[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Media Write Protection / Crypto Devices / BadUSB - #OpenFabs #OpenHW



>> There is never "no" disk, just a matter of which ones
>> are plugged into the box, physically, or remotely.

> using USB

... is using an attached disk, ie: a read-write [block device],
that can be trivially written to by / through the kernel driver
interfaces or in the raw. Unless it has a hardware write protect
that is enabled.

> But write-once CDs are pretty safe, I think. No?

In customary use, probably, far more than any of the formerly
mentioned non hardware write protectable devices.

To be sure you'd need to use it in a old drive that has no
writing capability, or a writer that had its writing physically
disabled.

Yet there's probably not really a thing as hardware
write once optical...

There's a spinning layer of stuff with a laser pointing at it,
and a firmware blob deciding to tell it to fire.
There's no hardware write protect for the laser enable, or the
firmware, and the firmware is clearly hackable and flashable by
the user, hacked, or backdoor commanded system. That's enough
to burn down unburnt bits on the media causing instruction /
addressing / data changes, extending capacity by raw appending
or extra sessions, etc.
Last thing needed is laser sync into pre existing track
(possibly using servo tracks) for the burn down / append /
additional sessions. Totally forget all of little about the media
and laser controller there so you'd have to research what the
laser servo mech uses to do something useful.

Under attack, optical is probably not as "write once" as people
might think, let alone as random / corruptive scribble proof.

Exploiting optical would be worth a big pile of Defcon / CCC
lulz for anyone who can demo a POC of it.

Explore it :)