Click Here
home features news forums classifieds faqs links search
5651 members 
Amiga Q&A /  Free for All /  Emulation /  Gaming / (Latest Posts)
Login

Nickname

Password

Lost Password?

Don't have an account yet?
Register now!

Support Amigaworld.net
Your support is needed and is appreciated as Amigaworld.net is primarily dependent upon the support of its users.
Donate

Menu
Main sections
Home
Features
News
Forums
Classifieds
Links
Downloads
Extras
OS4 Zone
IRC Network
AmigaWorld Radio
Newsfeed
Top Members
Amiga Dealers
Information
About Us
FAQs
Advertise
Polls
Terms of Service
Search

IRC Channel
Server: irc.amigaworld.net
Ports: 1024,5555, 6665-6669
SSL port: 6697
Channel: #Amigaworld
Channel Policy and Guidelines

Who's Online
52 crawler(s) on-line.
 16 guest(s) on-line.
 0 member(s) on-line.



You are an anonymous user.
Register Now!
 NutsAboutAmiga:  6 mins ago
 Tarzin:  21 mins ago
 BSzili:  34 mins ago
 ferrels:  46 mins ago
 vox:  53 mins ago
 Argo:  1 hr 6 mins ago
 blasterreal:  1 hr 11 mins ago
 Trekiej:  1 hr 52 mins ago
 Rob:  2 hrs 49 mins ago
 kolla:  4 hrs 14 mins ago

News   News : Elboxs "usb.device" and "pci.library" DO contain RDB trashing code!
   posted by _Steve_ on 14-Nov-2002 20:14:09 (1370 reads)
I had seen several reports of there being RDB trashing code in Elboxs "usb.device" but refused to post anything on the matter unless solid proof could be found, or the original accusations substantiated.

Unfortunately for Elbox, those accusations have been proven to be true....


In a posting on ANN Chris Hodges, author of the USB Stack Poseiden writes:

Poseidon will refuse to load the usb.device with the next update. I could verify that the offensive RDB-killer code is inside the driver version (1.2) I had here. Permission to distribute Poseidon with their software has been withdrawn.

Dear Poseidon Users,

in the last few days, there were rumours posted to ann.lu, claiming that the usb.device, that is provided by Elbox Computer Inc. for the Spider USB PCI card would contain malicious code. This code was posted disassembled on various websites. This source code, if assemblied into an executable, would indeed have the ability to kill the RDB (if it was found in block 0). Code destroying data on purpose like this is illegal in most countries (including Germany) and moreover, is one of the ethically worst things I've ever seen.

As the source of this security warning was an anonymous poster and therefore was not reliable, I wanted to check for myself. So I loaded the usb.device (some friendly Mediator user sent me, as Elbox never offered me a SpiderCD to check the contents of the CD), let it decrypt itself and just searched for the 'RDSK' string in the driver (as seen on the disassembled source code on the websites). No disassembly was used. The string was found. I could therefore verify that the offensive code is at least in version 1.2 of the device, I had here to test (there is absolutely NO reason why 'RDSK' would appear in an usb hardware device driver).

I gave Elbox the chance to clear things up in public by posting an apology and removing the code. They didn't. Instead, they said that all my "doubts" would be answered in the press statement released yesterday and ignored the consequences that I already had proposed to them.

Well, my "doubts", which actually are facts, that I could see with my own eyes, remain. Any Mediator user can check this by using a memory monitor and searching for the usb.device in memory (after loading up Poseidon) and see, if there's the 'RDSK' ID string within the next 10000 bytes.

As a consequence, I have to warn Mediator users that their machine is in danger, when running the usb.device. In the non-memory protected Amiga environment it might get damaged at any time and then cause the routine that kills the RDB to become active. The next update of Poseidon will refuse to load up the usb.device, if it detects malicious code. This is to protect yourself from damage and myself from being held liable for any loss of data or damage done.

Moreover, I hereby withdraw the permission to include Poseidon in ELBOX's software distributions, until they
a) admit, that the code was in their driver,
b) admit, that they have constantly lied to the users,
d) have placed a public apology for the first time in their life,
c) and have removed any malicious code.

I don't want Poseidon to be included with third party software, that's highly illegal and whose originators don't deserve any trust.

I do understand that people try to protect their work from being hacked. I do this too, but not by risking the data of legal users and I cannot tolerate this offensive behaviour any longer (I admit, I'm again rather upset and therefore this statement is not as objective as it could have been).

The Spider users out there are adviced to confront Elbox with the demands mentioned above, so to allow Poseidon again accept the usb.device driver.

I hope that you believe the facts and my worries and understand the steps taken.

Best regards

Chris Hodges


In a comment further down, another Amiga Programmer Peter Gordon, also discovered the same RDB trashing code present in the "pci.library":

Well, I have just examined the RAM of this A4000, and within pci.library memory space, I searched for RDSK, and there it was.
I loaded up Barfly Debugger, went to that address, and lo and behold there is RDB trashing code, identical to that already posted before, in the RAM of my computer.
Elbox, I am so disappointed in you :(

For those who have access to a C compiler like SAS/C and have a copy of IRA the disassembly program on aminet, you can decode your own pci.library/usb.device using the code found here.
    

Related Links
· More about News
· News by _Steve_


Most read story about News
AmigaOS 4.0 Status Report

Last news about News
Amiga Future Webpage 20 years relaunch
Printer Friendly Page  Send this Story to a Friend

[ home ][ about us ][ privacy ] [ forums ][ classifieds ] [ links ][ news archive ] [ link to us ][ user account ]
Copyright (C) 2000 - 2019 Amigaworld.net.
Amigaworld.net was originally founded by David Doyle