The Open Source USB Drive Built for Privacy

[00:00:00]We feel like now more than ever people should have access to tools required to reclaim their privacy.

[00:00:05]But not everyone and everywhere respects that right.

[00:00:09]There are some cases where having an encrypted device appears suspicious.

[00:00:13]We're trying to solve this problem.

[00:00:14]Phantom Drive is a completely open source obfuscation device. It's designed to hide in plain sight. When first inserted, you're presented with a normal unencrypted drive, but there's a stealthy way to access the encrypted content.

[00:00:27]>> [music] >> Hi, I'm Ryan, the creator of Rookit Labs. Rookit Labs is a company that makes 100% open source security hardware, pen testing hardware, privacy hardware, etc. Today I'm here to talk to you about Phantom Drive, something I've been working on for the past 6 months.

[00:00:50]Phantom Drive is a completely open source obfuscation device.

[00:00:55]When you plug it in normally, it'll present you with 8 GB or however much data you like of unencrypted regular disk.

[00:01:04]There's only one way to make it reveal its second encrypted partition. To do that, you need to create a special file called unlock.txt.

[00:01:12]Inside of here, you enter the string password, colon, and then your special password. The drive will then unmount itself and remount the remainder of the disk. Everything will then be encrypted and decrypted in place.

[00:01:27]The purpose of this video is I'm doing a pre-order. Rather than me ordering a crushable amount of devices and then selling out, I rather gather interest and then place a large order so everyone can get a device.

[00:01:39]This device isn't in the beta stage or testing or anything. I already have the PCB done, the enclosure is finished.

[00:01:46]I've completely written all the firmware and I've run various security tests on it.

[00:01:52]Okay, so if you stuck around for this long, you are are interested in some of the details of the device and that's exactly what I'm going to talk about right now.

[00:02:03]So, it is potentially a little bit simpler than you would assume.

[00:02:08]So, the main chip is the CH569.

[00:02:17]So, this is the block diagram for the main sock. So, there's a USB 3 host and device controller and USB 2.

[00:02:26]Right now, USB 3 has been connected, but I'm using USB 2 for the device.

[00:02:32]Maybe in the future there will be firmware updates enabling USB 3. The reason why it's just using USB 2 is because I got it working really stably and after some profiling I realized that USB is not the bottleneck for this device.

[00:02:47]There is an Ethernet MAC which of course I'm not using. There's an SD eMMC controller which I very much am using.

[00:02:54]And the encryption engine contains a AES and SM4.

[00:03:00]AES is probably quite well known.

[00:03:03]Whilst SM4 I believe it's a Chinese Yeah, standardized commercial cryptography in China. I don't know if it's secure or not.

[00:03:17]I just didn't end up using it. That's obviously something you can implement um if you would like that.

[00:03:26]So, yeah, that's the chip.

[00:03:31]The There's a USB USB 3 male port on the board with the USB 3 SuperSpeed lines connected.

[00:03:44]And of course the standard USB 2 data lines.

[00:03:47]This is the SD card holder.

[00:03:49]So, we I used these uh resistor arrays for the mandatory pull-ups for SD cards.

[00:03:55]There's two small switch mode PMICs, one to go to 1.2 V, one to go to 3.3 V.

[00:04:01]Uh this is a TI part, I believe.

[00:04:09]Yeah.

[00:04:10]Uh 2 amp high efficiency, blah blah blah, buck mode supply, pretty standard stuff.

[00:04:15]And as far as the squantlets go, that is actually it. There is a crystal uh for the thing. For the for the sock, there's a reset button. So, that's what we're that's what you need to press if you want to flash the firmware yourself. You basically press that button, insert the SD card, or sorry, insert the Phantom drive, and you can use a DFU flashing utility.

[00:04:43]I will quickly go over the board again.

[00:04:47]I don't think this is going to take very much time cuz it's quite simple.

[00:04:53]So, it's a four-layer board.

[00:05:00]Let's actually go ahead and turn off the silk screen.

[00:05:04]Uh turn off all this bottom stuff as well.

[00:05:08]I don't need this. Let's turn on the front silk screen.

[00:05:13]So, here's the here's the sock.

[00:05:16]This is the the USB uh pads are mounted on the other side.

[00:05:21]And these are impedance controlled 90 ohm traces to the the sock.

[00:05:32]Uh the two switch mode Oh my goodness.

[00:05:35]Apologize.

[00:05:38]The two switching power supplies are here.

[00:05:41]You have the output with their inductors here.

[00:05:46]These are the resistor arrays, the the pull-ups for the SD card.

[00:05:53]Let's take a look at the 3D view.

[00:06:01]So, this is the whole device here. You can see obviously this is the our um our ISP button.

[00:06:08]We can push that to enable the not ISP, DFU.

[00:06:13]The go to the bootloader and receive instructions when you want to upgrade firmware. And that's a really nice part of this project. So, you don't need any special programmers to program this part. I will just uh be distributing new firmware uh for this device. Right now there's a 1.0 release.

[00:06:30]And with that, you will have um potentially a 1.1 or 1.2. I can't really see any major there's definitely no major changes in the future.

[00:06:43]Um but once you receive that image, you can just um update the device yourself.

[00:06:48]Which is nice.

[00:06:50]The other side here is the SD card.

[00:06:53]So, I think a lot of people in the comments were asking why I use an SD card versus a soldered down memory chip.

[00:07:00]And the answer is super simple. So, the current situation with AI has made eMMC chips um extremely expensive. So, if we if you actually go to look at the cost of them on whatever website for a 32 GB eMMC you're looking at over $100.

[00:07:17]Um I can't I can't really justify doing that right now.

[00:07:23]So, in the future there will be a eMMC version, but um not right now. So, this using an SD card is nice because it gets um you can choose whatever size you like.

[00:07:36]So, if you want 32, 64, 128, 512, whatever GB you just um choose an SD card you like and and pop it in.

[00:07:45]The speed of the SD card and quality of the SD card will greatly affect the performance uh read and write speeds of the device.

[00:07:55]And to actually go from this to eMMC is very easy. If you don't know, eMMC, loosely speaking, eMMC is basically just a soldered down SD card with a few extra Well, it's an eight lane instead of four lane as far as data, so it should be uh in theory a little bit faster uh depending on the eMMC controller itself and timing specifications.

[00:08:18]This is the entire device.

[00:08:21]I can go out and take the board so you can see it.

[00:08:25]I find them the most the cleanest way to open it up is by just sliding a very small blade under, and that should loosen it off, and then slide the blade around.

[00:08:39]And if you buy one of these, you'll be shipped with two extra pieces for the enclosure cuz I have had I've noticed that um they it seems to hold up quite well, but if you do open and close it like more than 10 times, you do run the risk of breaking these pins, so I just decided I would ship some.

[00:09:03]You'll basically you will receive uh this and then a fully assembled device as well.

[00:09:11]So, here's the device here.

[00:09:14]Um yeah, again, there's a I mean, you can see the DFU switch.

[00:09:20]So, I'll walk into flashing the device quickly.

[00:09:23]I'm going to go into the Phantom Drive repository.

[00:09:33]So, there's some different You're not going to be able to read that.

[00:09:39]Uh there's some different targets here or different options that you can set.

[00:09:44]So, you can build this with UART support and USB debugging support. You might be interested in UART support if you want to do some uh software hacking on your own. Uh there are on this board, you probably can't see them, but there's some solder points there, so you can fly a wire down and have access to UART TX and RX. I only really use transmission from this board, uh but there's no reason why you couldn't use reception, and that's really nice for some simple debugging and some profiling that I've done before.

[00:10:19]But, the standard Oh my goodness.

[00:10:23]The standard command is just make.

[00:10:27]And this is going to build the production image. It's not an environment variable. It's make UART equals one.

[00:10:36]And that will build with UART will be turned on, and you can I'm sure many people care about that.

[00:10:43]Uh and for this, you can use make and then make flash.

[00:10:48]So, I'm going to go ahead uh and insert the device whilst pushing the button.

[00:10:57]And the make flash will go ahead and flash your device for you.

[00:11:01]Now, if you don't know much about this and you're worried about uh not being able to do this, uh there will be binary images that are distributed uh that you can just flash to the device using a uh simpler tool than this, but this is what's available right now.

[00:11:20]I apologize.

[00:11:22]So, the this is the main Here's where we set the USB uh uh vendor IDs and product IDs. So, if I do a um lsusb Sorry, lsusb we should see generic Phantom Drive there.

[00:11:41]Now, depending on so, I have to ship it with these vendor IDs and product IDs according to the law.

[00:11:51]Uh okay, you didn't hear it from me, but you can actually change these to mimic a existing um company's device.

[00:12:01]Uh which of course will be a little bit more stealthy. If you want, you can also change this from generic Phantom Drive to tables.

[00:12:14]And this is where the vendor information is and the product ID and this has a hard hardware version.

[00:12:27]Or sorry, yeah, yeah, it is firmware version written in it as well.

[00:12:31]Of course, you can change this to whatever your heart desires. And depending on your opsec needs, that may or may not be required. I'm not going to go into the code because you can read most of that yourself if you're someone that's interested in the code.

[00:12:46]But basically, it's all standard stuff.

[00:12:48]So, the BSP, the board support package for this chip. So, yeah, I should mention I'm using So, this WCH 56XISP is the in-system programmer. So, this is what is used to flash the device. These are Sorry, my submodules uh dependencies rather. Or well, submodules and dependencies. Whilst the BSP, the board support package is where I get a lot of source code from, too.

[00:13:24]And if we jump to this, we can see uh, the descriptions and and whatnot.

[00:13:30]Um, again, this is what the that UART thing will set. So, if we want UART, we can enable it through that thing.

[00:13:37]And all of this logging is going to happen, um, yeah, if we if we enable UART. And if we don't enable UART, it's not going to happen. Something that people might be interested in is the USB descriptor.

[00:13:53]Uh, sorry, no, not the USB descriptor, the serial number. So, if you might notice that we're going to grab a UID from the chip.

[00:14:03]And each chip is going to have its own unique ID.

[00:14:07]And this is set, uh, in the USB serial number, which we can actually read.

[00:14:20]I just forget the command to do that.

[00:14:22]Yeah, so, um, so, this is going to give us our unique serial number for our Phantom Drive. Now, the reason why I'm telling you this is cuz you're probably not interested in a serial number, but the serial number is your unique salt for, uh, the KDF that we use. So, I'm going to explain how that works right now.

[00:14:58]So, I'm going to open the crypto module.

[00:15:04]And the function that you are probably interested in is this derive key function. So, this is how we're actually going to derive our encryption key, and I uh, challenge you, or not challenge you, but, uh, encourage you to read through this yourself, and make sure that you're convinced that it's secure. I'm con- I've convinced myself that it's secure, but So, you see one of these arguments is KDF salt. So, this is uh an 8-bit number of length KDF salt size, which I can't even remember. It's eight.

[00:15:37]So, what is that? Eight to eight eight 8-bit numbers or that is yeah, 64 a 64-bit long number.

[00:15:47]And if we check the call to derive key, uh this is the the key is derived when we unlock the device.

[00:15:59]So, we have a derive key function here. And if we actually look at the function call to derive key is inside of Phantom Drive unlock, which is called when we receive the text string with our password inside of it.

[00:16:13]So, and then the salt here is passed from this uh static page variable uh called salt bytes.

[00:16:23]And salt bytes is set in Phantom Drive init, which we call from main.

[00:16:32]And our salt is going to be the unique ID of the drive.

[00:16:42]So, that's very important. So, you need to understand that when we derive the key, we basically are going to take your password. We're going to salt it with that number.

[00:17:04]Uh we are going to Yeah.

[00:17:09]Um salt our password with our unique key. So, each device is going to have its unique salt.

[00:17:18]Uh and then we're going to do a certain amount of KDF rounds from I to number of KDF rounds. So, then we're going to SHA-256 hash it 100,000 times.

[00:17:31]Now, the reason why this is important is because you can't take one Phantom Drive, use an SD card on it, and then move it to another Phantom Drive, and then do that again and get your data because the salt is going to be different, the key derivation is going to be different, and your final key will be different. So, if you want to uh if you want to get your data off, like say you take the SD card out, and you want to extract the data, that's completely reasonable because you might have a device that's been infected or damaged by water or something, not infected, damaged by water or something, then do I have the stuff for you. You want to look at kdf.c.

[00:18:13]I don't know why it's called that. You want to take a look at the readme. And this readme, so this inside this test folder here is going to have all the the tests where I verified that everything is working as it should be. So, what I did is I I took the device, I went through the normal path of unlocking it, I used f3 write to write a bunch of known data to it, I then extracted the SD card, and then used kdf.c.

[00:18:44]This file here, you basically build it, and then you point it to that should be the SD card mounted, you create a loop device, you mount the loop device, and then you should be able to read your data. Now, of course, uh kdf.c is going to need some stuff. So, you need to put in your salt here.

[00:19:13]Uh and this is surprise, surprise.

[00:19:24]Not the same because I changed some I changed some of the changed some stuff around. So, but your salt needs to go into here, your password needs to go into here, and then you should be able to take your This is the key for the salt and that password, and then you can unencrypt your USB or sorry, your SD card.

[00:19:48]Thank you for watching. That was quite a bit of technical jargon. I want people to understand that this device is not only for technical individuals that get into the code and want to flash their device themselves. It is literally for everybody. And I built it in a way that is accommodating to all skill levels and abilities, and I just wanted My whole goal was to make this something that increases everyone's level of privacy because whether or not you need it, I personally am of the belief that everyone should have access to it.

[00:20:23]Yeah, that's it. If like and subscribe if you want to support the project, the link is down below to the crowdfunding campaign.

[00:20:33]I'm not using Kickstarter or CrowdFire or anything like that because they just take an extra 10% or whatever, and that means it's more it's 10% more expensive for you. I'm so excited to finally launch this product after all my hard work. So, thank you very much. Thank you for watching. Thank you for supporting.