[NBLUG/talk] CODi Encrypted Thumbdrive

Tom tahart at sonic.net
Mon Jul 30 19:26:31 PDT 2018


I’ll take it for $3. Sounds like a fun hacking project.

-tom

Sent from my iPhone

> On Jul 30, 2018, at 6:33 PM, William Tracy <afishionado at gmail.com> wrote:
> 
> So, this is what I get for buying an item off eBay without reading the entire description. :-)
> 
> I bought a "CODi" brand thumbdrive planning to reformat it and put Ubuntu on it. Imagine my surprise when it would only mount read-only on device /dev/sr0.
> 
> It turns out that CODi put a bit of effort into keeping people from tampering with their encryption system. It doesn't identify itself to the OS as a mass storage device, but as a USB CD-ROM drive. This exposes a read-only filesystem containing an INI file and a EXE file used to read/write encrypted data.
> 
> Apparently the included program can read and write to the device using some proprietary hardware interface. This is actually pretty clever in that there's no way to perform an offline brute force attack short of reverse-engineering the hardware. (The included software wipes the drive after a certain number of incorrect password attempts.)
> 
> Unfortunately, this makes the drive useless for my purposes. I'm going to try to get the seller to let me return it. Otherwise, if anyone else wants a 4Gb encrypted flash drive that only works with Windows, you can have it for five bucks. :-)
> 
> William Tracy
> afishionado at gmail.com
> (408) 685-4819
> 
> "Actually it's more like the 'j' in Eyjafjallajökull."
>  -- CamperBob2, on the pronunciation of the "my" in MySQL
> _______________________________________________
> talk mailing list
> talk at nblug.org
> http://nblug.org/cgi-bin/mailman/listinfo/talk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nblug.org/pipermail/talk/attachments/20180730/a00b965c/attachment.html>


More information about the talk mailing list