Jump to content

how to turn any USB drive into a switchblade

Guest MaxDamage

By Guest MaxDamage
in USB Hacks

 Share

Recommended Posts

  • Replies 94
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

a5an0 Newbie

a5an0

Posted
Posted

lol. yeah, linux has a way of .... healing itself..

Anyway, where I got stuck (and thought I bricked my drive) was that I ended up with the entire drive as a cdrom and it wouldnt let me reformat. which is bad. So i did 

dd if=/dev/zero of=/dev/sdb

and let it run for a minute, Control-C'd it, unplugged the drive, plugged it back in, and I could reformat (I ended up doing fat32)

Link to comment
Share on other sites
gameman733 Newbie

gameman733

Posted
Posted

Ok, so does NTFS hold the magic touch or what? It didnt seem to change much on my jumpdrive. Another note worth pointing out, are we editing the first byte of the partition or the first byte of the disk itself

MaxDamage: just an idea, but put a hex dump of the first sector up so that we can compare whats different?

Link to comment
Share on other sites
manuel Newbie

manuel

Posted
Posted
Ok, so does NTFS hold the magic touch or what? It didnt seem to change much on my jumpdrive. Another note worth pointing out, are we editing the first byte of the partition or the first byte of the disk itself

MaxDamage: just an idea, but put a hex dump of the first sector up so that we can compare whats different?

Everything gameman733 and I tried simply did not work.

So another thing that could help is if you could post the images you sent Darren. (use www.kimag.es if you have to).

Thanks,

Manuel

Link to comment
Share on other sites
Jester Newbie

Jester

Posted
Posted

Okay here is the output of dmesg when I plug in any of my USB drives now

[17227942.352000] usb 4-1: USB disconnect, address 12

[17227947.128000] usb 4-1: new high speed USB device using ehci_hcd and address 13

[17227947.260000] scsi10 : SCSI emulation for USB Mass Storage devices

[17227947.260000] usb-storage: device found at 13

[17227947.260000] usb-storage: waiting for device to settle before scanning

[17227952.260000] Vendor: SanDisk Model: Cruzer Micro Rev: 0.1

[17227952.260000] Type: Direct-Access ANSI SCSI revision: 02

[17227952.260000] SCSI device sda: 501759 512-byte hdwr sectors (257 MB)

[17227952.264000] sda: Write Protect is off

[17227952.264000] sda: Mode Sense: 03 00 00 00

[17227952.264000] sda: assuming drive cache: write through

[17227952.264000] SCSI device sda: 501759 512-byte hdwr sectors (257 MB)

[17227952.264000] sda: Write Protect is off

[17227952.264000] sda: Mode Sense: 03 00 00 00

[17227952.264000] sda: assuming drive cache: write through

[17227952.264000] sda: sda1

[17227952.268000] sd 10:0:0:0: Attached scsi removable disk sda

[17227952.268000] sd 10:0:0:0: Attached scsi generic sg0 type 0

[17227952.272000] usb-storage: device scan complete

Usually under ubuntu it automatically mounts them for me and places an icon on the desktop but not any more. Hummmmmm strange. But its about time for work so I will work on this when I get home tonight. Thanks for the help though.

Link to comment
Share on other sites
gameman733 Newbie

gameman733

Posted
Posted

It would be good for social engineering.

btw, if that hex is at the beginning the disk (not the partition), thats not where the bit is (assuming my pendrive works).

something i did find however, on the diskprobe program that maxdamage mentioned, there is a "media flag" option under fat and ntfs boot sectors. Its really odd though, hard drives are B(something, i dont remember, at school atm) and my pendrive is set to F9 (again, i think). Setting it to whatever the Hard drives are just throws FAT out of format, and gets reset during a format.

Link to comment
Share on other sites
Jester Newbie

Jester

Posted
Posted

That is exactly what happens. You change the first EB into an AB which just messes you the format in Windows. Then when you click on the drive and it tells you to format it when you do so it changes the AB back into an EB. I think there is another thing in there that needs to be changed so that you can format it to NTFS.

Link to comment
Share on other sites
SomeoneE1se Newbie

SomeoneE1se

Posted
Posted

I think it's just the drive.. becasue the drive that "works" ie can change into a HD well I have like 3 of them and if I Right click > format NTFS was always an option and it turned it into a HD when I did format one into NTFS...

I would say open a U3 and try and copy over the full Hex of the drive and see if that would turn the new Drive into a U3 drive (I would guess it would need to be the same size) and see if that turns it into a U3 drive if not it might be a hardware 'mod' that makes it a U3

Link to comment
Share on other sites
amish Newbie

amish

Posted
Posted

Ok so i think i found a soloution to this problem

Bascially from what ive read and heard in windows, you can make 2 partitions on a usb memorystick, edit the first to pretend its a CD drive and boom it works. When you plug it into windows, windows only recognises the CD drive and dosnt want to mount the actual memorystick.

So heres my idea.

I jsut found out that theres a command in windwos called "rsm" which works with removable media, in there theres a command called mount. So When the cd drive partition is mounted it shoudl autorun a payload which mounts the actual USB.

Just an idea.

here my dump for interest.

C:Documents and SettingsAmish>rsm



RSM [ALLOCATE | DEALLOCATE |  MOUNT | DISMOUNT | EJECT | EJECTATAPI |

      CREATEPOOL | DELETEPOOL | VIEW | REFRESH | INVENTORY]



The command line is case insensitive, except when you refer to Media

Objects (including media, drives, changers, libraries, media types, slots)

by their friendly names.

The arguments for a command may be specified in any order.

All commands return an error code - success, a system defined error

code or one of the application defined error codes shown below:

                536870913: Invalid Arguments

                536870914: Duplicate Arguments

                536870915: No Guid For Friendly Name

                536870916: Insufficient Arguments

                536870917: Invalid Guid

                536870918: Ioctl Failed

There should be no spaces between a tag and the actual argument. For

example, for the timeout option in allocate, the timeout is specified

as /t50 and not /t 50.

See Start->Help (search for "Using the command line for Removable

Storage") for more details.



C:Documents and SettingsAmish>rsm mount /?



Mount a specified piece of media.



RSM MOUNT

 /L[G|F]<LogicalMediaID> | /P[G|F]<PartitionID> |

   [/S[G|F]<SlotID> /C[G|F]<ChangerID>]

 [/D[G|F]<DriveID>]

 /O[ERRUNAVAIL|DRIVE|READ|WRITE|OFFLINE]

 [/R[NORMAL|HIGH|LOW|HIGHEST|LOWEST]]

 [/T<timeout>]



The /[L|P|S|C|D]G option should be used when the LogicalMediaID,

PartitionID, SlotID, ChangerID or DriveID is supplied as a GUID.



The /[L|P|S|C|D]F option should be used when the LogicalMediaID,

PartitionID, SlotID, ChangerID or DriveID is supplied as a friendly

name.



/O options:  More than one may be specified by using the

             switch repeatedly. Only one of the following can be used.

ERRUNAVAIL:  The mount request will generate an error if either the

             media or the drive is not available.

READ:        Mount for read access.

WRITE:       Mount for write access. If this option is selected

             completed media will not be mounted.

DRIVE:       To be specified if drive guid or name is provided.

OFFLINE:     Error is returned if media is not on-line. If this option

             is not used then operator request is queued.



/T Timeout:  Specifies a timeout in milliseconds. Default is INFINITE



/R Priority: Default priority is NORMAL.



C:Documents and SettingsAmish>

Link to comment
Share on other sites
cooper Newbie

cooper

Posted
Posted

Okay, time for me to ask yet another really dumb question.

Why is the U3 partition write-protected?

Yeah, it emulates a CDROM, but you can write to those too with the right software. Does autorun only work on CDs, or does it work on, say, floppies aswell?

Link to comment
Share on other sites
a5an0 Newbie

a5an0

Posted
Posted

hmmm... my real probem atm is that it works beautifly under linux, but I get the "format disk" problem that everyone else is getting. There must be some kind of flag in that first partition to say "hey, theres another partition on here!"

......thus, the magic smoke

Link to comment
Share on other sites
moonlit Newbie

moonlit

Posted
Posted
CDFS is a ROM based file system. IIRC, linux wont even write to mounted ISO files.

IIRC there's something in the format that makes writing to the FAT and TOC awkward or something, this is why it's a lot harder to edit iSOs than it is to create them from scratch...

Unless you use packet writing software which works on real CDs but I don't really know much about how that works...

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...