[NBLUG/talk] CODi Encrypted Thumbdrive

William Tracy afishionado at gmail.com
Mon Jul 30 18:33:09 PDT 2018


So, this is what I get for buying an item off eBay without reading the
entire description. :-)

I bought a "CODi" brand thumbdrive planning to reformat it and put Ubuntu
on it. Imagine my surprise when it would only mount read-only on device
/dev/sr0.

It turns out that CODi put a bit of effort into keeping people from
tampering with their encryption system. It doesn't identify itself to the
OS as a mass storage device, but as a USB CD-ROM drive. This exposes a
read-only filesystem containing an INI file and a EXE file used to
read/write encrypted data.

Apparently the included program can read and write to the device using some
proprietary hardware interface. This is actually pretty clever in that
there's no way to perform an offline brute force attack short of
reverse-engineering the hardware. (The included software wipes the drive
after a certain number of incorrect password attempts.)

Unfortunately, this makes the drive useless for my purposes. I'm going to
try to get the seller to let me return it. Otherwise, if anyone else wants
a 4Gb encrypted flash drive that only works with Windows, you can have it
for five bucks. :-)

William Tracy
afishionado at gmail.com
(408) 685-4819

"Actually it's more like the 'j' in Eyjafjallajökull."
 -- CamperBob2, on the pronunciation of the "my" in MySQL
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nblug.org/pipermail/talk/attachments/20180730/0b1e91be/attachment.html>


More information about the talk mailing list