Elbox' usb.device contains code that can wipe a user's harddisk RDB rendering
the system non bootable and losing the partitions. It is triggered when
someone tries to make the device work with standard NEC PCI USB cards.
Parts of this item were removed because of objections by Elbox received per email this evening.
As an owner of a Mediator, I always wondered why I would
have to buy a Spider USB card from Elbox since the
Mediator's main point was to be able to use standard PCI
Since the card doesn't look any different than
a standard NEC 720100 card, I checked what is the difference
and it looks like Elbox just sells NEC cards with a different
PCI subvendor ID. So, I decided to try to modify the usb.device to
have it work with my NEC card. First of all I was surpsised to
find that their driver is encrypted. Why did they bother to do
that? I was shocked to find out the reason. If anyone tries
to modify their driver to work with a standard NEC USB card,
it will trash the SYS:'s RDB!!
Not believing me? The following is a disassembly of their RDB
trashing code from usb.device version 1.7 (9-10-2002) available
in the Spider CD:
then go "Offline" and "Online" again -> poof, your RDB will be overwritten
(don't forget to make a backup of your RDB before and saving that to a floppy, or
use a useless HD for the test).
So basically (putting aside their questionable way of forcing the user to buy
their very slightly modified hardware again instead of standard PCI stuff), usb.device
has a VERY DANGEROUS RDB trashing code which could also be triggered if the device is
damaged for example.