Jump to content

RobertLJones

Members
  • Posts

    4
  • Joined

  • Last visited

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

RobertLJones's Achievements

Newbie

Newbie (1/14)

  1. If you are using a U3 drive, you will be unable to format the CD portion with any conventional utility. As far as the O/S is concerned, that parttion is read only. You would need something U3 specific to accomplish this, which may be possible through the DAPI. If you'd just like to wipe the data in software, use the DAPI (U3 SDK) to set a password, then set a new password. This sequence causes the flash controller to wipe all the data.
  2. There are no reported flaws in the U3 password protection. The U3 software will hash the password, and use the U3 Secure Extensions to send it to device. The device will compare, and only enable the alternate partition if it matches. - Attempting to reset the password will erase all data stored on the device. - The device will not allow increasing the size of the CD portion while it is password protected For most devices, you can either desolder the SMT flash chips and use a conventional flash reader or use a vampire-clip arrangement. Some devices, typically the lower end versions from companies that offer enterprise solutions, the data on the flash is encrypted, even though that is not advertised. Sandisk does this in some of their models. The method for determining AES keys per block is not public, and has possible weaknesses, although it would be computationally infeasible to use those at this point.
  3. Does anyone have a complete list of the usb chipset extensions for U3, or a pointer to the U3 HDK documentation? I believe with U3 being replaced by a new joint Sandisk-Microsoft agreement, that there is no longer any path to officially obtain this documentation. U3 adds a number of extensions to the SCSI protocol. These are typically accessed, as per my previous post, using SCSI PASSTHRU to the device itself. These commands allow repartitioning of the device, setting and clearing the password protection, setting and retrieving "cookies", and some informational commands. There are also some surprising commands, such as one which returns an apparent source of high entropy random data. My list is unfortunately incomplete, because some of these commands have non-obvious parameters which are difficult to figure out through automated approaches. so I am searching for the command-set reference from the U3 Hardware Development Kit, with hopes that someone here might have access to it. Thanks in advance.
  4. Having noticed the customizer that is featured in this forum, I would be delighted if some helpful soul would have the list of commands that are required for USB controllers in order to be U3 compliant. These commands typically start with FF, which appears to not be allocated by T10. An example is CDB: FF A2 , writing 20 bytes of data, first 4 are recommended to be 0. Of particular puzzlement is that neither FF 41 nor FF 43 is the complement of FF 42.
×
×
  • Create New...