Connect with us

messing with the power connection

Discussion in 'Electrical Engineering' started by [email protected], Feb 16, 2008.

Scroll to continue with content
  1. Guest

  2. Guest

    | wrote:
    |> This is an amazing device:
    |>
    |> http://www.wiebetech.com/products/HotPlug.php
    |>
    |
    |
    | So how long have you worked for that company?

    Never have. I'm actually trying to figure out ways to defeat it.

    1. Use a 240 volt circuit. The 240 volt version might not be in the USA.
    2. Use 48 volt DC to the PSU. They don't even make that.
    3. Use a power strip plug that shorts itself while not inserted.
    4. Configure the whole disk encryption to timeout regardless of activity.
     
  3. Palindrome

    Palindrome Guest


    There is a *very* much easier way to defeat it. However, bearing in mind
    that its use is as a forensic tool for law enforcement - such
    discussions really aren't in the public interest.
     
  4. Guest

    | wrote:
    |> | wrote:
    |> |> This is an amazing device:
    |> |>
    |> |> http://www.wiebetech.com/products/HotPlug.php
    |> |>
    |> |
    |> |
    |> | So how long have you worked for that company?
    |>
    |> Never have. I'm actually trying to figure out ways to defeat it.
    |>
    |> 1. Use a 240 volt circuit. The 240 volt version might not be in the USA.
    |> 2. Use 48 volt DC to the PSU. They don't even make that.
    |> 3. Use a power strip plug that shorts itself while not inserted.
    |> 4. Configure the whole disk encryption to timeout regardless of activity.
    |>
    |
    |
    | There is a *very* much easier way to defeat it. However, bearing in mind
    | that its use is as a forensic tool for law enforcement - such
    | discussions really aren't in the public interest.

    I disagree. Such tools can also be abused, and might be in the near future.
     
  5. Guest

    | In article <o6ytj.81199$>,
    |
    |> There is a *very* much easier way to defeat it. However, bearing in mind
    |> that its use is as a forensic tool for law enforcement - such
    |> discussions really aren't in the public interest.
    |
    | I rather suspect that on an accessible website like this, that it's aimed
    | at a somewhat less respectable clientel!
    |
    | I'm sure law enforcement agencies already have their own methods of
    | dealing with things.

    A lot do, I am sure. Most probably would be baffled by a device like this.
    Those same LEAs would probably boot up a computer they take back to the lab
    instead of imaging the HD(s). I wouldn't be surprised if they leave the
    external HD(s) at the scene. And worse, they might even re-install if the
    computer is infected.
     
  6. Guest

    | In article <>,
    |> | wrote:
    |> |> This is an amazing device:
    |> |>
    |> |> http://www.wiebetech.com/products/HotPlug.php
    |> |>
    |> |
    |> |
    |> | So how long have you worked for that company?
    |
    |> Never have. I'm actually trying to figure out ways to defeat it.
    |
    |> 1. Use a 240 volt circuit. The 240 volt version might not be in the
    |> USA. 2. Use 48 volt DC to the PSU. They don't even make that. 3. Use
    |> a power strip plug that shorts itself while not inserted. 4. Configure
    |> the whole disk encryption to timeout regardless of activity.
    |
    | Can you still get Mercury tilt switches in your neck of the woods?

    Sure. I all need to do is drive around out in the countryside and look
    for homes that have some kind of central heat, and trade them a fancy
    new digital thermostat for that old one.


    | Stick one in the power lead to to HDD. It needs to be positioned so that
    | it's made while the computer is stationary in it's normal position but
    | breaks the moment it is moved. At one time car alarms used to have some
    | sort of trembler switch too. Of course you might need microswitches that
    | open the feed when someone tries to remove the computer casing to
    | "interfere" with this arrangement.

    D'oh! That one was too simple for me to think of.
     
  7. Guest

    | wrote:
    |>
    |> | In article <o6ytj.81199$>,
    |> |
    |> |> There is a *very* much easier way to defeat it. However, bearing in mind
    |> |> that its use is as a forensic tool for law enforcement - such
    |> |> discussions really aren't in the public interest.
    |> |
    |> | I rather suspect that on an accessible website like this, that it's aimed
    |> | at a somewhat less respectable clientel!
    |> |
    |> | I'm sure law enforcement agencies already have their own methods of
    |> | dealing with things.
    |>
    |> A lot do, I am sure. Most probably would be baffled by a device like this.
    |> Those same LEAs would probably boot up a computer they take back to the lab
    |> instead of imaging the HD(s). I wouldn't be surprised if they leave the
    |> external HD(s) at the scene. And worse, they might even re-install if the
    |> computer is infected.
    |
    |
    | The local Sheriff's department would leave your sorry ass in the
    | dust, then. Not only are they computer experts, but they have a nice
    | electronics lab to build things they can't find on the market. Whenever
    | there is suspected cyber crime, or a computer found when a warrant is
    | served, the regular deputies do not touch them. The experts are called
    | in, and take over the investigation, until their part is done.

    Sure, there are a lot of departments that do have their act together.
    The sad fact is, most don't. And it isn't because they have Barney on
    the ranks. It's just that they are not prepared for anything unusual.
    They don't have these experts to call on. They just have a couple of
    officers in the ranks that really do know how to use computers, as long
    as they are Windows. They even know how to image a drive. But that's
    the end of it.
     
  8. Palindrome

    Palindrome Guest

    I must admit to being rather shocked ( ;) ) that it *could* be marketed.
    ICBW, but I very much doubt that such a product could be sold to
    anyone, through "confidential channels" or not, in the UK. It is just an
    accident waiting to happen.

    It isn't even a very bright idea, from the computing viewpoint.
    Transporting *spinning* hard disks. Not exactly the best way of
    protecting irreplaceable data - hitting the machine with a fire axe
    would quite possibly be safer.

    Even the "mouse jiggler" concept is flawed. But I suspect that you can
    think of at least two flaws yourself, without me mentioning them!

    I wonder what the guy is going to invent next? Roller skates for seeing
    eye dogs?
     
  9. Palindrome

    Palindrome Guest

    From the data sheet of a typical desktop machine hard disk:

    http://www.seagate.com/docs/pdf/datasheet/disc/ds_barracuda_7200_11.pdf

    Shock (Gs) Operating: 63 Nonoperating: 300

    I'd not call the difference between them "not really much more".

    I've written off the odd hard disk by careless handling whilst it was
    running - in each case a powered-off drive would have survived, I'm
    sure. YMMV.

    Of course some modern laptop drives have become very sophisticated and
    include g sensors that rapidly park and lock the heads. Producing a
    suitably school marmy comment on the screen, having done so. I'm not
    aware of any desktop machine drive that has such protection..
     
  10. Guest

    | wrote:
    |>
    |> Sure, there are a lot of departments that do have their act together.
    |> The sad fact is, most don't. And it isn't because they have Barney on
    |> the ranks. It's just that they are not prepared for anything unusual.
    |> They don't have these experts to call on. They just have a couple of
    |> officers in the ranks that really do know how to use computers, as long
    |> as they are Windows. They even know how to image a drive. But that's
    |> the end of it.
    |
    |
    | It must be really backward on your world. Do your cops still ride
    | horses and hang people in the public square for spitting on the street?

    You sure do seem to have a narrow range of experience. Maybe you should
    out sometime and see the world. Things really are more modern than you
    seem to grasp. They just aren't as diverse at all technologies in all
    the places. That's not necessarily the fault of the LEAs/LEOs ... it's
    just the way the world is. When you are dealing with small towns with
    maybe 20 to 30 LEOs on staff, and small budgets, there is no luxury of
    having experts in all technologies available.
     
  11. Palindrome

    Palindrome Guest

    The same way that most cheap UPS do it - a moderately fast relay and a
    few mSec with no power at all. So, no attempt at paralleling or phase
    matching.

    The unit can test that the secondary supply is a suitable voltage. It
    obviously does check that there is a secondary supply present, of some kind.

    One could knock up something similar with a mains changeover relay
    energised via a switch connected to the secondary supply.
     
  12. Palindrome

    Palindrome Guest

    Simply letting the machine topple sideways onto a hard surface can
    easily generate more than 63G in the hard drive. Bumping it into a
    doorway whilst carrying it, likewise. Very short duration G forces rise
    dramatically when even a slow moving "incompressible" body impacts on an
    "incompressible" surface. 63G under such circumstances is easily
    achieved. A drive travelling at just 1 metre per second, deforming
    elastically less than 1mm on impact with an incompressible surface,
    suffers a G force of around 50G..for around 2mSec.

    Unless I had been first immersed in liquid helium, falling a foot or so
    or bumping into a doorway isn't going to result in me receiving such G
    forces. I am, fortunately, relatively good at absorbing impact by
    deformation, in the unfrozen state.

    It is safe to say that, if I was holding that drive in the car and the
    vehicle hit another at 15 mph - I would be safe and well behind my air
    bag and restrained by my seat belt. The drive, having gone through the
    window and hit the ground, would be decidedly unwell.
     
  13. Palindrome

    Palindrome Guest

    The last line says it all. Add a 10mmm "crumple zone" around a drive, so
    that it can decellerate over a distance of even just a few mm, rather
    than a fraction of 1mm - and the G forces plummet.

    Risk is as much about the consequences of getting it wrong as it is
    about the chances of that happening. Transporting a running drive full
    of irreplaceable data (eg forensic computer evidence) is riskier than
    transporting a parked drive and that risk can generally be avoided.
    My (old) Tufbook has a drive that is suspended in the middle of stuff
    that feels like jelly (gelatin). So it can move several tens of mm,
    should the need arise.

    It certainly survived dropping off the roof of the car (onto grass)
    when I drove off, forgetting that I hadn't put it in the car yet.. No,
    it wsn't running at the time.. It now has a different life, running 24x7
    as an email server.

    My (new) Tufbook has a silicon rubber sleeve around the drive, maybe
    1/20th the thickness of the "jelly" in the old one. It, supposedly, can
    take a great deal of rough handling too...
     
  14. Guest

    On Sun, 17 Feb 2008 19:37:54 -0500 wrote:
    |
    |>Transporting a running drive full
    |>of irreplaceable data (eg forensic computer evidence) is riskier than
    |>transporting a parked drive and that risk can generally be avoided.
    |
    | Actually I am unclear what shutting the machine off would do to that
    | data in the first place, particularly if you just pulled the plug.

    When a whole drive is encrypted, or just a partition, to access that data
    it is necessary to first enter a passphase that decrypts a random bit
    array, or is the seed to generate one. After that is done, it is used
    to decrypt the data on the disk. But the key itself is only stored in
    RAM. If the machine is shutoff, the key is lost and the entry of the
    passphrase must be repeated. By taking the machine in its running state,
    the opportunity exists to examine the drive contents while the decryption
    is still active.
     
  15. Guest

    On Sun, 17 Feb 2008 10:54:40 -0800 (PST) wrote:
    |
    |> I must admit to being rather shocked ( ;) ) that it *could* be marketed.
    |> ICBW, but I very much doubt that such a product could be sold to
    |> anyone, through "confidential channels" or not, in the UK. It is just an
    |> accident waiting to happen.
    |
    | They list a 220V UK version; do they not even know what the mains
    | Voltage is in the UK?

    Probably close enough for government work.


    | Unless I've misunderstood how it works the supplies from the mains and
    | the UPS would briefly be connected in parallel; that might not be a
    | good idea if the Voltages are not the same, and how do you ensure that
    | they're in phase?

    If they are not the same, the higher voltage source carries most of the
    current.

    The steps to do this first require connecting a working UPS. The UPS
    would be generating its own power in phase with the mains. So the phase
    would be the same when making the transfer from mains to UPS power. At
    the lab, the process is reversed to release the UPS and the HotPlug.
    Again, the UPS is plugged into the mains, and syncs its phase. Then
    the computer power connection can be paralleled safely between UPS and
    mains. Then the UPS is disconnected.


    | I haven't seen the thing, but from the description I very much doubt
    | that it could legally to sold, or used, here in the UK.

    It is certainly dangerous. The rules might readily disallow it from
    being sold to the public. They may make exception for law enforcement.


    | They suggest using it to move servers; most servers have more than one
    | power supply, so you can move them from one UPS to another while
    | they're running anyway. I've once moved several servers from one rack
    | to another this way while they were running. Simply replace the
    | cables one at a time by long ones going in through the front of the
    | cabinet, very carefully pull the server out of the rack and put it
    | onto the other rack, one at a time replace the temporary power cables
    | with the permanent ones in the new rack. It's not something I'd
    | normally recommend if you can avoid it, but it can be done.

    Lots do have the redundant power supplies. Not all do. It could be used
    for that. But given the hazard, I would never recommend it except in the
    most dire circumstances.
     
  16. Guest

    | Ben Miller wrote:
    |>
    |> wrote:
    |> > This is an amazing device:
    |> >
    |> > http://www.wiebetech.com/products/HotPlug.php
    |> >
    |> Aside from the discussions of security, defeating it, etc. there are
    |> electrical safety issues:
    |>
    |> 1) This guy claims "years of experience as an electrician" yet demonstrates
    |> opening an outlet cover and cutting a hot wire with the circuit energized.
    |> He says to use "insulated" cutters, but how many non-professionals would
    |> know that the normal hardware store cutters are not adequately insulated.
    |>
    |> 2) The hot plug device, once armed, puts 120V on the end of an exposed
    |> plug, and the receptacle (after it is removed).
    |>
    |> This is completely irresponsible. Dangerous product, and dangerous
    |> demonstration.
    |
    |
    | Which is the reason Phil is fascinated by it.

    You've completely missed the mark. OTOH, this is not the first time you
    have been fascinated by making personal attacks online.
     
  17. Palindrome

    Palindrome Guest

    With 500+GByte disks household items these days - it can take quite a
    while copying the data off - even presuming a police officer was present
    who knew how to do it and had enough USB drives with him to do it.

    Whilst many encryption algorithms are easily breakable, MS Word springs
    to mind, others are a challenge - even for the NSA. The advantage of
    getting hold of a computer which has the suspect still logged in, is
    that a lot of encrypted stuff is available en clair - whilst that user
    is logged in. All this kit does is keep the computer in that state. Why
    spend (expensive) time and effort breaking encryption, when the stuff is
    available, unencrypted?

    Plus, it is possible to set up computers to run with no hard disk at
    all. They boot from the network and load their operating system from the
    network - into RAM. From a server that could be in another juristiction,
    or even on a different continent. Lose power and there is absolutely no
    evidence left to analyse. However, if someone has gone to the trouble of
    setting up a computer like this, for less than honest reasons, he is
    probably going to take a few more precautions, too*.

    *Which you will excuse me for not going into.
     
  18. Guest

    | wrote:
    |> | wrote:
    |> |> This is an amazing device:
    |> |>
    |> |> http://www.wiebetech.com/products/HotPlug.php
    |> |>
    |> |
    |> |
    |> | So how long have you worked for that company?
    |>
    |> Never have. I'm actually trying to figure out ways to defeat it.
    |>
    |> 1. Use a 240 volt circuit. The 240 volt version might not be in the USA.
    |> 2. Use 48 volt DC to the PSU. They don't even make that.
    |> 3. Use a power strip plug that shorts itself while not inserted.
    |> 4. Configure the whole disk encryption to timeout regardless of activity.
    |>
    |
    |
    | There is a *very* much easier way to defeat it. However, bearing in mind
    | that its use is as a forensic tool for law enforcement - such
    | discussions really aren't in the public interest.

    Not exclusively so, otherwise it would not be offered to the public (as
    dangerous as it might be).
     
  19. Guest

    17:56 GMT, wrote:
    |
    |>When a whole drive is encrypted, or just a partition, to access that data
    |>it is necessary to first enter a passphase that decrypts a random bit
    |>array, or is the seed to generate one. After that is done, it is used
    |>to decrypt the data on the disk. But the key itself is only stored in
    |>RAM. If the machine is shutoff, the key is lost and the entry of the
    |>passphrase must be repeated. By taking the machine in its running state,
    |>the opportunity exists to examine the drive contents while the decryption
    |>is still active.
    |
    | If the drive is "opened" when they sieze it, why not just copy the
    | data right there?

    They could do that. But maybe there is not attachment means to make a
    copy, or make one fast enough. Ever tried to copy a 1TB drive via USB?


    | In real life guys like the FBI and NSA can crack just about any
    | encryption with minimal effort. I know a guy who works in that arena
    | and he has a tool that broke the IBM encryption on my laptop in about
    | 5 minutes.

    Wishful thinking. Commercial encryption also tends to be weak.
     
Ask a Question
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.
Electronics Point Logo
Continue to site
Quote of the day

-