USB Write Blocker : Makes any USB drive Write protected.

By +Warwagon
in Hardware Hangout

 Share

Recommended Posts

Mentor

Karl L.

Posted
Posted

Your script works for /bin/bash. By changing a few things that are bashisms (Bash specific), your script would be more portable. I'll post something when I get to a terminal at home.

What's wrong with bashisms? They exist to make shell scripting more convenient. I never intended this script for use outside of a modern GNU/Linux environment, but, honestly, OS X ships with BASH by default and it is easily installable on FreeBSD.

If it's in public domain it doesn't need one. Otherwise what gives? Can I modify and redistribute your code? If so in what terms?

Although I normally license BSD, since I did not give this script a license, you may use it in the public domain. I would appreciate some credit if you make a derivative, however.

Grand Master

ozgeek

Posted
Posted

That device you've showed there has the same flaw as cheap IDE or SATA drive write blockers, it only catches the most common write codes, so yeah, for the majority of the time you won't be able to write to it.

From doing forensics before, if you're worried about malware, you've just wasted your money.

I suspected this. Even though it claims ot block writes to the drive, it mightn't do a good job at it. Even with the write-blocker, comptuers might be able to overcome the blocker and infect your usb-sticks. You never know. To be really sure that nothing can be written, use a media that actually only have "1 write and that's it". like a CD-R.

I bought too much computer crap like this to know that you actually don't need these. They become dust-collectors after a few uses.

Grand Master

+Warwagon MVC

Posted
  • Author
  • MVC
Posted

I bought too much computer crap like this to know that you actually don't need these. They become dust-collectors after a few uses.

Hmm... Darn, so much for that then. Well maybe i'll find some use for it. On the plus side, it's deductible :D

Grand Master

goretsky Supervisor

Posted
  • Supervisor
Posted

Hello,

It will be interesting to read your review on the device when it arrives. Do you think you could test it with a variety of file system formats and capacities of rewriteable media?

Regards,

Aryeh Goretsky

Grand Master

Japlabot

Posted
Posted

$160 is too much, for that price I could get 32 USB sticks prepared for potentially malware-infested systems and after 32 uses go and re-wipe and re-copy the software.

Or get a U3 device with a virtual CD drive and use a utility to write an ISO file to the USB drive which is read only

Grand Master

+virtorio MVC

Posted
  • MVC
Posted

I tried finding some USB sticks with the write protect switch to use for installing our software on peoples (often virus filled) laptops in our training sessions. Optical discs are no good as the data it uses can be up to 20 GB. I found only one and it cost a fortune, so in the end we just went with SD cards (which do have write protect switches on them) with a USB card reader.

This thing would be interesting if it were, say, $140 cheaper.

Grand Master

goretsky Supervisor

Posted
  • Supervisor
Posted

Hello,

I would think of starting with a variety of internal commands and applications (DISKPART, FORMAT, DISKMGMT, Windows Explorer, the various Office applications, file archiving utilities, file management programs, etc.) just to see if there was any common programs behave differently. I'd also be interested to see if things like FAT12, FAT16, FAT32, NTFS, ExFAT make a difference. USB-wise, lots of USB flash drives (including older, smaller capacity ones, if possible), optical drives and even a floppy diskette drive, if you have one.

I know, it's a lot of work, but, it's an interesting subject!

Regards,

Aryeh Goretsky

Does anyone know of some software I can use to test the device which does unusual writes?

Grand Master

n_K

Posted
Posted

Does anyone know of some software I can use to test the device which does unusual writes?

Nope, you'd have to make your own or find malware that does it, normal everyday software isn't made to send spoof commands to bypass write protection bloks.

Mentor

Karl L.

Posted
Posted

Nope, you'd have to make your own or find malware that does it, normal everyday software isn't made to send spoof commands to bypass write protection bloks.

I'm very curious as to what that would look like. Could you provide a code snipet that does what you are talking about? I did a quick Google search and couldn't find anything of the sort.

Grand Master

+Warwagon MVC

Posted
  • Author
  • MVC
Posted

I'm very curious as to what that would look like. Could you provide a code snipet that does what you are talking about? I did a quick Google search and couldn't find anything of the sort.

ya me too

Grand Master

n_K

Posted
Posted

As said I'm no longer at the university so don't have any of the stuff and it's not likely to be just randomly around on the net. Look up spec sheets on USB specs and whatnot for things like 'null' data that the device ignores and if you've got the time and skill, put them into programs and try them.

  • 7 months later...
Grand Master

+Warwagon MVC

Posted
  • Author
  • MVC
Posted

http://www.neowin.ne...-security-patch

and people wonder why I don't plug in USB drives into my system which are not write protected (Physical switch, and by write protected I mean write protected while inserted into a customers machine) and that I don't have control over. In this case it's modified USB descriptors, which I don't think malware can alter, this has been in windows for quite some time. What else don't we know about.

Grand Master

goretsky Supervisor

Posted
  • Supervisor
Posted

Hello,

From my reading of the article, it appears this vulnerability occurs at the a USB flash drive is enumerated, e.g., identified by the system. I do not think protecting against writes to USB flash drives would, in this case, have any effect, since the operation occurs when the drive is read from and not written to. What this attack actually reminds me of are similar exploits which were (or are) used against FireWire.

Your point about trusting external media is quite valid, and users with earlier versions of Microsoft Windows should verify AutoRun is turned off and fully patched. While that certainly won't stop all attacks, it will, at least, improve security.

Regards,

Aryeh Goretsky

http://www.neowin.ne...-security-patch

and people wonder why I don't plug in USB drives into my system which are not write protected (Physical switch, and by write protected I mean write protected while inserted into a customers machine) and that I don't have control over. In this case it's modified USB descriptors, which I don't think malware can alter, this has been in windows for quite some time. What else don't we know about.

Grand Master

The_Decryptor Veteran

Posted
  • Veteran
Posted

It's a bit of a call back, but this caught my eye.

lolwut... optical drives? it hurts my brain just thinking about it.

slow burn time... no/slow rewrite... not to mention that many machines now have no optical drives.

That's basically a point, with a CD-R you can't change the disk contents, i.e. malware can never attack it. Get a USB optical drive (I got one for like $20 months back to replace the dead drive in my Mac Mini) and a burnt CD with rescue tools/a live Linux install and work on just about anything (Y)

Grand Master

+Warwagon MVC

Posted
  • Author
  • MVC
Posted

Hello,

From my reading of the article, it appears this vulnerability occurs at the a USB flash drive is enumerated, e.g., identified by the system. I do not think protecting against writes to USB flash drives would, in this case, have any effect, since the operation occurs when the drive is read from and not written to. What this attack actually reminds me of are similar exploits which were (or are) used against FireWire.

Your point about trusting external media is quite valid, and users with earlier versions of Microsoft Windows should verify AutoRun is turned off and fully patched. While that certainly won't stop all attacks, it will, at least, improve security.

Regards,

Aryeh Goretsky

I know the vulnerability does not care if the USB device is write protected or not. By write protection I meant it would stop the USB device from getting infected on the customers machine in the first place.. if that was possible.

Proficient

Ace

Posted
Posted
How about a better idea and NOT use USB drives in infected machines. Burn a CD with whatever utilities that you need. ZERO chance of infection.

Better still, buy an ISOStick or Zalman's ZM-VE300 HDD enclosure. Both have write protect switches.

  • goretsky and +Warwagon
  • Like 2
Grand Master

+Warwagon MVC

Posted
  • Author
  • MVC
Posted

Better still, buy an ISOStick or Zalman's ZM-VE300 HDD enclosure. Both have write protect switches.

OMG Thank you for letting me know about the ISOstick. It looks AMAZING! Ordered one!

Other way around, the USB device isn't what's being attacked, it's what's doing the attacking, they adjusted what information the chipset sends to the host to exploit a flaw in how it parsed that information.

Correct. I didn't say it was. What I meant was, if it was at all possible for a virus to modify the chips firmware to make a stick which would attack, then a write protection should might be useful on it to stop it from modified.

Grand Master

goretsky Supervisor

Posted
  • Supervisor
Posted

Hello,

Kanguru is one of the few USB flash drive manufacturers that still makes models with a hardware write-protect switch.

Of course, you could also use an SDHC Card (which has a hardware write-protection switch) in a card reader, but from looking at this Wikipedia article, it's not clear to me how permanent setting the switch is on an SDHC Card, as it appears there may be a way to bypass it. The article is a little ambiguous about the details, though.

There are also several programs one can run which place a "garbled" entry for an AUTORUN.INF file on a USB flash drive. While I do not know for certain how effective this is in the real world, as anything which is done in software can be undone in software, it should prove effective against at least some worms which spread via USB drive in that fashion. Both BitDefender and Panda Security have free programs which perform this operation.

Regards,

Aryeh Goretsky

This topic is now closed to further replies.
 Share
Go to topic listing

  • Posts

    • Why you need to take back control of your synced passwords and how to go about doing that

      By +Warwagon · Posted

      I love syncback!
    • Politically funny images of the World

      By +primortal · Posted

    • Get $50 of aloSIM Mobile Data Traveler eSim credit for just $24.97

      By News Staff · Posted

      Get $50 of aloSIM Mobile Data Traveler eSim credit for just $24.97 by Steven Parker Today's highlighted deal comes via our Apps + Software section of the Neowin Deals store, where you can save 50% off aloSIM Mobile Data Traveler Lifetime eSim Credit: Pay $24.97 for $50. Stay connected affordably in 120+ countries/regions with your own lifetime eSIM! An eSIM is a digital SIM card. It's basically just mobile data. Once it's activated on your device, it can connect you to data networks in other countries – giving you an internet connection with NO roaming charges. With aloSIM, you can load prepaid eSIM data packages onto your phone, tablet, or computer. Your lifetime eSIM never expires, so it's yours forever and there are never any monthly charges. You'll get $50 in eSIM data credit, which is almost always enough to cover all your data roaming needs for a full year. But if you run out of data, you can always top up your lifetime eSIM and stay connected internationally. Pay $24.97 for a lifetime eSIM with $50 in travel data credit Use your eSIM to join data networks in 120+ countries Install your lifetime eSIM on a compatible device to roam on local data networks Your lifetime eSIM never expires, and can be topped up with more data anytime Many data packages cost as little as $4.50 and last 7 days. Depending on the package you choose, the length of time varies. Good to know Length of access: lifetime For NEW customers only Instant digital redemption Once you add your $50 credit to your aloSim account you have up to 12-months to use it — after that your credit will expire When you pay for a data plan you also get a free phone number (via Hushed) for the same duration of your plan that was purchased - IE 7 day eSim plan gives you a free 7-day phone number Purchased coupon must be redeemed and used within 12 months This deal is not stackable (one offer per aloSIM account) A $4.50 data package will last 7 days The data DOES expire, and you WILL NOT have any leftover data for your next trip unless it takes place within the validity period. While the eSIM never expires, the actual data package is only valid for the length of time stated at purchase (i.e. seven days after activation, 30 days after activation, etc.) So if you buy a seven-day package and only use a tiny bit, that package is still going to expire after seven days. Access options: mobile (check compatibility) Max number of device(s): 1 Updates included Here's the deal: This aloSIM Mobile Data Traveler eSim $50 Credit normally costs ... $50, but it can be yours for just $24.97 for a limited time, a saving of $25 (50% off). For specifications, and license info please click the link below. Get this aloSIM Mobile Data Traveler eSim for just $24.97 (was $50) Although priced in U.S. dollars, this deal is available for digital purchase worldwide. Support queries If you have queries or need support for any of the Neowin Deals, please use the contact form here. Neowin Deals are managed and sold by StackCommerce who represent Neowin on an affiliate basis. Why we post these deals We post these because we earn commission on each sale so as not to rely solely on advertising, which many of our readers block. It all helps toward paying staff reporters, servers and hosting costs. So for those that keep moaning and complaining, be thankful we're still online for you to even do that. Other ways to support Neowin Whitelist Neowin by not blocking our ads Create a free member account to see fewer ads Make a donation to support our day to day running costs Subscribe to Neowin - for $14 a year, or $28 a year for an ad-free experience Disclosure: Neowin benefits from revenue of each sale made through our branded deals site powered by StackCommerce.
    • The Microsoft Office feature that time forgot

      By Fraud OS 11 · Posted

      WordArt was cool. We now have color fonts as a substitute although Word only supports COLRv0 and COLRv1 (Fraud OS 11 only). The OpenType SVG color font format needs to be supported by Office. Adobe's apps support it
    • Why you need to take back control of your synced passwords and how to go about doing that

      By fintechfooty · Posted

      i backup my files, incl keepass to my proton drive using Syncback which i paid for (thanks Warwagon!). they have a free version but i can't remember what it does and doesn't do anymore. anyways, it's really, really simple and easy to use. i also periodically keep backups of my keepass onsite especially when i've changed or added a password that is important to me. if you don't wanna spend time on the syncthing setup, get syncback. haha i even got my dad to use it for his backups to usb and he doesn't even need my help!!! (thank god!)

  • Recent Achievements

    • First Post
      DrWankel earned a badge
      First Post
    • Reacting Well
      DrWankel earned a badge
      Reacting Well
    • Week One Done
      Supreme Spray LV earned a badge
      Week One Done
    • One Month Later
      Genuinetonerink- Dubai earned a badge
      One Month Later
    • Week One Done
      Genuinetonerink- Dubai earned a badge
      Week One Done

  • Popular Contributors

    1. 1
      +primortal
      496
    2. 2
      +Edouard
      158
    3. 3
      PsYcHoKiLLa
      92
    4. 4
      Steven P.
      74
    5. 5
      Michael Scrip
      72
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!