Secure USB Bypassing Tool



Similar documents
SEAT EXEO FAMILY MULTIMEDIA

MULTIMEDIA SEAT LEON

Assessing the Security of Hardware-Based vs. Software-Based Encryption on USB Flash Drives

Overview of Data Security Methods: Passwords, Encryption, and Erase

Firmware security features in HP Compaq business notebooks

Full version is >>> HERE <<<

Bypassing Local Windows Authentication to Defeat Full Disk Encryption. Ian Haken

DriveLock and Windows 7

Management of Hardware Passwords in Think PCs.

Encrypting with BitLocker for disk volumes under Windows 7

A GUIDE TO FAKE FLASH

Additional details >>> HERE <<<

Two-factor authentication Free portable encryption for USB drive Hardware disk encryption Face recognition logon

Additional details >>> HERE <<<

UFED 4PC/Touch 4.1 & UFED Physical/Logical Analyzer Release Notes

Table of Contents. TPM Configuration Procedure Configuring the System BIOS... 2

Payment Card Industry (PCI) Policy Manual. Network and Computer Services

SanDisk Enterprise Secure USB Flash Drive Security Vulnerability

SOMITS is located in the 1648 Pierce Drive School of Medicine Building, Suite AB51.

Authentication Options in Perforce

Encryption Made Simple for Lawyers

Dell ControlPoint Security Manager

DriveLock and Windows 8

FIPS Non Proprietary Security Policy: Kingston Technology DataTraveler DT4000 Series USB Flash Drive

Functional diagram: Secure encrypted data. totally encrypted. XOR encryption. RFID token. fingerprint reader. 128 bit AES in ECB mode Security HDD

Exploiting USB Devices with Arduino. Greg Ose Black Hat USA 2011

Lab 7. Answer. Figure 1

How To Protect Your Data From Being Stolen

BitLocker To Go User Guide

Self-Encrypting Hard Disk Drives in the Data Center

More details >>> HERE <<<

CHOOSING THE RIGHT PORTABLE SECURITY DEVICE. A guideline to help your organization chose the Best Secure USB device

More information >>> HERE <<<

SECURE USB FLASH DRIVE. Non-Proprietary Security Policy

Data at Rest Security in Navy/NMCI. Steven Gillis ONR Information Assurance Manager 10 January 2008

Digi Connect Wan 3G Application Guide Update the firmware, backup and restore the configuration of a Digi Connect Wan 3G using a USB flash drive.

User s Manual. Transcend JetFlash SecureDrive. Contents

SecureLock Tool Functions:

AES 256 BIT ENCRYPTED USB FLASH DRIVES FIPS ACCREDITED

Strategies for Firmware Support of Self-Encrypting Drives

DISA's Application Security and Development STIG: How OWASP Can Help You. AppSec DC November 12, The OWASP Foundation

How To Get A Memory Card From A Usb To A Microsoft Card (Gsm) For Free On A Microsatellite) For A Microsd Card (Powerbook) For Your Computer Or Ipad Or Ipa (Powerstation) For

Sun Ray Client and Oracle Virtual Desktop Client. Peripherals

USB Flash Drives: Market Research Report

Table 1 below is a complete list of MPTH commands with descriptions. Table 1 : MPTH Commands. Command Name Code Setting Value Description

Full version is >>> HERE <<<

Full Drive Encryption Security Problem Definition - Encryption Engine

Law College Computer and Technology Information

Additional details >>> HERE <<<

BlackBerry 10.3 Work and Personal Corporate

EXEO. Multimedia TECHNOLOGY TO ENJOY

Virginia Commonwealth University School of Medicine Information Security Standard

NAND Flash and The Future of Enterprise Storage

Using BitLocker As Part Of A Customer Data Protection Program: Part 1

Setting up a SQ20xx WIFI and Laptop for a Peer-to-peer (Ad-hoc) connection

IBM Client Security Solutions. Client Security User's Guide

Opal SSDs Integrated with TPMs

MyUSBOnly User Guide Menu

Obtaining Enterprise Cybersituational

CECH Virtual Lab Guide Windows 7/Vista Edition

Factory-Installed, Standards-Based Hardware Security. Steven K. Sprague President & CEO, Wave Systems Corp.

Hard disk ATA Security

Security Service tools user IDs and passwords


USER MANUAL V5.0 ST100

Smart TPM. User's Manual. Rev MD-STPM-1001R

NEW Multimedia TECHNOLOGY TO ENJOY

AES 256 BIT ENCRYPTED USB FLASH DRIVES FIPS ACCREDITED

DataTraveler Secure - Privacy Edition

PMAfob Home Automation Demo

FLASH USB Introduction ENGLISH

Introduction to BitLocker FVE

USB 2.0 Flash Drive User Manual

GSM/GPRS/GPS Tracker EagleEye. Quick Start User Manual Version 1.02

Data Recovery - What is possible to recover and how? Data Erasure - How to erase information in a secure way. Åke Ljungqvist, Country Manager Sweden

Ensuring the security of your mobile business intelligence

Internet threats: steps to security for your small business

How to Encrypt your Windows 7 SDS Machine with Bitlocker

ACER ProShield. Table of Contents

Disk Encryption. Aaron Howard IT Security Office

2. Each server or domain controller requires its own server certificate, DoD Root Certificates and enterprise validator installed.

Recommended Approach to Encrypting GNL Files

Bellevue University Cybersecurity Programs & Courses

Technical Note. Installing Micron SEDs in Windows 8 and 10. Introduction. TN-FD-28: Installing Micron SEDs in Windows 8 and 10.

What Happens When You Press that Button? Explaining Cellebrite UFED Data Extraction Processes

Hyundai New 4S Fluidic Verna. * For New 4S Fluidic Verna S, S(O), SX

Data Integrity. Q: Is it OK to use Excel for data entry?

USB Secure Management for ProCurve Switches

Report. Investigating secure USB sticks. Investigating secure USB sticks Classification PUBLIC

Transcription:

Secure USB Bypassing Tool AAuthors: Jewan Bang, Byeongyeong Yoo and Sangjin Lee Digital Forensics Research Center Of Center of Information Security Technologies Korea University

About us Introduce DFRC Most renowned & distinguished Research Center on Digital Forensics in Korea Most of research projects has funded by law enforcements and government One of Korea university's affiliated organizations About 30 Researcher is working on various area of digital forensics 1 Professor, 2 Post-Doc, 7 Doctorate Course, 20 Master Course Overall Winner of 2009 DC3 Digital Forensics Challenge Hosted by DoD Cyber Crime Center(DC3) The DC3 Challenge encourages innovation from a broad range of individuals, teams, and i nstitutions to provide technical solutions for computer forensic examiners in the lab as well as in the field

Agenda 1. About Secure USB Flash Drive 2. Security Mechanisms of Secure USB Flash Drive 3. Methods of USB controller based access control 4. Secure USB Bypassing Tool (USB Lockpass) 5. Conclusions

Secure USB Flash Drive in the Field Accessing USB drive is locked. Entire Drive Imaging is impossible Drive size is not identical with Spec.

About Secure USB Flash Drive Most of the current USB Flash Drive provides a se curity solution 300 USB lash Drive is selling in Korea. 250 is capable of security feature. Such USB prevents private data exposure when lo st When an investigator confiscates such secure US B, obtaining an evidence can be troublesome In an emergency case, a decryption or bypassing process is required

Secure USB Flash Drive Secure USB Flash Drive Type Hardware Based Software Based Flash Drive Controller Based Encryption Chip Based Others (Fingerprint, ) Data Encryption

Secure USB Flash Drive Secure USB provides security solution by encrypti ng data, or accessing data through an authenticat ion process There exists Universal Command which is used in every USB, and Vendor Specific Command that is assigned to execute a particular action, by USB Controller manufacturer. Because it is Vendor Specific Command Controller dependent, identical cont rollers share the same Command system even if their manufacturers are diffe rent. Hence, the same controllers have the same access clearing command

Status of Market Shares of USB Controllers in 2008 Million Dollars Manufacturer Market Share Profit 1 Phison 35.5% $32.3 2 Silicon Motion (SMI) 23.2% $21.1 3 Sandisk 14.9% $13.6 4 Skymedi 9.0% $8.2 5 Sony 7.4% $6.7 6 AlcorMicro 3.2% $2.9 7 Toshiba 3.1% $2.8 8 Others 3.7% $3.4 Total 100% $91.1 2007 USB Controller Market Shares(Revenue in Millions of Dollars), isuppli Corp (Applied Market Intelligence)

Secure USB Command Flow Secure USB Command Flow Request Authentication Information

Secure USB unlock methods: (1). Get Password command (3). Compare (2). [Password] (4). Unlock command Defined unlock command exists Chipset USBEST UT163, SMI SM321~325, Skymedi SK6211/6281

Secure USB unlock methods: (1). Get Password command (3). Combination (2). [Auth. code] (4). [Unlock][Auth. code] command Sending defined unlock command with authentication information Chipset AlcorMicro AU6983

Secure USB unlock methods: General area Secure area Resizing Secure area command Applies when secured area exists in the back of unsecured area Resetting secured area s starting address to unsecured area s starting address Denying access to general area : it has to be obtained in advance Chipset Phsion PS2136

USBest UT163/UT165 series USBest UT163 series SINGANG MyStick, AXXEN i-bar, Transcend JetFlash Get Password Command 0xF8000000 02000000 01000000 (12bytes) Unlock Command 0xFC000000 00000000 0100 (10bytes) USBest UT165 series EK Black Cat, SELFIC SWING MINI, Kingmax Superstick Get Password Command 0xF8000000 04000000 01000000 (12bytes)

SMI SM321~325 series SMI SM321~325 series LG XTICK, Memorive T3, Zyrus Mini Swing Get Password Command 0xF0050000 00000000 00000001 00000000 (16bytes) Unlock Command 0xF1110000 00000000 00000001 00000000 (16bytes)

Skymedi SK6281/SK6211 series Skymedi SK6281 series AXXEN SKY CANDY, PLEOMAX, Kingston DataTraveler Get Password Command 0xD4000000 00010000 0000 (10bytes) Unlock Command 0xD8040000 00000000 0000 (10bytes) Skymedi SK6211 series LUXL-V Swing Get Password Command 0xD4000000 00010000 0000 (10bytes) Unlock Command 0xF1110000 00000000 00000001 00000000 (16bytes)

AlcorMicro AU6983 series AlcorMicro AU6983 series Transcend JetFlash Get Authorization Command 0xD4000000 00010000 0000 Unlock Command 0x74000000 00000000 0000 with [AUTHINFO]

Phison PS2136 series Phison PS2136 series PLEOMAX PUB-S80 Get Secure Area Command 0x0605494F 464F0000 0000 Set Secure Area Size 0x06060100 00000000 00000000 with 0x0D000000 0802[SIZEINFO]000000000000

Sandisk Contour Sandisk Contour Sandisk Contour Get Initialize Command 0xFF210000 00000000 00000000 00000000 Password Command 0xFFA20000 00000000 00000000 00000000 with [INITINFO]

Toshiba Toshiba Toshiba TransDrive Set Authorization Command 0xFF570000 00000000 0000 with [HASHINFO] Unlock Command 0xFF540000 00000000 0000 with [HASHINFO]

Detoured around by various USB controllers Security function can be detoured around by various USB controllers Controller Security configuration condition checking Whether password is obtained Whether security certification can be detoured around USBest UT163 O O O Skymedi SK6281 O O O SMI SM321 SM325 O O O Phison PS2136 O X O USBest UT165 O O X Skymedi SK6211 O O O AlcorMicro AU6983 O X O Sandisk Cruzer Contour O X O Toshiba O X O

Structure of the Secure USB bypassing tool

Secure USB Drive Bypass

USB Drive Trace HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\USBSTOR

USB Drive Security Application Trace %systemroot%\prefetch\*.pf

USB Drive Imaging

Conclusions Secure USB ByPassing tool Most secure USB Drive access is controlled, based on its Controller However, it does not send authentication information but simply send s unlock command to access Make it to support most of the controllers by utilizing a tool through an analysis. Future Research Analyzing more Controller based secure USB s authentication bypass ing methods Hardware(Encryption chip) based encryption and USB analysis

Thank you for attention jwbang@korea.ac.kr

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information