U3 encrypted thumbdrive

If offcourse the data was not encrypted before.

I would be surprised if it wasn't. I'd expect the U3 hardware to do approximately what an encrypting ATA drive does it always encrypts the data, but allows a password to be used to control access (not to encrypt anything).

My German is quite rusty, but my reading of the SySS attack is that they found a command protocol problem after a failed authentication, a request to mount the drive was not refused, as it should be. And as decryption did not depend on the password, but was done with a more-or-less permanently stored key, the disk contents could be accessed.

I would suspect that any fixes would be by correcting the command protocol, and thus refusing to honour a mount request unless an authetication has succeeded. Trying to involve the password in the encryption would make it very difficult to allow the user to change the password – the entire drive would need to be decrypted and reencrypted, and that process would need to be interruptable, as an USB stick can be pulled out at any moment. Not a good idea.

Added It should be kept in mind that 'U3' is an ambiguus description. The most widely use refers to the platform for running software straight from a USB stick. This needs no hardware support, and any encryption here can be by software only, with all the problems that invlves.

Hwever, U3 is also a hardware platform, which includes crypto hardware.

For that reason, claims that 'I read encrypted data off a U3 stick' must be investigated further does it refer to the U3 hardware platform or not? The U3 platform could be identified by using the U3 SDK – but with the disappearance of www.u3.org, I'm not sure if there is an offcial distribution anymore.

Yep ) , additionally MOST (if not all) controllers can be set (through their "Manufacturer Tool" or with an "user" utility specific to the controller ) to have the full stick encrypted with password (or have a "private" - still encrypted and password protected - partition on it).

These solutions AFAIK are "custom/proprietary" and each chip/manufacturer seems to have an "own" version/method.

That's the main reason for my "general attitude is pointless, specific data and reports may be useful" original reply to jekill's post.

jaclaz

Some info that appears like VERY useful
http//www.dfrws.org/

Secure USB bypassing tool
Jewan Bang, Byeongyeong Yoo, Sangjin Lee*
Center for Information Security Technologies, Korea University, Seoul, Republic of Korea

http//www.dfrws.org/2010/proceedings/bang.pdf
http//www.dfrws.org/2010/proceedings/2010-313.pdf

jaclaz

I know,
I Have posted the links earlier in this topic.
For the secure bypassing tool they ask 1100 dollar. But it does not work with the sandisk cruzer.

I have contacted Jewan Bang himselve, he wanted to help me; but for no, I don't know why, the communications Stoped.

I found the tool on a website from FOUR&SIX TECH company on www.secubox.co.kr

But the USB lockPass program showed in the document is version 1.6 and the one sold is version 1.0. I doubt the sale is legal and thrustfully.

Secure USB bypassing tool
Jewan Bang, Byeongyeong Yoo, Sangjin Lee*
Center for Information Security Technologies, Korea University, Seoul, Republic of Korea

Great Find.

I found the tool on a website from FOUR&SIX TECH company on www.secubox.co.uk.

Looks like the link you posted is dead, but I guess you were referring to this one
http//4n6tech.com/pro_eng/info/info.php?pn=1&sn=3

Looks legit, but this is a real gamble and I wouldn't trust it enough to buy it without getting verification from the dev that it has worked on your device in the past. As Jaclaz has mentioned, the implementation of security on these devices is not standardised and includes access control to the data partition from the controller as well as software and hardware level encryption. Any solution like this is going to really be hit and miss.

I wrote down the wrong link, it should be
http//www.secubox.co.kr/en_usblockpass

I know,
I Have posted the links earlier in this topic.

Sorry oops didn't notice them, I thought they were pdf's related to the proof of concept on www.syss.de.

Our Korean friends appear like having a very good knowledge of the USB bus and flash devices, but none whatsoever about marketing…. wink roll

jaclaz

I guess this doesn't help your situation, but I am now curious as to what makes this possible.

I believe that once you unlock the partition, as long as the U3 device has power, it will remain unlocked. Was this a warm reboot or a cold reboot?

Warm. Thanks,

I realise that I am a little behind on this one, having only just read this thread from the beginning - another trick to doing this is to use a powered USB KVM, you can unlock on one machine and then switch the machines - the USB switches and the unlocked drive is accessible on the second. An interesteing issue we discovered when we were trying to physically separate two networks of different security levels …