Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.

Check disk on key identifier

EyalBerEyalBer Member Posts: 16

Hello, how can I check the disk on key's id when inserted to the computer?

Comments

  • Peter_Viscarola_(OSR)Peter_Viscarola_(OSR) Administrator Posts: 7,505

    how can I check the disk on key's id when inserted to the computer?

    Please tell us more: What do you mean by "ID"? Vendor ID and Device ID? Serial Number? Something else?

    Are you asking us how to do this programatically? From a driver? From user-mode? Using a Power Shell script?

    Peter Viscarola
    OSR
    @OSRDrivers

  • EyalBerEyalBer Member Posts: 16

    @Peter_Viscarola_(OSR) said:

    how can I check the disk on key's id when inserted to the computer?

    Please tell us more: What do you mean by "ID"? Vendor ID and Device ID? Serial Number? Something else?

    Are you asking us how to do this programatically? From a driver? From user-mode? Using a Power Shell script?

    I'm trying to achieve this programmatically from a kernel mode driver.
    I'm trying to get the drive Vendor ID, Device ID and Serial Number as well, when inserted to the computer.

  • Peter_Viscarola_(OSR)Peter_Viscarola_(OSR) Administrator Posts: 7,505

    I’m not going to play 20 Questions with you. Please describe, in a complete way, what you’re trying to accomplish. You are, presumably, an engineer. Give us an engineering description of what you’re trying to do using more than two sentences.

    Are you looking for info about ANY USB device? A particular one? Once you have it, what do you want to do with this information?

    Describe the overall goal of what you’re trying to do. Please.

    Peter

    Peter Viscarola
    OSR
    @OSRDrivers

  • Tim_RobertsTim_Roberts Member - All Emails Posts: 13,158

    Why does a kernel driver need this information? What kind of a driver are you writing?

    Tim Roberts, [email protected]
    Providenza & Boekelheide, Inc.

  • EyalBerEyalBer Member Posts: 16

    What I'm trying to develop is basically turning a flash drive into an actual system key.
    That means, upon inserting a flash drive to the computer, a driver will check whether or not the flash drive is registered as a key and then will log the user in to the registered user that uses this key as it's login method. In addition, it will bypass UAC, which I'm still not quite sure how...

    The reason I want it to be a kernel mode driver is because I want to practice kernel development. There is stuff that is written in user mode, but this kind of stuff I prefer to write in kernel mode.

    Additionally, I also want to ask the following:
    1. I will allow the key to be registered also to multiple users. But I'm still wondering how to show the user only the accounts he can login to when he is in the login screen (LoginUI)? For example, if the key is registered on the following accounts:
    A, B, C
    I want to show him:
    A B C
    LOGIN LOGIN LOGIN

    1. In security manners, how do I securely store this information? Because I know there are ways to spoof flash drive's ID and I don't want to expose such information to users.

    2. How can I send messages from kernel mode and receive them in user mode? (Without using filter communication port).

    3. How do I automatically disable UAC only for the current session?

    Sorry in advance for any inconvenience I made. If there's something you don't understand, please tell me.

  • Peter_Viscarola_(OSR)Peter_Viscarola_(OSR) Administrator Posts: 7,505
    edited November 21

    because I want to practice kernel development

    Hmmmm.

    No disrespect intended, but that encourages me to ask: Are you a professional software developer doing this as a work project? Or are you a student who's doing this? Or???

    If you don't know why I'm asking, that means you haven't read the Community Rules and Guidelines that we ask people -- on every page of this site -- to read before they post.

    These are very fundamental questions you're asking, and in total they pretty much amount to "please design this project for me"...

    Peter

    Peter Viscarola
    OSR
    @OSRDrivers

  • Michal_VodickaMichal_Vodicka Member - All Emails Posts: 61
    edited November 22

    @EyalBer: I'm afraid you really underestimate the complexity of this project. The question you ask is a small simple detail and the real complication is integration to logon. Do you have solved this part? From your description it seems you don't but maybe I'm mistaken.

    1. In security manners, how do I securely store this information? Because I know there are ways to spoof flash drive's ID and I don't want to expose such information to users.

    VID, PID and serial number? You can't. OS stores it in the registry and everyone can read it. Once you plug-in an USB device, OS creates the device node in the registry which contains all this info. Actually, it is used for enumeration. The worst part for you is the storage is permanent so once the device is plugged in, it remains there even when the device is disconnected. In the described scenario it'd be quite easy to indentify the necessary nodes (because serial number is seldom used so all USB devices with serial number would be suspicious).

    Also, this way isn't secure at all. It is quite easy to make an USB device with the same VID, PID and serial number.

    The reason I want it to be a kernel mode driver is because I want to practice kernel development. There is stuff that is written in user mode, but this kind of stuff I prefer to write in kernel mode.

    Not a good idea. It is easier to do it from user mode. There is Setup API which allows USB device enumeration an easy way (well, sort of ;-)), you can register device arrival/removal notifications.

    Michal

  • Tim_RobertsTim_Roberts Member - All Emails Posts: 13,158

    There is stuff that is written in user mode, but this kind of stuff I prefer to write in kernel mode.

    That is a very poor reason to use kernel mode. User security stuff is very awkward in the kernel. It was designed to be done on the user side.

    I assume you will have some kind of content on the device, like an encrypted security token. A device's descriptors (with the VID, PID and serial number) are trivially easy to clone. I can do it with a $10 USB developer board in a few minutes.

    In addition, it will bypass UAC...

    This leads me to think you don't really grasp your environment. You're talking about a hacking tool here. Are you thinking about an IT guy trying to do admin stuff on multiple machines? The right way to do that kind of thing is with a Domain Administrator account.

    Tim Roberts, [email protected]
    Providenza & Boekelheide, Inc.

  • Pavel_APavel_A Member Posts: 2,691

    @OP So you're looking for a USB authentication device. Of course they exist, but they are not a "disk on key" (storage) devices.
    For a modern one, read on the FIDO U2F spec
    You can buy them from several vendors or make yourself
    Another type is a USB smartcard reader emulator (CCID): https://en.wikipedia.org/wiki/CCID_(protocol)

    For a student, this is already a nice project and you can stop here.
    But if you're looking for "professional" user experience solution for Windows, you'll need a custom logon provider

    All these things are not related to kernel drivers. Not directly. So you can continue research on the MSDN desktop security forum or Stack Overflow.

    -- pa

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Upcoming OSR Seminars
Writing WDF Drivers 21 Oct 2019 OSR Seminar Space & ONLINE
Internals & Software Drivers 18 Nov 2019 Dulles, VA
Kernel Debugging 30 Mar 2020 OSR Seminar Space
Developing Minifilters 27 Apr 2020 OSR Seminar Space & ONLINE