SlideShare una empresa de Scribd logo

[SCTI 2011] - (Des)protegendo mídias USB

SCTI UENF
SCTI UENF

Palestrada ministrada por Fernando Mercês na SCTI 2011

TecnologíaNoticias y política
1 de 19
Descargar para leer sin conexión
 Experiência em missão crítica de missão crítica  Pioneira no ensino de Linux à distância  Parceira de treinamento IBM  Primeira com LPI no Brasil  + de 30.000 alunos satisfeitos  Reconhecimento internacional  Inovação com Hackerteen e Boteconet www.4linux.com.br 2 / 19
(Un)protecting USB storage media www.4linux.com.br 3 / 19
Opportunity The reverse engineering researcher cant act at: ● Open source resource reimplementation ● Fork projects creation www.4linux.com.br 4 / 19
$ whoami ● Open Source Software Consultant at 4Linux. ● C language fan (RIP DMR). ● Free and Open Source Software lover. ● Maintainer of pev, T50, hdump, USBForce and other little tools. ● LPIC-2, A+. ● Reverse Engineering enthusiast. www.4linux.com.br 5 / 19
Agenda ● Motivation ● Infection via USB ● Existing protection methods ● Protection method idea ● Demonstration ● Writing a tool ● Conclusion ● References www.4linux.com.br 6 / 19
Motivation ● High infection risk. ● Lack of effective protections. ● Network security bypass. ● Hard administration. ● Users want USB! www.4linux.com.br 7 / 19
Infection via USB ● autorun.inf (obfuscated or not). ● Not easy to detect (normal users). ● Automatic and fast. www.4linux.com.br 8 / 19
Existing protections methods ● Disable Autorun (Windows registry). ● USB Antivirus/”firewalls”. ● Windows policies. ● USBForce does this work. www.4linux.com.br 9 / 19
Protection method idea ● Make autorun.inf read-only. ● The storage partition needs to be still writable. ● Immunize USB storage media against infections. ● There is proprietary tool to do it called Panda USB Vaccine. ● I don't know yet HOW (internally) works, but it works. I need to learn the method. www.4linux.com.br 10 / 19
Demonstration Video: Reversing Vaccine Technique www.4linux.com.br 11 / 19
Writing a tool ● FAT-32 attributes byte Bit 0 – 0x01 – read only Bit 1 – 0x02 – hidden Bit 2 – 0x04 – system Bit 3 – 0x08 – volume name Bit 4 – 0x10 – subdirectory Bit 5 – 0x20 – archive Bit 6 – 0x40 – unused 1 Bit 7 – 0x80 – unused 2 www.4linux.com.br 12 / 19
Writing a tool ●Windows API function CreateFile does not recognize 0x40 attribute. ● libfat (Linux) also does not work. ● ioctl does not work =( ● The unused attributes are undefined (probably reserved for future use). ● Creates an “undeletable” autorun.inf. ● Sets the attributes 0x40 (unused) and 0x02 (hidden). ● Free and Open Source Software. www.4linux.com.br 13 / 19
Writing a tool 1. Create a regular autorun.inf file. 2. Identify FAT-32 structures. 3. Read structures to search for autorun.inf file entry in table. 4. Look for attribute byte. 5. Set 0x40 attribute. It's a good idea to set 0x02 attribute too. www.4linux.com.br 14 / 19
The new tool: OpenVaccine ● Written in C. ● Originally designed for Linux. ● Creates an autorun.inf file. ● Immunize USB storage medias. ● Creates an “undeletable” autorun.inf. ● Sets the attributes 0x02 (hidden) and 0x40 (unused). ● Free and Open Source Software (GPLv3). ● USE AT OWN RISK. Backup first. ;) www.4linux.com.br 15 / 19
The new tool: OpenVaccine $ sudo ./openvaccine /dev/sdd1 /media/DANI1G/ OpenVaccine 0.8 by Fernando Mercês (fernando@mentebinaria.com.br) Partition /dev/sdd1  + FAT32 (mkdosfs)  + 1.86G (1949696 bytes)  + mirroring enabled  + 1952690 sectors  + 512 bytes per sector  + 4k clusters  + serial is 3673364101 autorun.inf created at sector 0xf04, byte 0x20 (offset  0x1e0620). www.4linux.com.br 16 / 19
Conclusion ● I have studied FAT-32 filesystems only. ●OpenVaccine will create an “undeletable” autorun.inf, so with source code, it's easy to write a tool that deletes it. ● I think USB will still be a problem, but this tool can minimize risks. ● Use reversing for open source reimplementation! www.4linux.com.br 17 / 19
References ● Paper (in Portuguese) www.mentebinaria.com.br/textos#0x1a ● OpenVaccine http://openvaccine.sf.net ● USBForce http://usbforce.sf.net ● Demo video http://va.mu/J4yY (case sensitive) www.4linux.com.br 18 / 19
Thank you! Fernando Mercês (@MenteBinaria) fernando.merces@4linux.com.br www.4linux.com.br www.hackerteen.com twitter.com/4LinuxBR +55 (11) 2125-4747 www.4linux.com.br 19 / 19

Recomendados

4910BasicProjectManagement
4910BasicProjectManagement4910BasicProjectManagement
4910BasicProjectManagementMichael Birdsong
 
[SCTI 2011] - CLI: sobrevivendo na linha de comando
[SCTI 2011] - CLI: sobrevivendo na linha de comando[SCTI 2011] - CLI: sobrevivendo na linha de comando
[SCTI 2011] - CLI: sobrevivendo na linha de comandoSCTI UENF
 
[SCTI 2011] - Groupwares e os Espaços Virtuais: problemas, soluções e desafios
[SCTI 2011] - Groupwares e os Espaços Virtuais: problemas, soluções e desafios[SCTI 2011] - Groupwares e os Espaços Virtuais: problemas, soluções e desafios
[SCTI 2011] - Groupwares e os Espaços Virtuais: problemas, soluções e desafiosSCTI UENF
 
Segurança em Servidores de Games - (Minicraft)
Segurança em Servidores de Games - (Minicraft)Segurança em Servidores de Games - (Minicraft)
Segurança em Servidores de Games - (Minicraft)Bruno Alexandre
 
Seminario Seguranca da Informação
Seminario Seguranca da InformaçãoSeminario Seguranca da Informação
Seminario Seguranca da InformaçãoMariana Gonçalves Spanghero
 
[SCTI 2011] - Fundamentos da Segurança da Informação
[SCTI 2011] - Fundamentos da Segurança da Informação[SCTI 2011] - Fundamentos da Segurança da Informação
[SCTI 2011] - Fundamentos da Segurança da InformaçãoSCTI UENF
 
Palestra: Pentest - Intrusão de Redes
Palestra: Pentest - Intrusão de RedesPalestra: Pentest - Intrusão de Redes
Palestra: Pentest - Intrusão de RedesBruno Alexandre
 
Técnicas forenses para a recuperação de arquivos
Técnicas forenses para a recuperação de arquivosTécnicas forenses para a recuperação de arquivos
Técnicas forenses para a recuperação de arquivosCampus Party Brasil
 

Recomendados

4910BasicProjectManagement
4910BasicProjectManagement4910BasicProjectManagement
4910BasicProjectManagementMichael Birdsong
 
[SCTI 2011] - CLI: sobrevivendo na linha de comando
[SCTI 2011] - CLI: sobrevivendo na linha de comando[SCTI 2011] - CLI: sobrevivendo na linha de comando
[SCTI 2011] - CLI: sobrevivendo na linha de comandoSCTI UENF
 
[SCTI 2011] - Groupwares e os Espaços Virtuais: problemas, soluções e desafios
[SCTI 2011] - Groupwares e os Espaços Virtuais: problemas, soluções e desafios[SCTI 2011] - Groupwares e os Espaços Virtuais: problemas, soluções e desafios
[SCTI 2011] - Groupwares e os Espaços Virtuais: problemas, soluções e desafiosSCTI UENF
 
Segurança em Servidores de Games - (Minicraft)
Segurança em Servidores de Games - (Minicraft)Segurança em Servidores de Games - (Minicraft)
Segurança em Servidores de Games - (Minicraft)Bruno Alexandre
 
Seminario Seguranca da Informação
Seminario Seguranca da InformaçãoSeminario Seguranca da Informação
Seminario Seguranca da InformaçãoMariana Gonçalves Spanghero
 
[SCTI 2011] - Fundamentos da Segurança da Informação
[SCTI 2011] - Fundamentos da Segurança da Informação[SCTI 2011] - Fundamentos da Segurança da Informação
[SCTI 2011] - Fundamentos da Segurança da InformaçãoSCTI UENF
 
Palestra: Pentest - Intrusão de Redes
Palestra: Pentest - Intrusão de RedesPalestra: Pentest - Intrusão de Redes
Palestra: Pentest - Intrusão de RedesBruno Alexandre
 
Técnicas forenses para a recuperação de arquivos
Técnicas forenses para a recuperação de arquivosTécnicas forenses para a recuperação de arquivos
Técnicas forenses para a recuperação de arquivosCampus Party Brasil
 
(Un)Protecting USB Storage Media
(Un)Protecting USB Storage Media(Un)Protecting USB Storage Media
(Un)Protecting USB Storage MediaFernando Mercês
 
Android Variants, Hacks, Tricks and Resources presented at AnDevConII
Android Variants, Hacks, Tricks and Resources presented at AnDevConIIAndroid Variants, Hacks, Tricks and Resources presented at AnDevConII
Android Variants, Hacks, Tricks and Resources presented at AnDevConIIOpersys inc.
 
Headless Android
Headless AndroidHeadless Android
Headless AndroidOpersys inc.
 
Malware analysis, threat intelligence and reverse engineering
Malware analysis, threat intelligence and reverse engineeringMalware analysis, threat intelligence and reverse engineering
Malware analysis, threat intelligence and reverse engineeringbartblaze
 
IoT: LoRa and Java on the PI
IoT: LoRa and Java on the PIIoT: LoRa and Java on the PI
IoT: LoRa and Java on the PIJWORKS powered by Ordina
 
Hello, Python
Hello, PythonHello, Python
Hello, Pythonhardwyrd
 
Introduction to iOS Penetration Testing
Introduction to iOS Penetration TestingIntroduction to iOS Penetration Testing
Introduction to iOS Penetration TestingOWASP
 
Pentester++
Pentester++Pentester++
Pentester++CTruncer
 
Embedded Linux primer
Embedded Linux primerEmbedded Linux primer
Embedded Linux primerDrew Fustini
 
Android Hacks, Variants, Tricks and Resources ESC SV 2012
Android Hacks, Variants, Tricks and Resources ESC SV 2012Android Hacks, Variants, Tricks and Resources ESC SV 2012
Android Hacks, Variants, Tricks and Resources ESC SV 2012Opersys inc.
 
Part 1 of 'Introduction to Linux for bioinformatics': Introduction
Part 1 of 'Introduction to Linux for bioinformatics': IntroductionPart 1 of 'Introduction to Linux for bioinformatics': Introduction
Part 1 of 'Introduction to Linux for bioinformatics': IntroductionJoachim Jacob
 
IoT Session Thomas More
IoT Session Thomas MoreIoT Session Thomas More
IoT Session Thomas MoreKevin Van den Abeele
 
Cc internet of things @ Thomas More
Cc internet of things @ Thomas MoreCc internet of things @ Thomas More
Cc internet of things @ Thomas MoreJWORKS powered by Ordina
 
Leveraging Android's Linux Heritage at AnDevCon IV
Leveraging Android's Linux Heritage at AnDevCon IVLeveraging Android's Linux Heritage at AnDevCon IV
Leveraging Android's Linux Heritage at AnDevCon IVOpersys inc.
 
Management Zabbix with Terraform
Management Zabbix with TerraformManagement Zabbix with Terraform
Management Zabbix with TerraformAécio Pires
 
IoT em tempo real com Firebase e JavaScript
IoT em tempo real com Firebase e JavaScriptIoT em tempo real com Firebase e JavaScript
IoT em tempo real com Firebase e JavaScriptHenri Cavalcante
 
Combining Machine Learning with Physical Computing - June 2022
Combining Machine Learning with Physical Computing - June 2022Combining Machine Learning with Physical Computing - June 2022
Combining Machine Learning with Physical Computing - June 2022Hal Speed
 
Top 10 Tips for Beginning Linux Users
Top 10 Tips for Beginning Linux UsersTop 10 Tips for Beginning Linux Users
Top 10 Tips for Beginning Linux UsersSt. Petersburg College
 
DT2014-15 S01: Digital Toolbox
DT2014-15 S01: Digital ToolboxDT2014-15 S01: Digital Toolbox
DT2014-15 S01: Digital ToolboxCarlos Cámara
 
Get your FLOSS problems solved
Get your FLOSS problems solvedGet your FLOSS problems solved
Get your FLOSS problems solvedRex Tsai
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 

Más contenido relacionado

Similar a [SCTI 2011] - (Des)protegendo mídias USB

(Un)Protecting USB Storage Media
(Un)Protecting USB Storage Media(Un)Protecting USB Storage Media
(Un)Protecting USB Storage MediaFernando Mercês
 
Android Variants, Hacks, Tricks and Resources presented at AnDevConII
Android Variants, Hacks, Tricks and Resources presented at AnDevConIIAndroid Variants, Hacks, Tricks and Resources presented at AnDevConII
Android Variants, Hacks, Tricks and Resources presented at AnDevConIIOpersys inc.
 
Malware analysis, threat intelligence and reverse engineering
Malware analysis, threat intelligence and reverse engineeringMalware analysis, threat intelligence and reverse engineering
Malware analysis, threat intelligence and reverse engineeringbartblaze
 
Hello, Python
Hello, PythonHello, Python
Hello, Pythonhardwyrd
 
Introduction to iOS Penetration Testing
Introduction to iOS Penetration TestingIntroduction to iOS Penetration Testing
Introduction to iOS Penetration TestingOWASP
 
Pentester++
Pentester++Pentester++
Pentester++CTruncer
 
Embedded Linux primer
Embedded Linux primerEmbedded Linux primer
Embedded Linux primerDrew Fustini
 
Android Hacks, Variants, Tricks and Resources ESC SV 2012
Android Hacks, Variants, Tricks and Resources ESC SV 2012Android Hacks, Variants, Tricks and Resources ESC SV 2012
Android Hacks, Variants, Tricks and Resources ESC SV 2012Opersys inc.
 
Part 1 of 'Introduction to Linux for bioinformatics': Introduction
Part 1 of 'Introduction to Linux for bioinformatics': IntroductionPart 1 of 'Introduction to Linux for bioinformatics': Introduction
Part 1 of 'Introduction to Linux for bioinformatics': IntroductionJoachim Jacob
 
Leveraging Android's Linux Heritage at AnDevCon IV
Leveraging Android's Linux Heritage at AnDevCon IVLeveraging Android's Linux Heritage at AnDevCon IV
Leveraging Android's Linux Heritage at AnDevCon IVOpersys inc.
 
Management Zabbix with Terraform
Management Zabbix with TerraformManagement Zabbix with Terraform
Management Zabbix with TerraformAécio Pires
 
IoT em tempo real com Firebase e JavaScript
IoT em tempo real com Firebase e JavaScriptIoT em tempo real com Firebase e JavaScript
IoT em tempo real com Firebase e JavaScriptHenri Cavalcante
 
Combining Machine Learning with Physical Computing - June 2022
Combining Machine Learning with Physical Computing - June 2022Combining Machine Learning with Physical Computing - June 2022
Combining Machine Learning with Physical Computing - June 2022Hal Speed
 
DT2014-15 S01: Digital Toolbox
DT2014-15 S01: Digital ToolboxDT2014-15 S01: Digital Toolbox
DT2014-15 S01: Digital ToolboxCarlos Cámara
 
Get your FLOSS problems solved
Get your FLOSS problems solvedGet your FLOSS problems solved
Get your FLOSS problems solvedRex Tsai
 

Similar a [SCTI 2011] - (Des)protegendo mídias USB (20)

(Un)Protecting USB Storage Media
(Un)Protecting USB Storage Media(Un)Protecting USB Storage Media
(Un)Protecting USB Storage Media
 
Android Variants, Hacks, Tricks and Resources presented at AnDevConII
Android Variants, Hacks, Tricks and Resources presented at AnDevConIIAndroid Variants, Hacks, Tricks and Resources presented at AnDevConII
Android Variants, Hacks, Tricks and Resources presented at AnDevConII
 
Headless Android
Headless AndroidHeadless Android
Headless Android
 
Malware analysis, threat intelligence and reverse engineering
Malware analysis, threat intelligence and reverse engineeringMalware analysis, threat intelligence and reverse engineering
Malware analysis, threat intelligence and reverse engineering
 
IoT: LoRa and Java on the PI
IoT: LoRa and Java on the PIIoT: LoRa and Java on the PI
IoT: LoRa and Java on the PI
 
Hello, Python
Hello, PythonHello, Python
Hello, Python
 
Introduction to iOS Penetration Testing
Introduction to iOS Penetration TestingIntroduction to iOS Penetration Testing
Introduction to iOS Penetration Testing
 
Pentester++
Pentester++Pentester++
Pentester++
 
Embedded Linux primer
Embedded Linux primerEmbedded Linux primer
Embedded Linux primer
 
Android Hacks, Variants, Tricks and Resources ESC SV 2012
Android Hacks, Variants, Tricks and Resources ESC SV 2012Android Hacks, Variants, Tricks and Resources ESC SV 2012
Android Hacks, Variants, Tricks and Resources ESC SV 2012
 
Part 1 of 'Introduction to Linux for bioinformatics': Introduction
Part 1 of 'Introduction to Linux for bioinformatics': IntroductionPart 1 of 'Introduction to Linux for bioinformatics': Introduction
Part 1 of 'Introduction to Linux for bioinformatics': Introduction
 
IoT Session Thomas More
IoT Session Thomas MoreIoT Session Thomas More
IoT Session Thomas More
 
Cc internet of things @ Thomas More
Cc internet of things @ Thomas MoreCc internet of things @ Thomas More
Cc internet of things @ Thomas More
 
Leveraging Android's Linux Heritage at AnDevCon IV
Leveraging Android's Linux Heritage at AnDevCon IVLeveraging Android's Linux Heritage at AnDevCon IV
Leveraging Android's Linux Heritage at AnDevCon IV
 
Management Zabbix with Terraform
Management Zabbix with TerraformManagement Zabbix with Terraform
Management Zabbix with Terraform
 
IoT em tempo real com Firebase e JavaScript
IoT em tempo real com Firebase e JavaScriptIoT em tempo real com Firebase e JavaScript
IoT em tempo real com Firebase e JavaScript
 
Combining Machine Learning with Physical Computing - June 2022
Combining Machine Learning with Physical Computing - June 2022Combining Machine Learning with Physical Computing - June 2022
Combining Machine Learning with Physical Computing - June 2022
 
Top 10 Tips for Beginning Linux Users
Top 10 Tips for Beginning Linux UsersTop 10 Tips for Beginning Linux Users
Top 10 Tips for Beginning Linux Users
 
DT2014-15 S01: Digital Toolbox
DT2014-15 S01: Digital ToolboxDT2014-15 S01: Digital Toolbox
DT2014-15 S01: Digital Toolbox
 
Get your FLOSS problems solved
Get your FLOSS problems solvedGet your FLOSS problems solved
Get your FLOSS problems solved
 

Último

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontologyjohnbeverley2021
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 

Último (20)

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 

[SCTI 2011] - (Des)protegendo mídias USB

  • 1.
  • 2. Experiência em missão crítica de missão crítica  Pioneira no ensino de Linux à distância  Parceira de treinamento IBM  Primeira com LPI no Brasil  + de 30.000 alunos satisfeitos  Reconhecimento internacional  Inovação com Hackerteen e Boteconet www.4linux.com.br 2 / 19
  • 3. (Un)protecting USB storage media www.4linux.com.br 3 / 19
  • 4. Opportunity The reverse engineering researcher cant act at: ● Open source resource reimplementation ● Fork projects creation www.4linux.com.br 4 / 19
  • 5. $ whoami ● Open Source Software Consultant at 4Linux. ● C language fan (RIP DMR). ● Free and Open Source Software lover. ● Maintainer of pev, T50, hdump, USBForce and other little tools. ● LPIC-2, A+. ● Reverse Engineering enthusiast. www.4linux.com.br 5 / 19
  • 6. Agenda ● Motivation ● Infection via USB ● Existing protection methods ● Protection method idea ● Demonstration ● Writing a tool ● Conclusion ● References www.4linux.com.br 6 / 19
  • 7. Motivation ● High infection risk. ● Lack of effective protections. ● Network security bypass. ● Hard administration. ● Users want USB! www.4linux.com.br 7 / 19
  • 8. Infection via USB ● autorun.inf (obfuscated or not). ● Not easy to detect (normal users). ● Automatic and fast. www.4linux.com.br 8 / 19
  • 9. Existing protections methods ● Disable Autorun (Windows registry). ● USB Antivirus/”firewalls”. ● Windows policies. ● USBForce does this work. www.4linux.com.br 9 / 19
  • 10. Protection method idea ● Make autorun.inf read-only. ● The storage partition needs to be still writable. ● Immunize USB storage media against infections. ● There is proprietary tool to do it called Panda USB Vaccine. ● I don't know yet HOW (internally) works, but it works. I need to learn the method. www.4linux.com.br 10 / 19
  • 11. Demonstration Video: Reversing Vaccine Technique www.4linux.com.br 11 / 19
  • 12. Writing a tool ● FAT-32 attributes byte Bit 0 – 0x01 – read only Bit 1 – 0x02 – hidden Bit 2 – 0x04 – system Bit 3 – 0x08 – volume name Bit 4 – 0x10 – subdirectory Bit 5 – 0x20 – archive Bit 6 – 0x40 – unused 1 Bit 7 – 0x80 – unused 2 www.4linux.com.br 12 / 19
  • 13. Writing a tool ●Windows API function CreateFile does not recognize 0x40 attribute. ● libfat (Linux) also does not work. ● ioctl does not work =( ● The unused attributes are undefined (probably reserved for future use). ● Creates an “undeletable” autorun.inf. ● Sets the attributes 0x40 (unused) and 0x02 (hidden). ● Free and Open Source Software. www.4linux.com.br 13 / 19
  • 14. Writing a tool 1. Create a regular autorun.inf file. 2. Identify FAT-32 structures. 3. Read structures to search for autorun.inf file entry in table. 4. Look for attribute byte. 5. Set 0x40 attribute. It's a good idea to set 0x02 attribute too. www.4linux.com.br 14 / 19
  • 15. The new tool: OpenVaccine ● Written in C. ● Originally designed for Linux. ● Creates an autorun.inf file. ● Immunize USB storage medias. ● Creates an “undeletable” autorun.inf. ● Sets the attributes 0x02 (hidden) and 0x40 (unused). ● Free and Open Source Software (GPLv3). ● USE AT OWN RISK. Backup first. ;) www.4linux.com.br 15 / 19
  • 16. The new tool: OpenVaccine $ sudo ./openvaccine /dev/sdd1 /media/DANI1G/ OpenVaccine 0.8 by Fernando Mercês (fernando@mentebinaria.com.br) Partition /dev/sdd1  + FAT32 (mkdosfs)  + 1.86G (1949696 bytes)  + mirroring enabled  + 1952690 sectors  + 512 bytes per sector  + 4k clusters  + serial is 3673364101 autorun.inf created at sector 0xf04, byte 0x20 (offset  0x1e0620). www.4linux.com.br 16 / 19
  • 17. Conclusion ● I have studied FAT-32 filesystems only. ●OpenVaccine will create an “undeletable” autorun.inf, so with source code, it's easy to write a tool that deletes it. ● I think USB will still be a problem, but this tool can minimize risks. ● Use reversing for open source reimplementation! www.4linux.com.br 17 / 19
  • 18. References ● Paper (in Portuguese) www.mentebinaria.com.br/textos#0x1a ● OpenVaccine http://openvaccine.sf.net ● USBForce http://usbforce.sf.net ● Demo video http://va.mu/J4yY (case sensitive) www.4linux.com.br 18 / 19
  • 19. Thank you! Fernando Mercês (@MenteBinaria) fernando.merces@4linux.com.br www.4linux.com.br www.hackerteen.com twitter.com/4LinuxBR +55 (11) 2125-4747 www.4linux.com.br 19 / 19