Results 1 to 6 of 6

Thread: [ARTeam-Tool] ARTeam UFD Password Revealer v1.0

  1. #1
    potassium
    Guest

    [ARTeam-Tool] ARTeam UFD Password Revealer v1.0

    I conjunction with my paper on USB Flash drive security I decided to write a tool for password recovery.

    Give it a try Grab it here!

    http://arteam.accessroot.com/releases/
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    potassium
    Guest

    Version 1.1 is out!

    Version 1.1 is now public! Get it here http://arteam.accessroot.com/releases/file_info/download1.php?file=ARTeam_UFD_Password_Revealer_v1_1_by_potassium.rar
    2006-12-17 Version 1.0 Public Release

    2006-12-29 Version 1.1

    * Improved send-receive buffer handling

    Buffers are now blanked and restored prior to read.
    v1.0 caused some UFDs to hang due to erroneous send-buffers.

    * Now displays which method that is used

    Only to provide me with additional information if you run into trouble

    * Improved detection of removable media

    USB-devices such as card-readers etc. are detected as removable media via
    GetDriveType function. To prevent accidental reading from an empty card reader
    slot, which will lead a complete to system lockup, in v1.0 FindFirstFile was used to
    determine whether it was reading from the actual UFD or not. However, if the disc
    is empty it will find no files and the program would abort the reading of password.
    So to prevent this kind of failure, now the drive serial number is read instead as
    this should be present on all drives, empty or not.

    * "Show dump on screen" function added

    In case the password should be present in the dump, but at different offset, an onscreen
    dump is available. Toggled via a checkbox.

    * "Save dump to disc" function added

    The program now creates a HTML document that contains a summary of the
    completed operation. Displays information such as; drive-letter, drive serial number,
    password, method, buffer size, password and the received dump both as ASCII and
    hexadecimal.

    * Status indicator added

    I felt that more detailed output was needed, just in case something goes wrong.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  3. #3

    chip swap...

    enjoyed the paper... on the last device you tried to hack via software, and my natural trend towards hardware, i was wondering if you attempted to remove the "chip" with a "known" password and place it on the device that stores its "unlock" password onboard/in flash... you get the idea... if this worked... then once again "secured" usb devices would show how "un-secure" they really are.

    just wondering...

    Korvak
    who needs sleep... will get all the sleep i need when i am dead...

  4. #4

    Thumbs up

    I assume the password is stored in the "secured" memory area, so you would swap the passwords along with the data you want to access. I'd rather build an interface to dump the content of the memory chip... This should work unless the whole "secured" area is encrypted. Up to now, it usually doesn't seem to get encrypted, probably due to chip costs and/or performance issues.
    Double the killers!

  5. #5
    Super Moderator Shub-nigurrath's Avatar
    Join Date
    May 2004
    Location
    Obscure Kadath
    Posts
    430
    probably a normal passive electromagnetic attack would reveal a lot of things when you enter the correct password or some "correct" chars into the right position.
    Much probably a bruteforce guided by energy consumption patterns would give interesting results.

    I don't think they added whitening or similar tricks to their chips.
    (`._.[*~-.,.-~* ŜħůβŇĝŕřāŧħ ₪*~-.,.-~*]._.)
    There are only 10 types of people in the world: Those who understand binary, and those who don't
    http://www.accessroot.com

  6. #6

    PL-2515PRO chip

    with out seeing what this device has for "memory chips" behind the controller, i was assuming that there is an external memory array. the documents about the controller talk about different types and locations of memory, but do not give any sizes. it also states that it is capable of "8 x NAND flash memory for single-mode of 8GB", so if the "password" is stored internal to the controller chip, replacing it should allow access to the memory again, this assumes ALOT, as formating, partitions, and any other configurations could cause issues if the "new" controller chip does not have a way to recover or understand this information at power-up. then again, if desperate for the memory content, you could always "clip the chip" and read the memory directly.

    just a thought....

    Korvak
    who needs sleep... will get all the sleep i need when i am dead...

Similar Threads

  1. ARTeam Armageddon 1.8
    By Shub-nigurrath in forum Tools of Our Trade (TOT) Messageboard
    Replies: 1
    Last Post: December 14th, 2009, 18:19
  2. ARTeam: Hacking Tool Developer Sources Primer Advanced Pack v10 by Gunther
    By Shub-nigurrath in forum Tools of Our Trade (TOT) Messageboard
    Replies: 0
    Last Post: February 24th, 2009, 04:17
  3. ARTeam: ActiveMark Decrypter Tool, by Nacho-Dj
    By Shub-nigurrath in forum Tools of Our Trade (TOT) Messageboard
    Replies: 4
    Last Post: September 26th, 2008, 03:31
  4. ARTeam: xFile Generic Tool for Hiding Tools by anorganix
    By Shub-nigurrath in forum Tools of Our Trade (TOT) Messageboard
    Replies: 2
    Last Post: September 17th, 2008, 16:42
  5. Is ARTeam up?
    By tHE mUTABLE in forum Off Topic
    Replies: 16
    Last Post: December 13th, 2007, 17:55

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •