program, but not the damn window that ask you what to do (media player, no action, and blablabla). Is that possible? i don’t have a u3, it’s a basic usb key. I read alot on that but, it doesn’t seems to work. Is there a solution? How can i partition my usb key like a cd?

    thanks, chris

  31. Joao says:

    Dudes, U3 sucks balls.
    Installers are for babys, just do it yourself.
    I’ve got a 1GB USB with PStart installed and check out the programs I have on it:
    Powerpoit Viewer; Firefox Portable;O pera 9 USB; Gaim Portable; Miranda IM; VLC Media Player; Process Explorer; DTask Manager; Portable Wackget; 7-Zip; VisualBoyAdvance; Sudoku Portable; The GIMP; Thunderbird; TweakUI; Xpy; Network Stumbler; ClamWin Portable; RegCleaner; Nokia Wireless Presenter, and I just don’t have the whole OpenOffice Suite because of the space it uses.

    If you only use portable apps in PCs where you have Admin rigths, you can also check out MojoPac, which allows you to carry ANY program on your pocket. ANY.
    Yes, It can handle stuff like M$Office, Counter-Strike Source (and Half-life 2, of course), Photoshop, etc, etc… whatever you may think of.
    It’s here: http://www.mojopac.com
    Bad thing I don’t know of any free or “freed” version.

  32. Someone says:

    U3 programs are of NO INTERST to most of the profesionals. Interesting part is in construction of a USB drive that lets you AUTORUN (any application) without any prompt (upon insertion into a computer).
    I NEED “non-removable” usb drive to play with!!! :[

  33. alex says:

    i wanna to download usb hack

  34. szlovak says:

    Now it’s possible to hack launchpad. It has an option to erase whole partition when you forgot the password. I think it’s too simple , since with one click anyone that access sandisk pendrive can delete all protected data. Of course it would be necessary to block somehow launchpad unistaller from sandisk site, that would do the same. Any ideas?

  35. szlovak says:

    I’ve got an idea. There is possibility to change file “version.dat” for a version that never existed ]-) This might cause uninstaller (from website) stop working. I saw a post that someone had an older version of launchpad and newer uninstaller from website. But I don’t know if the uninstaller on pendrive would stop working too. If so, it would be impossible to uninstall launchpad even if it was neccesery. Only sandisk could do it.

  36. FG says:

    SOSO

  37. strid3r says:

    Is there any prog which can copy all the data secretly from usb key whenever it is inserted. Please tell me about this. I am searching for this badly and if you know please tell me.

    thanks…

  38. A few months ago I saw an article re: installing software that would automatically and transparently copy data from thumb drives inserted in a PC. Reverse thumb sucking, I believe is what the author called it, but I can’t find the article. All I get is links to articles about the movie, Thumbsucker.
    All my clients ask that I disable the USB ports for flash drive use, while a couple of others want to know what data employees are copying/stealing to their flash drives from the company network.

    Can anyone recommend a program that will accomplish this?

    Thanks!

  39. dragunov says:

    there is a sftwre i developed that secretly copies the thumbdrives upon insertion, rar or 7zips them into 2mb chunks, n mails them to you.

  40. akshay says:

    i wanted to kno if i could run a U3 app on my non-U3
    pen drive

  41. daffr says:

    yes just go to u3smart.com and it’ll ask u if u’d like to download it to ur flash drive but it may eat up half of ur memory..

  42. GuidoZ says:

    I’ve been playing with autoruns and flash drives since before U3 drives were even available. I still have some of the original UD-RW drives from Hagiwara lying around. (Test models, 1GB each with a resizable U3-like partition.) I’ve used them for years to show why physical security is just as important as network security.

    You can read more about my findings and creations here: http://www.GuidoZ.com/U3/


    Peace. ~G

  43. Max says:

    So, is there any way to crack a password or hack it if USB Drive (aka thumb drive) is password protected? I heard that it’s nearly impossible?

  44. i want documentry on usb hacking + usb hacking software

  45. i want document on usb hacking

  46. Ohad says:

    GuidoZ’s http://www.guidoz.com/U3/GuidoZ%20SanDisk%20U3%20Hacker.zip is a Trojan !!!
    BEWARE !!!!

  47. DeadlyDad says:

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 92,130 other followers