Attacking a weak crypto system
Our previous experience with hardware encryption has shown that budget is equivalent to almost useless. Unfortunately, Raidon's Staray S series is no exception and the various models in the series offer no real protection from serious attacks. This article explains how we conducted our analysis.
Of all the models in Chinese vendor Raidon's Staray S series of USB hard disk drive enclosures, often marketed in Europe under the trade name Stardom, the S325 stands out, because it works independently of PC software and uses a PIN pad integrated into the case. It splits a 2.5-inch SATA hard disk drive into two logical halves that, while the disk drive is mounted in the USB enclosure, operate like two virtual hard disks complete with partition tables. According to the vendor, all the data in the protected volume on the second half of the physical drive is encrypted. The enclosures only allow access to the encrypted portion after the user has entered the correct PIN.
As with most USB enclosures with crypto functionality, the Staray product doesn't offer any physical access protection, which makes it possible to remove the hard disk drive, connect it to a PC motherboard via SATA and read it, without the need for a PIN. As a result, when a USB drive goes missing, only the encryption prevents unauthorised data access. When rating these encryption solutions it is, therefore, important to inspect the encrypted data on the medium.
Although there are Windows programs for this task, our tool of choice for reading and writing hard disk blocks is the the powerful dd Linux/Unix command line tool. The
# dd if=/dev/sda bs=1K skip=1000 count=2 | hexdump -C
command, for example, reads blocks 1001 and 1002 from the hard disk /dev/sda at a block size of one Kbyte, and displays the result, via hexdump, in hexadecimal and ASCII format. The block size of 1024 bytes is typical for addressing data blocks on a hard disk. Of course, root privileges are required for working at block level.
We initially looked into the operation of the S325 enclosure using a 500-Gbyte hard disk drive that, apart from the partition table, only contained zeros (although a smaller drive would generally be more suitable for the purpose of analysis). fdisk found the following:
# fdisk -l /dev/sda
Device Boot Start End blocks Id System
/dev/sda1 1 60801 488384001 c W95 FAT32 (LBA)
By preparing our hard disk in this way we can guarantee that, once the controller has initialised the drive, the Staray controller has deposited data wherever the disk no longer contains zeros. The controller may also move administrative information that potentially contains crypto keys and passwords onto the hard disk – a strategy that will prove fatal for the Staray S125 later.
Once we've inserted the hard disk, our S325 initially thrashes around for a while until the two virtual hard disks are partitioned and formatted. We briefly unplug the USB connector, and the Linux USB mass storage driver detects a new device /dev/sda, and, after we've unlocked it using the default PIN, also a /dev/sdb, on our system.