[Noisebridge-discuss] usb 'dead drops' at noisebridge?
epsas at evil-wire.org
epsas at evil-wire.org
Sun Oct 31 06:28:30 UTC 2010
My first thought is having a pc emulate a flash drive via linux usb-gadget and removing the need for building a decider circuit.
The usb jack would be eletronically isolated by an optocoupler for safety.
On Sat, Oct 30, 2010 at 09:47:45PM -0700, Seth David Schoen wrote:
> Mitch Altman writes:
>
> > Too cool an idea!
> >
> > Too bad that there's a high risk of trojans by connecting a Windows computer to one (autorun.inf files can run an EXE file upon plugging a USB drive in).
>
> I wonder what it would take to make a circuit that switched the
> storage device back and forth between the public connector and
> the USB port of a (hidden) "integrity check PC" installed by
> the same person who installed the whole setup:
>
> public connector -----\ /----- integrity check PC
> | |
> \-- decider --/
> |
> |
> storage
> volume
>
> The "decider" circuit would contain a couple of solid state relays
> that switched the storage volume between the public connector and
> the integrity check PC whenever the previous connection disconnected
> somehow (I don't know if the integrity check PC could actually
> electrically disconnect after unmounting, which seems like the
> easiest way to alert the decider circuit that it's time to switch;
> otherwise the integrity check PC could have its own separate
> connection to the decider to actively tell it that it's OK to
> switch back the other way).
>
> The integrity check PC could do three things:
>
> (1) run a vfat fsck on the storage volume to make sure that what
> was left was still a valid VFAT filesystem (in case of accidental
> or intentional corruption) -- especially important in case some
> operating systems' vfat implementations contain exploitable bugs
> that can be triggered by trying to mount a maliciously-crafted
> invalid filesystem;
>
> (2) reformat the disk as an empty vfat volume if the fsck fails too
> badly; and
>
> (3) mount the resulting filesystem and unconditionally delete any
> autorun file that exists at the top level.
>
> It wouldn't have to be much of a PC to do this stuff. Any old
> embedded system with a USB implementation should suffice. The
> challenging question for me is whether dosfsck can actually
> catch all of the potential forms of invalidity that could harm
> users (and whether dosfsck itself is exploitable!).
>
> Other ideas:
>
> . the integrity check PC could keep a backup of the "last valid
> mountable" state of the storage volume, and under certain
> conditions where a user appeared to have erased or corrupted the
> disk too badly, it would simply restore this state.
>
> . the integrity check PC could run a scan for Windows viruses,
> though arguably this is mostly useless and/or the responsibility
> the system's end-users.
>
> The biggest problem with this that I see is that it requires
> power, which the original concept doesn't.
>
> --
> Seth David Schoen <schoen at loyalty.org> | Qu? empresa f?cil no pensar en
> http://www.loyalty.org/~schoen/ | un tigre, reflexion?.
> http://vitanuova.loyalty.org/ | -- Borges, El Zahir
> _______________________________________________
> Noisebridge-discuss mailing list
> Noisebridge-discuss at lists.noisebridge.net
> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
More information about the Noisebridge-discuss
mailing list