Regular readers may recall that security researcher and general open source hardware fanatic [Walker] has been planning a rather unusual flash drive for some time — one that will only show its contents if the user makes sure to lick their fingers before plugging it in. We’re pleased to report that theory has recently given way to real hardware, and the Ovrdrive “self-destructing” flash drive is now a step closer to reality.
The last time we checked in with [Walker], he hadn’t yet put any hardware together, though he was fairly sure what components he would need and how it would all go together. This was assisted somewhat by the fact that USB flash drives are such a ubiquitous piece of tech, making their principle parts plentiful and fairly well documented. As explained in the video below, all you really need to spin up your own flash drive is the USB connector, the controller chip, and a nice slab of flash memory for it to access. Though naturally you’re on your own for spit detection.
What we especially like about this project is that [Walker] is releasing the whole thing as open source hardware. So even if you’re not interested in the whole lick-for-access feature, you’ve still got a boilerplate flash drive design to build on. We haven’t seen a lot of DIY projects tackle USB Mass Storage previously, and perhaps this design can change that.
But of course, only if the thing works. According to the video after the break, [Walker] seems to have hit a snag with this revision of the hardware. While it enumerates as a storage device when plugged into the computer, the operating system claims its capacity is zero. He thinks there might be a swapped trace between the controller and flash chip to blame, so hopefully he can get things sorted out before too long. We’ve been covering this project since the summer, and are eager to see it cross the finish line.
Editor’s Note: This is unrelated to the flash drive itself, but let’s take a moment to appreciate the shout-out to the developers of all the open source software used to produce the project and the accompanying video that [Walker] added to the end of the presentation. We should all remember to pay respect to the folks that make so much of what we do possible.
no thermite involved, what a pity…
Why would you need thermite? The charge pump will destroy the data permanently. Do you think it’s a good idea to be careying thermite in your pocket? Especially if there is a charge pump, or RLC circuit, needed to detonate it. Ift’s more elegant, safer, and cost effective to do it as the designer has proposed.
The better question might be how to uniquely disarm it with more that spit. If any moisture works, the system can be disarmed by anyone. A sequence of wet touches could serve as inputs as a combination.
Thermite isn’t needed to destroy flash data.
But thermite is fun…
Explosives are more fun…
It’s OK, sometimes I have trouble detecting mild sarcasm too.
I second the termite plan, much better then spit. You can destroy data and your personal safe of 70s P07N at the same time.
🤓
Well you could safely put thermite in the heels of your shoes then do a tap dance, it’s really hard to light off. .. and in tiny amounts the intiator is likely to do more damage than the thermite… so not even a passable use case for it really. If I were in Q branch, I’d make James Bond a stick where the flash package was etched to a little above the die, stick some sodium in there (Using your handy dandy inert-atmosphere-O-tron obv) and coat it with secret formula X (probably paint or whatever’s handy) to prevent it oxidising…. and when Bond was in a tight spot, he could just scratch it with his thumbnail and throw it to the side of the oncoming goon to create an incendiary distraction, 2 in one value.
I agree
The only problem, the more you advertise, the more likely people will identify the device. Also, I’d do a chip erase first, then high voltage spike.
Was it necessary to delete comments for pointing out that the video is not showing a finished device?
I mean, it’s a pretty dumb comment.
What would make you think it would be completely finished? Or why is that even important? Most of the projects covered on this site are a work in progress.
Not sure I’d share it during Covid
Whilst they were not by me, i found them non-offensive and harmless.
Perhaps its because they are directly opposite to what this site is all about. Some what like advertising a competitor’s products on their own forum. It’s another thing to compare it to other products that are finished and available.
Since the flash controller is completely unaware that someone else (like the ATTiny) is or could be asserting the CE line simultaneously, you may get unpredictable results from its firmware.
It may make more sense to interact with the flash controller itself, if it offers a similar or equivalent inhibit signal, so that it gracefully disables R/W access to the data.
What problem does this drive solve?
Not operating because of an enable pin, gated through resistance detection is hardly ground breaking.
Data obfuscation is entirely different then protection through encryption.
Am I missing the point?