[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Media Write Protection / Crypto Devices / BadUSB - #OpenFabs #OpenHW



On 10/13/2018 10:50 PM, grarpamp wrote:

<SNIP>

>> But write-once CDs are pretty safe, I think. No?
> 
> In customary use, probably, far more than any of the formerly
> mentioned non hardware write protectable devices.
> 
> To be sure you'd need to use it in a old drive that has no
> writing capability, or a writer that had its writing physically
> disabled.

Yeah, good point. But hey, they're probably about free on eBay.

> Yet there's probably not really a thing as hardware
> write once optical...

Right. I'd forgotten about multisession recording on CD-R:[0]

| With multisession-capable recording software, you can reuse
| a partially used CD-R by creating a new session on the remaining
| blank space of the disc. When you do so, however, the previous
| sessions become inaccessible. Only the last session on the disc
| can be read. This might be useful if you back up a small number
| of files every day and you don’t need the previous day’s backups
| after you have made today’s copy. You could use the same CD
| several times and always have access to the most recent copies.

That in itself wouldn't be very useful for a system running from the
CD-R, because it would nuke itself by doing multisession recording.

But ...

> There's a spinning layer of stuff with a laser pointing at it,
> and a firmware blob deciding to tell it to fire.
> There's no hardware write protect for the laser enable, or the
> firmware, and the firmware is clearly hackable and flashable by
> the user, hacked, or backdoor commanded system. That's enough
> to burn down unburnt bits on the media causing instruction /
> addressing / data changes, extending capacity by raw appending
> or extra sessions, etc.

So yeah, stuff could probably be written. Maybe it'd help to use all
disk capacity when writing, by appending random-data file(s) at the end
of the write. But ...

> Last thing needed is laser sync into pre existing track
> (possibly using servo tracks) for the burn down / append /
> additional sessions. Totally forget all of little about the media
> and laser controller there so you'd have to research what the
> laser servo mech uses to do something useful.

That's over my head. Maybe there are gaps in tracks, which could be used
to store new data. Or maybe it's possible to write slightly off track,
without hosing existing data. I have no clue.

> Under attack, optical is probably not as "write once" as people
> might think, let alone as random / corruptive scribble proof.

Those are good points. So what? Paper tape, in a reader that can't punch
holes? But seriously, using CD readers with wimpy lasers that can't
alter the disks is probably best.

> Exploiting optical would be worth a big pile of Defcon / CCC
> lulz for anyone who can demo a POC of it.
> 
> Explore it :)

:)

0) https://www.techrepublic.com/article/all-about-cd-r-and-cd-rw/