0

Is there a way to store data on a USB file in a way that the OS cannot read it with the standard methods? I was thinking maybe with an uncommon filesystem, but then I 'd probably have to implement the IO myself, which sounds like a huge work. Another idea would be to access the disk sectors in a low level way and store data in an incompatible way? But I do not know where to begin. For the record, I am using VB.NET.

Thank you,

John

EDIT: Regarding the VALID security concerns you have raised: I agree, but please assume that, all I need to do for the scope of my project, is to simply hinder the average and slightly advanced user. NOT the expert. Thank you for raising the security issue, but it can be safely ignored on this particular case.

johnjohn
  • 4,221
  • 7
  • 36
  • 46
  • 1
    Just curious, what are you trying to achieve with this "hidden" file? – The_Black_Smurf Apr 01 '11 at 17:37
  • @SimonBesner: A prototype reloadable "credit" system based on usb drives. – johnjohn Apr 01 '11 at 17:41
  • 1
    If you can hide the file, somebody else can find it. – Jim Mischel Apr 01 '11 at 17:44
  • @Jim Mischel: Yes, but the scope for this project is not to achieve absolute security. – johnjohn Apr 01 '11 at 17:47
  • @johnjohn, it sounds like you have major security issues (which have already been pointed out), but assuming you get this to work, what would prevent a replay attack? (that is, somebody could make a byte-for-byte copy of your USB drive and gain access to someone else's credits) – mpontillo Apr 01 '11 at 18:20
  • @Mike: Nothing would stop a dd copy, but for the extremely limited scope of this test project, it is an acceptable thing. – johnjohn Apr 01 '11 at 18:38
  • 1
    Have you considered using TrueCrypt? It can put a volume within a volume, so that when you unlock one, the internal volume is still secure. http://www.truecrypt.org/ – Brad Apr 01 '11 at 19:52

1 Answers1

1

Essentially what you are asking for is almost a rootkit. I don't think this is a path you want to go down.

You could repartition the drive so that it has a 2nd partition you could do raw I/O to, but that doesn't provide any real security. (and it would make your software unnecessarily complex.) So, why not simply mark them readonly + hidden + system and add your real security by other means?

You will have considerable security problems trying to do this, as others have already pointed out. Things to consider:

  • Replay attacks (someone copying the drive byte-for-byte - which is very easy to do by the way)
  • Someone finding the file and modifying it (it should be validated using a third-party digital signature known only to your program - and your program must somehow secure its private key)
mpontillo
  • 13,559
  • 7
  • 62
  • 90
  • Please do not focus on the security concerns, this is just to hinder trivial copy/paste using the OS 's functionality. Strong security is NOT an issue on this particular thing. I am interested in the idea of a second partition on which I could do raw I/O. Could you please point me to some resource on how to do that (i have no idea :o)? Regarding the " readonly + hidden + system", this would be my alternative if I fail to do otherwise. But since it 's easily reversed by a single OS command, I 'd like to avoid it. – johnjohn Apr 01 '11 at 18:33
  • @johnjohn, it doesn't seem to be very straightforward on Windows, but I found some clues [here](http://support.microsoft.com/kb/100027) and [here](http://stackoverflow.com/questions/2443554). The basic idea is that you should be able to open a virtual device file for the partition you care about and read/write it like it's a file. Obviously you have to be very careful doing this, because you have to run as an administrator, and if you get the wrong device file you've likely just screwed up one of your real filesystems. ;-) – mpontillo Apr 01 '11 at 19:00
  • @johnjohn if any OS can access your USB in any fashion you can dump the memory space it represents with a single or a few commands. If the user is advanced enough to find hidden+system files I would think quite a few of them are sufficiently versed to dump the bytes from the USB as well – Rune FS Apr 01 '11 at 19:42