29-Mar-2024 06:02 GMT.
UNDER CONSTRUCTION
[Forum] Security warning: Elbox' usb.device contains RDB trashing codeANN.lu
Posted on 10-Nov-2002 22:36 GMT by Qwe (Edited on 2002-11-12 20:14:12 GMT by Christian Kemp)87 comments
View flat
View list
Elbox' usb.device contains code that can wipe a user's harddisk RDB rendering the system non bootable and losing the partitions. It is triggered when someone tries to make the device work with standard NEC PCI USB cards. Parts of this item were removed because of objections by Elbox received per email this evening. As an owner of a Mediator, I always wondered why I would have to buy a Spider USB card from Elbox since the Mediator's main point was to be able to use standard PCI hardware..
Since the card doesn't look any different than a standard NEC 720100 card, I checked what is the difference and it looks like Elbox just sells NEC cards with a different PCI subvendor ID. So, I decided to try to modify the usb.device to have it work with my NEC card. First of all I was surpsised to find that their driver is encrypted. Why did they bother to do that? I was shocked to find out the reason. If anyone tries to modify their driver to work with a standard NEC USB card, it will trash the SYS:'s RDB!!

Not believing me? The following is a disassembly of their RDB trashing code from usb.device version 1.7 (9-10-2002) available in the Spider CD: Code removed.

then go "Offline" and "Online" again -> poof, your RDB will be overwritten (don't forget to make a backup of your RDB before and saving that to a floppy, or use a useless HD for the test).

So basically (putting aside their questionable way of forcing the user to buy their very slightly modified hardware again instead of standard PCI stuff), usb.device has a VERY DANGEROUS RDB trashing code which could also be triggered if the device is damaged for example.

Back to Top