Page 1
Page 2
Opening the stick
Page 3
Hacking the stick
Page 4
Page 5
Conclusion (+ discussion / remarks)
Do you like my hacking? If so, please consider leaving something in the
Fediverse (Mastodon etc): @Sprite_tm@social.
Because the stick doesn't do anything on the USB-port when the correct fingerprint isn't detected, a software hack to get to the data of a 'found' USB-stick is out of the question: there's just no software to hack. I had delve into the hardware of the stick if I wanted the chance to get to the data it stores.
Cracking the case of the stick doesn't prove that difficult: there are no
screws anywhere and the case appears to be glued shut, but inserting a flat
screwdriver into the crack between the USB-plug and the casing gives enough
leverage to crack the case without damaging it too badly. Once inside, the
stick seems to be made of two PCBs connected to eachother by means of two
pin-headers. The type of the chips arem't visible: Ritech seems to have smeared
some kind of epoxy over the important ICs and their pins.
First of all, I decided to get these two PCBs apart, so I could inspect all
sides of them. I used a rotating tool to saw through the headers and re-connected
the pins with thin wire. As you can see in the picture, that made the USB-stick
more like an USB-credit-card. A quick test revealed it still worked, in spite of
its radically changed form factor.
To get access to the chips and te signals on their pins, I still had to remove
the epoxy-like goob that sat on
Luckily for us, Ritech seems to have used a thermoplast-type of material to seal
the pins away from us: when heated, it becomes rubber-y and breaks off easily.
I used a toothpick and a heat-gun to get the epoxy off everything.
As all the goop was removed, the way the chip worked was revealed by a quick look
at the previously-obscured type-numbers of the ICs. These were the main ones: