Fuzzing is a method of testing with automated software which provides invalid, unexpected, and random data as inputs to a computer program. The testing program then monitors for crashes, assertions and potential memory leaks.
A research team based from Purdue University came up with USBFuzz, which pushes enormous amounts of random data through the USB bus of a system. Hui Peng and Mathias payer (from the Swiss Federal Institute of Tech) came up with the idea and program.
Please don’t lose any sleep over the bugs found.
Peng and Mathias found one bug in FreeBSD, three in MacOS (two resulting in an unplanned reboot and one freezing the system), four in Windows 8 and Windows 10 (resulting in Blue Screens of Death) and the vast majority of bugs, in Linux — 18 in total.
Of all these bugs, Windows users do not need to worry, they have been fixed. Of the 18 found in Linux, 16 of them have been corrected already. Those correct where major security flaws.
What we like about the USBFuzz is the underlying theme to improve the security of the USB platform and continued improvement. We also like USBFuzz becoming an open source bit of code that everyone may use to strengthen thier USB product. The team will release a version on GitHub later this year, 2020.
Came across an article today, which I thought was a very good read. It’s a niche article, but for anyone who deals with flash drives, I would suggest checking it out.
From the article:
The optical drive is nearly dead – they are no longer found in laptops and rarely found in tower PCs. With that said, the trend for giving out data is shifting to USB flash, not CD or DVD media. Because of this shift, many companies are taking a closer look at buying a USB duplicator.
There are several factors one must consider before spending thousands of dollars on a USB duplicator. We have broken down the most important considerations into four categories. After reviewing these four categories, you should have an excellent idea of which type of duplicator is best for your organization.
USB Duplication Speed
Speed is the first area you should analyze to figure out which direction you should go. When considering speed, we are not simply talking about the copy speed of the USB duplicator, but other factors as well, such as number of USB sockets and the user interface required for feedback during operation. Questions you should ask, include:
# How many USB drives will you need to copy in a day or week?
# How large is the data load in MBs or GBs?
# What kind of turn-around time do you have between a duplication request and when that request should be completed?
# Is there printing, or branding required, on the outside of the USB?
# Do you need proof of performance via a log file?
Answering the above questions will give you an idea of what type of USB duplicator to consider. The type of duplicator will be size, how many USB sockets, copy speed of the duplicator and what type of software, if any, your organization will need.
Your Production Crew
Your next step is to consider the production crew who will be running the equipment. Will there be non-technical people running the equipment, or will a more hands-on approach be required? Is the IT department looking to restrict user access to the equipment or restrict access to the data content during the duplication process?
Much of the above depends on how the data is received before copied to the USB flash drive. For example, a duplication company might receive a physical master from a client; where-as a fulfillment house may get content delivered from a server from an on-line order submission process.
Will the organization require multiple USB duplicators located in different parts of the world? Said another way, many global companies standardize on one manufacturer so the user experience is the same across multiple locations. This also makes production easier as both support and experience can be shared between divisions to streamline processes on a global scale.
Knowing the production crew, their capabilities and responsibilities will help narrow the search for the right piece of equipment.
Read-Only or Read-Write
The third category worth investigating is asking the state of what the USB should be once sent delivered. Is the organization looking to ship out a read-only flash drive? By default all flash drives are read-write. Because of this, many organizations fear a virus could jump onto the drive and spreading to other computers. With that fear in mind, most companies are looking for a USB duplicator which creates a read-only drive product. This means the USB drive is locked, or write protected. The files cannot be deleted or formatted off the drive, and more importantly, files cannot jump onto the drive.
Nexcopy is world leader in read-only flash drive duplicators and therefore used as an example of a duplicator system worth considering.
From this article, the Raspberry Pi 4’s USB-C power port was designed outside of official USB-IF specifications, making it incompatible with many USB-C chargers and/or power supplies. You can read more about from the link above and the information gathered to come to such a conclusion was done by a well known Google engineer, Benson Leung.
The raspberry Pi is a collection of small computer boards put together in a simplistic way to create the foundation of a computer system. The Raspberry Pi (also known as RPi) was released back in Feb of 2012 in the United Kingdom. The original intent of the RPi was to develop a low cost and simplistic computer which students could learn and develop.
The original model became far more popular than anticipated, and started selling outside its target market for uses such as robotics. It does not include peripherals (such as keyboards and mice) or even come inside a case. Literally a bare-bones product.
To give you an idea of the popularity, the RPi products have sold over 19 million units between its release in 2012 to the end of fiscal year 2018. This makes the RPi one of the best-selling computers in the world, although a computer with limited resources. Until now.
This week the Raspberry Pi Foundation has released the Pi 4. This is one hell of a great product. Check out these specifications:
A 1.5GHz quad-core 64-bit ARM Cortex-A72 CPU (~3× performance)
1GB, 2GB, or 4GB of LPDDR4 SDRAM
Full-throughput Gigabit Ethernet
Dual-band 802.11ac wireless networking
Two USB 3.0 and two USB 2.0 ports
Dual monitor support, at resolutions up to 4K
VideoCore VI graphics, supporting OpenGL ES 3.x
4Kp60 hardware decode of HEVC video
Complete compatibility with earlier Raspberry Pi products
In addition to the hardware improvements, the Raspberry Pi Foundation says
I won’t claim to be a science expert, but found this article very interesting about a DNA Reader just a little larger than a USB drive.
For years, Illumina Technology has the lead in genome sequencing. Their gear is good and from what I understand their gear is expensive. The MinION (from Oxford Nanopore ) is an inexpensive alternative with some great upsides.
The DNA sequencer is just over $1,000 at the time of this post. Traditionally, a DNA sequencer could only read about 200 basis. A “basis” is a nucleobasis which is a collection of biologicial compounds that make up the basic building blocks of nucleic acid… or DNA.
The MinION is impressive with the ability to read 900,000 basis. Also called “long reads.” With the long reads you get a better idea of the compounds making up the DNA. Although the longer reads are not as accurate as short reads, the trade-off isn’t bad. The amount of time and effort to construct a long read from a collection of short reads is considerable. The less accurate long reads from MinION and not that far off base, thus a bit of a break through.
It is simply amazing that 15 years ago the human genome was a global effort, yet today it can be done in a device no larger than a flash drive.
For those into home-brew programming projects, its easy to make a microcontroller spit out some Morse code with the post shown below. What makes [pavlinâ€™s] take on this project interesting is that it resides on a tiny USB board with an ARM processor. The design for the board is available with single-sided artwork suitable for production using simple methods like toner transfer.
The STM device has a built-in USB bootloader. It can also act as a serial port, which makes the project very simple and a bit more flexible. The only external parts are a speaker and an opt-oisolator.
The program provides a command line interface over the serial port that you can use to program the message and set other options like speed and the delay between messages.
Smartronix has a USB power monitor and it’s ideal for those who want to regulate what power is coming from a USB device.Â Most notably would be the ability to test power from a suspect defective drive or gadget.Â With so many useless USB toys made in cheap factories over seas, one can get a product which plays havoc with your system.Â Most problems always come from power.
Granted the power meter probably takes more juice then any USB power gadget your testing, but again, this is designed for the hobbyist or guy troubleshooting some gear.
This is also a good device to test products which claim to fall into the USB-IF specification for a USB device, something like this USB power meter could help prove your case against an overseas supplier who’s not fessing up to their poor quality work.Â (can you tell we’ve ran into this problem on multiple occasions !)
Too bad it doesn’t measure calories, otherwise we’d find out just how hard that USB humping dog is really working.
Smartronix webstore, vai Gadgeteer.
USB 1.1 and USB 2.0 compatible
Large, easy to read LCD
Measures current in either direction (Host>Device or Device>Host
Batteries and USB Cable included
Maximum Voltage Reading +/- 19.99 Volts
Voltage Reading Accuracy: +/- 0.1 volt from -10V to 10V; 5% from 10.01V to 19.99V; 5% from -10.01V to -19.99V
Maximum Current Reading +/- 1999 mA
Current Reading Accuracy: +/- 2mA from -500mA to 500mA; 5% from 501mA to 1999mA; 5% from -501mA to -1999mA
If you are looking to read the CID number of an SD card, or extract the CID off an SD card then you’ve find this article very helpful. Some also call this “reading the PSN off the SD card” or reading the product serial number off the SD card.
Most phones and much of the software on phones will lock in to the CID number of a SD card. The CID number is a unique card identifier number that is unique to the card itself. The CID number is valuable because software developers and hardware developers can lock software to the unique number of the device thus eliminating the ability to pass along licensed software.
Reading the CID number from an SD card is not an easy task. It requires specific access codes to the index table of the memory card, and unless you know how to use the SD chipset of your card reader, chances are you wont get the number…or least the correct and accurate number.
What is the CID number of an SD card?
The CID register is 16 bytes long and contains a unique card identification number. It is programmed during card manufacturing and cannot be changed by SD Card hosts. The CID number is a compilation of information about the card, such as manufacturer, date manufactured, checksum total, GB size and more. Below is a table outlining all the items which make up the SD CID number.
So with all this said, how do you read the CID number from an SD card? As we’ve mentioned it isn’t easy and it’s [more or less] hardware based. If you do enough searching on the internet you’ll find some home-brew code to read the CID numbers, but that’s only if you have the SD card or microSD card connected via an IDE bus to your host computer. This isn’t easy for everyone. There is clear evidence that using a USB to SD card reader will not get you the information you require, or at least accurate and correct information. Meaning most times the CID number generated is actually the serial number of the card reader itself, not the CID number of a specific SD card.
In addition, what if you are required to read the CID number off SD media in bulk? A single, one-at-a-time solution is not practical.
In my search to read the CID number from SD media, I cam across Nexcopy – a manufacturer of USB duplicator equipment and other flash memory equipment. Several models they carry are SD duplicators and microSD duplicators. With the secure digital duplicators part of their feature set includes reading CID numbers from SD media. The equipment can ready 20 cards at a time, 40 cards at a time, or 60 cards at a time, depending on the model. The duplicators will read the CID number and exported to a .csv file for import into other business functions. This configuration makes it quick and easy to obtain the CID number. Granted, the equipment is not designed for single use operation, but rather reading the CID of SD media in bulk quantity. Here is a screenshot of Nexcopy’s software reading 20 CID numbers:
I didn’t contact Nexcopy Incorporated for pricing of the equipment, but doing a quick search for the equipment shows me a price of about $1k for the smallest 20 target system and $3k for the largest, 60 target system.
Microsoft has made available a new version of “Defender” to ride infected computers of malware, including rootkits which highjack your boot process and corrupt your computer.
The “Defender Offline Beta” is available from Microsoft for free [here] and does require updates as virus definitions are always changing.
Definitions are files that provide an encyclopedia of potential software threats. Because new threats appear daily, it’s important to always have the most up-to-date definitions installed in Windows Defender Offline Beta. Armed with definition files, Windows Defender Offline Beta can detect malicious and potentially unwanted software, and then notify you of the risks.
The Redmond company suggests you make a USB drive with the Defender Offline Beta software from a PC which is not infected.Â Doing so on a corrupted computer could interfere with the USB and yield the Microsoft tool useless.
To use Windows Defender Offline Beta, you need to follow four basic steps:
Whether you are a serious musician or just like playing as a hobby to relax, chances are you have a guitar and a tuner.Â As with most musicians your budget is probably tight or with the casual player you don’t keep up on the up-keep of your gear, so when your guitar is out of tune, you go for the tuner.Â But most likely the battery is dead because A) you didn’t want to spend the cash or B) hadn’t played in so long, the batteries just went dead.Â This is why the solar powered guitar tuner makes perfect sense.
Tascam has done a great job with this tuner and thought about including a USB port just in case that tuner was stuffed in your guitar case for too long and you need a quick fix to get back in tune.
Released just in time for the holidays and priced right [under $20] with a range of hues to select from: black, pink, orange, green, blue, white.
Several years ago, I reported on a USB wifi extender in parabolic form.Â Now, we’ve got a slimmed down version using an empty food can and your USB wifi dongle.
It’s not the prettiest thing, but it works and will boost your signal strength enough to grab the channel from your neighbor who’s barely showing up in your wireless network.
Plus this hack gives you adjustable control both up and down, and left and right.
The concept here is getting the can to increase your signal.Â In addition, mounting the can and USB wifi dongle to a portable camera stand.Â This will give you the stability you need to keep the signal strength strong while in use.Â It will also allow you to keep the position for use from day to day.
Review:Â USB Benchmark software by USB Performance.
USB Performance has a nice USB benchmark testing program with lots of features besides read / write tests.
The USB performance testing software gives you the option to test at a File Copy level or a Bit for Bit copy level.Â The difference with the File Copy is the process includes reading from the File Allocation Table [FAT] and thus slows down the process.Â The bit for bit read/write tests will show the best possible performance your device will be able to obtain.
Included in the USB benchmark software are some bonus features such as file recovery.
We all know with flash memory once you click delete, it’s gone forever.Â Well the USB Performance software will recover those deleted files.Â OR maybe you’ve lost data with a system Blue Screen or hardware crash, again the USB recovery feature should be able to restore those lost files.
Another nice feature is the backup function.Â The backup function will create a single image file on your PC.Â You can restore or backup the image file at any time.Â This nice thing about a single image file [rather than copying all the
Have you ever thrown your hands up in frustration because you simply want to use the Monitor, Keyboard and Mouse of a laptop to access a server or other standalone device?Â I have, but never know what product could help…now I do.
The Portable Laptop KVM Adapter from StarTech is specifically designed to turn your notebook into a portable KVM station.Â Simply connect the adapter between your standalone [or GUIless device] and notebook and you’re off and running.
I would think the biggest market for such a product are large data centers where they need to access any number of servers without a full KVM installation.
â€œAside from a rack mount LCD console, which can be expensive, server administrators and technicians would typically have to use a server room â€˜crash cartâ€™, which is a cart comprised of a keyboard, mouse, and monitor. Although a typical â€˜crash cartâ€™ is somewhat mobile, it lacks the portability of our Laptop KVM Adapter, which provides identical but more convenient controlâ€.
The NOTECONS01 USB 2.0 Laptop KVM Adapter offers immediate BIOS-level access to the connected computer from the laptop control point, as well as the ability to handle full configuration of the attached PC, server, or other headless machines such as ATMs, kiosks and VLTs.