Silk Road forums
Discussion => Security => Topic started by: astor on December 31, 2012, 10:17 am
-
This talk from the recently held 29C3 has a lot of interesting content.
http://mirror.fem-net.de/CCC/29C3/mp4-h264-HQ/29c3-5327-en-writing_a_thumbdrive_from_scratch_h264.mp4 [281 MB]
Prototyping Active Disk Antiforensics
This action-packed lecture presents the inner workings of the author's from-scratch implementation of a USB Mass Storage disk in user-land Python, along with some embarrassing bugs in operating systems that support such disks. The lecture concludes with an introduction to Active Antiforensics, in which a thumbdrive's own firmware can recognize and defend itself against disk imaging and other forensic tools.
USB is a lovely little conduit into the deepest parts of the kernel. Drivers are made to speak complicated protocols in hastily written C, leaving a goldmine of bugs and unexplored behaviors for a crafty attacker to exploit.
This lecture will show how a USB Mass Storage device was implemented from scratch in user-land Python for the Facedancer board. Along the way, we'll take a look at how to abuse a number of bugs in kernels, automounters, filesystems, and forensic utilities, all of which are easily confused.
As an example application of these techniques, the culmination of this lecture presents a prototype disk that actively resists forensics, wiping itself to an innocent state whenever it detects disk imaging, undeletes, access by the wrong operating system, or the presence a write blocker.