removing autorun from a flash drive

Robin Laing Robin.Laing at drdc-rddc.gc.ca
Wed Mar 11 14:48:20 UTC 2009


Bruno Wolff III wrote:
> On Tue, Mar 10, 2009 at 22:55:05 -0500,
>   Bruno Wolff III <bruno at wolff.to> wrote:
>> On Tue, Mar 10, 2009 at 17:47:04 -0400,
>>   Todd Denniston <Todd.Denniston at ssa.crane.navy.mil> wrote:
>>> Bruno Wolff III wrote, On 03/10/2009 05:34 PM:
>>>> Repartitioning the raw device would probably work. You would then create
>>>> a filesystem on the partition.
>>>>
>>> No, if you repartition the device, you wipe out the ability for the U3 
>>> removal tool to work, but the fake CD remains IIRC.
>> Maybe I am missing something. If you write over the blocks with the U3
>> tool, how does it not get erased?
>>
>> Is this tool located somewhere of than the normal blocks on the device?
> 
> I found some info, though it doesn't look like the full details are
> publicly known.
> 
> The device shows itself as two devices and indicates different types for
> each so that one looks like mass storage and the other a cd drive.
> It is suspected that nonstandard scsi commands are required to write
> to the cd device. Some people have tricked one of the available tools into
> loading custom isos into the cd portion of the device.
> So it looks like you do need a special tool if you want to have the space
> initially reserved for the cd image released for use in the normal part.
> Probably theer is some secret scsi command to do this that wouldn't be
> too hard to find if someone were serious about figuring it out.
> Why anyone would want one of these devices is beyond me. It's a security
> nightmare for both the computer being used (due to autorun being enabled)
> and the usb device owner (due to not just running code from the device).
> If you own both, there is no reason to have that feature.
> 

I agree with this.

When I had the software removed from one device.  The person that was 
doing it for me had to disconnect most USB devices from his computer. 
It also wouldn't work with the USB port on his monitor.

I did some searching at the time and found that there are keylogger 
tools that will auto install like a trojan onto the U3 partition.  Big 
security risk.

Also, my daughter had her stick with U3 on it for school.  The Mac 
computers would constantly corrupt the data because the dual partitions 
when unmounting.

Before I asked someone with Windows to remove the U3 code, I tried 
everything I could find to test this.  Even after this, I still needed a 
Windows box to remove the code.

On the download page for the tool, there was a comment box that I voiced 
my opinion on.


-- 
Robin Laing




More information about the fedora-list mailing list