2012年7月17日星期二

USB Plug-over bypass attack on Integral USB Drive.

I was read this article "Crypto hardware Plug-over attack" (Crypto-plug-over-attack) the other day. And think will be a nice weekend project. I happened to have 2 Integral Crypto USB drives. Integral claim this drive is enhanced with 256 bit hardware based AES encryption and FIPS 197 approved, which allowing for advanced security of confidential data. However it only works on Windows. :(

From Thice's article, the reason why this work, because after user unlock the USB drive, for some reason the encryption system isn’t able to lock itself again. Even after switch USB drive over to a new system, as long as power is provided. So if we can find some way to provide un-cut power. We can keep access the data on USB drive without provide passwords.

The schematic overview

 
As picture shows, we only able to access date after unlock it.                        

 
But it dos not work under Linux system! :(                                                           
                                                     
 
 If unlocked under Windows 1st. and switch to Linux.                             


Because the power is uncut, we now can access the data without ask for password anymore.