April 21, 2015 at 16:02Corsair PadLock 2 - flash drive with the ability to instantly destroy data
Greetings to all Khabrovsk citizens! My name is Victor Mrikh. I am one of the developers of the PC-3000 Flash software and hardware complex, which is designed to recover data from drives running on NAND memory. Today I would like to share with all my impressions of working with the Corsair PadLock 2 usb drive.
Corsair PadLock 2 - the second drive in a series of flash drives with a combination lock. To access the data, you must enter a specific digital combination using the keys on the drive. The first in this series was the Corsair Padlock. The first damn thing is just about the first version of PadLock. The drive was hacked in no time at all. Developers and designers would not be so offended if extra-class professionals had a hand in this hack, and a lot of specific knowledge would be needed to break it. But everything turned out to be much simpler. Firstly, under the plastic case of the drive, there were two boards, one of which was a regular flash drive and a bunch: interface - controller - memory chips, the other is a battery and a board with elements responsible for processing the entered pin code. Hacking this "superprotected" flash drive looked something like this:
Just one resistor - and you have full access to all data without a password. Mistakes are made by everyone, without exception. The developers acknowledged serious design flaws and promised to fix it next time ... And after a while, the Corsair PadLock 2 flash drive was announced.
Corsair PadLock 2 is available in three capacity options: 8, 16, 32 GB. Outwardly, they are no different.
USB2.0 connection interface
On the front side there are 3 indicators and 6 buttons. The body is rubberized, the rubber is pleasant to the touch. The sensations are comparable to touches with Soft-touch plastic. The drive uses AES 256 encryption.
An 8 GB drive came into our hands. This drive was purchased in 2013, its cost was 990 rubles (123.75 rubles per 1 GB). Now these PadLock 2 are almost not for sale. They can be found only in small stores and purchased without accounting documents.
In the Crystal Disk Mark program (version 3.0.3) we got the following results. The drive was tested in the USB 2.0 port.
These days you will not surprise anyone with these numbers, but most likely you will upset or make us laugh. But the manufacturer does not promise us super speeds. The peculiarity of this flash drive is different ...
The package bundle contains very scarce documentation that tells how to install a user pin code and how to use this flash drive later, how to unlock it before connecting to a computer.
For the normal use of the data in this mini-instruction is sufficient, the complete instruction is available on the Corsair website .
2 types of passwords can be set on the device: User pin and Master Pin. These passwords can be set using special buttons located on the drive. There are only 6 buttons: five with numbers and one - control. Each of the five buttons shows two digits. The first unpleasant feature is that the controller does not handle double-clicking, as well as pressing with a delay on the buttons. Simply put, the numbers are not 10, but only 5. Password 1205 will be equivalent, for example, 1314. A trifle, but not a pleasant one.
User pin protects user data, Master pin is used to reset User pin in cases when this User pin is unknown. Password can be 4-10 digits. We thoroughly tested all the declared operating modes of the drive, and during this work we had the first difficulties.
The unlock method claimed in the documentation using the Master pin does not work.
We tried several times, and this sequence does not work. It just doesn't work. The data is not lost, but we were able to verify this only after entering the user pin. In real life, with such an error, you can either say goodbye to the data, or do combinatorics and selecting the necessary User pin. The developers took care of possible attempts to crack the drive by selecting passwords.
The lock sequence described in the instruction works. In the “normal use mode”, access to the data is really blocked for the specified time, and after 20 unsuccessful attempts, the data changes.
This information could upset many, but there is such a point in this documentation:
It gives hope to engineers and people who are simply interested in breaking this flash drive. A little later we will tell you whether hopes are vain or not.
There is one feature that personally pleased me. Namely:
If you have a memory full of holes, and you do not store important information on a flash drive, then it will be useful to you. It will also be useful for people who are not clean at hand who want to be able to quickly and without the help of a computer spoil the data. We checked: the data really changes beyond recognition in a split second.
Most likely, after the combination entered, we get encrypted data in its pure form or data passed through another encryption key.
Having carried out various actions with this drive, we traditionally disassembled it.
A plastic case was hidden under the rubber case. It is worth noting that it was attached very poorly, and it was not difficult to get it. From the gray traces of glue residues near the USB connector, you can understand that the glue was regretted, and there is a risk of losing the “stuffing” after a while.
The plastic case is also made of very thin material, which can easily be opened.
This time, the developers decided to use one board. In addition, the battery that is held on a double-sided adhesive tape immediately catches your eye.
Separating it, we see three distinct elements on the board: a
memory chip, a microcontroller that processes button clicks and a flash controller.
The whole board is covered with compound. But for us this is not a problem, when heated to 200-250 degrees, it turns into a loose substance, and it can be removed from the main elements.
So, on the drive installed:
The next logical step that we have taken is to dismantle our own power source from the flash drive.
The drive operates in the "battery is low" mode. We entered the user pin without any problems and got access to the data. We also tried the hacking mode for strength. It is clear that when the battery was disconnected and the USB flash drive was disconnected from the computer, the counter of failed attempts was reset, and it was possible to use the USB flash drive again in normal mode.
The second version of PadLock from Corsair turned out better than its predecessor. At least, information that it was hacked was not widely available. The developers of the drive took into account the mistakes of the past and did a pretty good thing. Yes, not everything works perfectly, but progress is evident.
Personally, for myself, I chose this flash drive for the reason that it is possible to erase data at any time without connecting to a computer.
We are waiting for information on the release of new flash drives with combination locks from Corsair and other manufacturers. The ASE developers will continue to study encrypted drives. By the way, our hardware and software are working hard with encrypted hard drives.
That's all. And remember, Lost forever still can be found ...
Error handling
Corsair PadLock 2 - the second drive in a series of flash drives with a combination lock. To access the data, you must enter a specific digital combination using the keys on the drive. The first in this series was the Corsair Padlock. The first damn thing is just about the first version of PadLock. The drive was hacked in no time at all. Developers and designers would not be so offended if extra-class professionals had a hand in this hack, and a lot of specific knowledge would be needed to break it. But everything turned out to be much simpler. Firstly, under the plastic case of the drive, there were two boards, one of which was a regular flash drive and a bunch: interface - controller - memory chips, the other is a battery and a board with elements responsible for processing the entered pin code. Hacking this "superprotected" flash drive looked something like this:
Just one resistor - and you have full access to all data without a password. Mistakes are made by everyone, without exception. The developers acknowledged serious design flaws and promised to fix it next time ... And after a while, the Corsair PadLock 2 flash drive was announced.
general information
Corsair PadLock 2 is available in three capacity options: 8, 16, 32 GB. Outwardly, they are no different.
USB2.0 connection interface
On the front side there are 3 indicators and 6 buttons. The body is rubberized, the rubber is pleasant to the touch. The sensations are comparable to touches with Soft-touch plastic. The drive uses AES 256 encryption.
An 8 GB drive came into our hands. This drive was purchased in 2013, its cost was 990 rubles (123.75 rubles per 1 GB). Now these PadLock 2 are almost not for sale. They can be found only in small stores and purchased without accounting documents.
Work speed
In the Crystal Disk Mark program (version 3.0.3) we got the following results. The drive was tested in the USB 2.0 port.
These days you will not surprise anyone with these numbers, but most likely you will upset or make us laugh. But the manufacturer does not promise us super speeds. The peculiarity of this flash drive is different ...
Enter your pin code
The package bundle contains very scarce documentation that tells how to install a user pin code and how to use this flash drive later, how to unlock it before connecting to a computer.
For the normal use of the data in this mini-instruction is sufficient, the complete instruction is available on the Corsair website .
2 types of passwords can be set on the device: User pin and Master Pin. These passwords can be set using special buttons located on the drive. There are only 6 buttons: five with numbers and one - control. Each of the five buttons shows two digits. The first unpleasant feature is that the controller does not handle double-clicking, as well as pressing with a delay on the buttons. Simply put, the numbers are not 10, but only 5. Password 1205 will be equivalent, for example, 1314. A trifle, but not a pleasant one.
User pin protects user data, Master pin is used to reset User pin in cases when this User pin is unknown. Password can be 4-10 digits. We thoroughly tested all the declared operating modes of the drive, and during this work we had the first difficulties.
The unlock method claimed in the documentation using the Master pin does not work.
We tried several times, and this sequence does not work. It just doesn't work. The data is not lost, but we were able to verify this only after entering the user pin. In real life, with such an error, you can either say goodbye to the data, or do combinatorics and selecting the necessary User pin. The developers took care of possible attempts to crack the drive by selecting passwords.
The lock sequence described in the instruction works. In the “normal use mode”, access to the data is really blocked for the specified time, and after 20 unsuccessful attempts, the data changes.
This information could upset many, but there is such a point in this documentation:
It gives hope to engineers and people who are simply interested in breaking this flash drive. A little later we will tell you whether hopes are vain or not.
There is one feature that personally pleased me. Namely:
If you have a memory full of holes, and you do not store important information on a flash drive, then it will be useful to you. It will also be useful for people who are not clean at hand who want to be able to quickly and without the help of a computer spoil the data. We checked: the data really changes beyond recognition in a split second.
It was
Has become
Most likely, after the combination entered, we get encrypted data in its pure form or data passed through another encryption key.
Of what, of what is it made
Having carried out various actions with this drive, we traditionally disassembled it.
A plastic case was hidden under the rubber case. It is worth noting that it was attached very poorly, and it was not difficult to get it. From the gray traces of glue residues near the USB connector, you can understand that the glue was regretted, and there is a risk of losing the “stuffing” after a while.
The plastic case is also made of very thin material, which can easily be opened.
This time, the developers decided to use one board. In addition, the battery that is held on a double-sided adhesive tape immediately catches your eye.
Separating it, we see three distinct elements on the board: a
memory chip, a microcontroller that processes button clicks and a flash controller.
The whole board is covered with compound. But for us this is not a problem, when heated to 200-250 degrees, it turns into a loose substance, and it can be removed from the main elements.
So, on the drive installed:
- Flash controller: INITIO INIC 1861L
- Button Processing Controller: PIC16F688
- Memory chip: Micron 29F64G08CBAAA
The next logical step that we have taken is to dismantle our own power source from the flash drive.
The drive operates in the "battery is low" mode. We entered the user pin without any problems and got access to the data. We also tried the hacking mode for strength. It is clear that when the battery was disconnected and the USB flash drive was disconnected from the computer, the counter of failed attempts was reset, and it was possible to use the USB flash drive again in normal mode.
Summary
The second version of PadLock from Corsair turned out better than its predecessor. At least, information that it was hacked was not widely available. The developers of the drive took into account the mistakes of the past and did a pretty good thing. Yes, not everything works perfectly, but progress is evident.
Personally, for myself, I chose this flash drive for the reason that it is possible to erase data at any time without connecting to a computer.
We are waiting for information on the release of new flash drives with combination locks from Corsair and other manufacturers. The ASE developers will continue to study encrypted drives. By the way, our hardware and software are working hard with encrypted hard drives.
That's all. And remember, Lost forever still can be found ...