From idea to gadget. The path of "Samurai" in Russia
Hello!
Probably everyone ran the idea to develop some kind of "device". For example, a coffee maker on Linux or IRobot which not only vacuums, but also cuts the grass at the cottage and collects socks around the room.
We decided to tell how from the idea of ​​creating a device we reached its mass production in Russia.
As it was since ancient times in Russia: “Until the rooster bites, the peasant will not cross himself.” So once lost a flash drive, which had very important data. And from their ascent, customers, partners and the image of the company of the carrier of the flash drive could suffer. And we were asked to develop the most protected flash drive.
At that time, there were no foreign analogs, and if there was something similar, then there is no confidence in such a device in Russia.
And brainstorming started:
')
Password
A flash drive is lying on the table in the office, in the locker in the gym. Anyone can come up and quickly copy data from it. For example, pocket duplicator
The password must be entered from the body. Since it is impossible to intercept keyloggers, and the virtual keyboard will not start on all operating systems.
And what is abroad:
There is a cross-platform java-applet in the bootloader. When plugging into USB in Windows and MacOS, autorun launches a java applet and a virtual keyboard appears. In general, all good cons, that does not always run. Yes, and any modern Trojan steals such passwords, making a screenshot around the cursor during the click. For example such a "cajamurcia" (video)
Password Lock Protection
Well, here we do more than 5 incorrect password entries and data is destroyed. The password is stored in the microcontroller, which already allows or denies access to NAND-memory.
And what is abroad:
There is a line of standard ATMEL ATSAM3U microcontrollers. It is them that are used in most flash media and the password is a standard feature. If the password is entered incorrectly, the controller blocks access to the memory, and does not remove the information from there. Than it is terrible we watch point 4.
I want another password! Password under duress
What to do if the flash drive in the hands of the enemy and you are forced to say the password. And you understand that “thermorectal cryptanalysis” before the 5th incorrectly entered password you will not survive. Need a password under duress, entering which is the removal of information.
And what is abroad:
There are very few experts in thermorectal cryptanalysis. And this is not provided in flash drives.
Password traversal
And what if the enemy, knowing about these passwords, simply disassemble it and get access to the memory directly? For example, a special flash reader .
Hmmm ... then everything is encrypted.
And what is abroad:
Many of these sin there, not speaking of this workaround. So if a flash drive without encryption, then a penny to her price. Serious data on it can not be worn, even home-video!
Deletion
Recovery
"You go or checkered"
Immediately it is necessary to understand that if somehow you can restore the information, then attackers will take advantage of this. By this we dismiss this possibility.
And what is abroad:
Everything is very interesting there. Different solutions still have a universal password. Only there they call it "service". Those. You can come with a flash drive and convince them that you bought it, and all the information you will open.
There are also strange solutions - when adding files to a USB flash drive, it is synchronized with the cloud storage and stores all the data there. In which computer was the flash drive inserted, what files were added and their copy etc. Also, when contacting the service, you will recover the data.
Reusability
You can delete information by destroying the carrier itself (burn, blow up, melt with chemicals, etc.). But wearing a piece of explosives in your pants pocket ... not all boys are hesitant. Chemistry can spread, etc. So this decision is dangerous.
And I would not want to buy a disposable flash drive for a lot of money. Yes, and how to check it?
There are similar disposable flash drives on the market.
To the question: "How to check its performance?"
Manufacturers answered me: “Buy 5pcs. Run 3pcs and you will see that the remaining 2 pieces work! ”
Bad sectors and multiple formatting
Many people know that flash-media (SSD drives, SD-cards, usb flash) always has backup memory for bad sectors. For example, a flash drive in 8 GB, and a chip at 12 GB. The remaining 4GB begin to be used when a sector begins to fail. There, information is simply transferred from the suspicious sector to the normal one, and is blocked from harm's way.
It turns out that if you repeatedly format a USB flash drive or SSD disk, there will still be pieces of information there. access to them is already closed. But with the same pc-3000flash this is all read with a bang.
Autonomy
A flash drive is a mobile device and the destruction must also be mobile. It was decided to install a 12V battery in the device.
Encryption
Well, if we already encrypt everything, then we will use this. First of all, we will delete the encryption keys, and then send commands to the flash drive to wipe the sectors.
Encryption keys are in the memory of the controller, and you can not get them. You can only reset and generate new ones.
That was such an idea! In the following articles I will talk about production design, case production and in general the practical side of the issue.
There will be quite a lot of difficulties regarding this in several articles.
Now we are already producing protected flash drives under the Samurai brand samurai24.com and are in the Strogino techno park.
PS: This is our first article if something is wrong, we will try to improve the quality of articles.
Sources:
Data Recovery from Flash Drives
Pocket duplicator
Keyloger virtual keyboard
USB flash drive with password
Probably everyone ran the idea to develop some kind of "device". For example, a coffee maker on Linux or IRobot which not only vacuums, but also cuts the grass at the cottage and collects socks around the room.We decided to tell how from the idea of ​​creating a device we reached its mass production in Russia.
As it was since ancient times in Russia: “Until the rooster bites, the peasant will not cross himself.” So once lost a flash drive, which had very important data. And from their ascent, customers, partners and the image of the company of the carrier of the flash drive could suffer. And we were asked to develop the most protected flash drive.
At that time, there were no foreign analogs, and if there was something similar, then there is no confidence in such a device in Russia.
And brainstorming started:
')
Password
A flash drive is lying on the table in the office, in the locker in the gym. Anyone can come up and quickly copy data from it. For example, pocket duplicator
The password must be entered from the body. Since it is impossible to intercept keyloggers, and the virtual keyboard will not start on all operating systems.
And what is abroad:
There is a cross-platform java-applet in the bootloader. When plugging into USB in Windows and MacOS, autorun launches a java applet and a virtual keyboard appears. In general, all good cons, that does not always run. Yes, and any modern Trojan steals such passwords, making a screenshot around the cursor during the click. For example such a "cajamurcia" (video)
Password Lock Protection
Well, here we do more than 5 incorrect password entries and data is destroyed. The password is stored in the microcontroller, which already allows or denies access to NAND-memory.
And what is abroad:
There is a line of standard ATMEL ATSAM3U microcontrollers. It is them that are used in most flash media and the password is a standard feature. If the password is entered incorrectly, the controller blocks access to the memory, and does not remove the information from there. Than it is terrible we watch point 4.
I want another password! Password under duress
What to do if the flash drive in the hands of the enemy and you are forced to say the password. And you understand that “thermorectal cryptanalysis” before the 5th incorrectly entered password you will not survive. Need a password under duress, entering which is the removal of information.
And what is abroad:
There are very few experts in thermorectal cryptanalysis. And this is not provided in flash drives.
Password traversal
And what if the enemy, knowing about these passwords, simply disassemble it and get access to the memory directly? For example, a special flash reader .
Hmmm ... then everything is encrypted.
And what is abroad:
Many of these sin there, not speaking of this workaround. So if a flash drive without encryption, then a penny to her price. Serious data on it can not be worn, even home-video!
Deletion
Recovery
"You go or checkered"
Immediately it is necessary to understand that if somehow you can restore the information, then attackers will take advantage of this. By this we dismiss this possibility.
And what is abroad:
Everything is very interesting there. Different solutions still have a universal password. Only there they call it "service". Those. You can come with a flash drive and convince them that you bought it, and all the information you will open.
There are also strange solutions - when adding files to a USB flash drive, it is synchronized with the cloud storage and stores all the data there. In which computer was the flash drive inserted, what files were added and their copy etc. Also, when contacting the service, you will recover the data.
Reusability
You can delete information by destroying the carrier itself (burn, blow up, melt with chemicals, etc.). But wearing a piece of explosives in your pants pocket ... not all boys are hesitant. Chemistry can spread, etc. So this decision is dangerous.
And I would not want to buy a disposable flash drive for a lot of money. Yes, and how to check it?
There are similar disposable flash drives on the market.
To the question: "How to check its performance?"
Manufacturers answered me: “Buy 5pcs. Run 3pcs and you will see that the remaining 2 pieces work! ”
Bad sectors and multiple formatting
Many people know that flash-media (SSD drives, SD-cards, usb flash) always has backup memory for bad sectors. For example, a flash drive in 8 GB, and a chip at 12 GB. The remaining 4GB begin to be used when a sector begins to fail. There, information is simply transferred from the suspicious sector to the normal one, and is blocked from harm's way.
It turns out that if you repeatedly format a USB flash drive or SSD disk, there will still be pieces of information there. access to them is already closed. But with the same pc-3000flash this is all read with a bang.
Autonomy
A flash drive is a mobile device and the destruction must also be mobile. It was decided to install a 12V battery in the device.
Encryption
Well, if we already encrypt everything, then we will use this. First of all, we will delete the encryption keys, and then send commands to the flash drive to wipe the sectors.
Encryption keys are in the memory of the controller, and you can not get them. You can only reset and generate new ones.
That was such an idea! In the following articles I will talk about production design, case production and in general the practical side of the issue.
There will be quite a lot of difficulties regarding this in several articles.
Now we are already producing protected flash drives under the Samurai brand samurai24.com and are in the Strogino techno park.
PS: This is our first article if something is wrong, we will try to improve the quality of articles.
Sources:
Data Recovery from Flash Drives
Pocket duplicator
Keyloger virtual keyboard
USB flash drive with password
Source: https://habr.com/ru/post/155949/
All Articles