Make some content on USB drive read only

usb partitioning security file-permissions read-only
16,216

Solution 1

Answers to questions like this depend on the so-called "attack model" that you want to be protected from. In other words, will the user actively try to overcome your protection? Or is the protection there just to warn the user, which you trust to be honest with respect to the read-only setting and not try to overcome it?

In the second case, setting the read-only flag in the file properties should be enough. When the user will open your file, the program will tell him that the file is read-only and they cannot save it. If the user is honest, he will not do anything.

The first case is much more difficult, and actually there is very little to do about it. Giving a USB pen to someone is much like giving them a paper sheet with pencil writing on it. There is no way you can prevent your user from erasing some part of your sheet and writing again on it, no matter what you write in it (in this metaphor there is no equivalent of the pen; everything that you write on a USB pen is erasable and re-writable; if you want to have a pen equivalent, you have to write on a CD-ROM).

In this metaphor, setting the read-only flag is no different from writing (in pencil): "Please, do not erase of modify things here". If the user is honest, they do not do it. But there is no technical mean that prevents them from doing that if they are not honest.

So, in this case, the answer is basically "no".

There is a partial workaround that may or may not be applicable to your case: you can add a digital signature to the file you want to protect. The user is still able to modify the file, but thanks to the digital signature this leaves evidence that the file was modified. However this is a very broad topic, which has in turn other caveats, and it would be off-topic to discuss it here.

Solution 2

Enable CD drive mode in USB stick firmware

Quick answer: Scroll down.

Long answer:

Is partitioning the pen drive, and then making 1 partition as read only, a solution to this? If yes, then please guide me how to do that.

There seems to be a lot of talk (and confusion) out there about having read-only partitions on usb sticks, the idea being to make it look like a CD drive to windows so the files are protected.

Multiple partitions don't work with windows.

Story goes, we could have 2 partitions on the drive with a read-only iso image in one, and a regular FAT32 partition for the other.

Works great with linux, not with windows. You can overwrite the whole usb stick with an iso image and windows will treat it as a CD drive (even the bios can boot from it if it's an hybrid image !) but that's all. If the image is in a partition windows doesn't know what to do with it anymore. And as harrymc pointed out, windows doesn't like multiple partitions on removable drives anyway.

U3 sticks, however, do just that !

U3 sticks have special firmware to emulate a CD drive in addition to the normal usb drive, and so show up as two different drives. The CD drive is normally used to deliver proprietary content, and so not under user control. For all practical purposes the files inside it are protected (changing it requires reprogramming firmware).

Good news is, U3 sticks came out a while back and now it seems pretty much every usb stick has this functionality built-in even if not used at all by default (!) There's even an opensource tool (u3-tool) that allows to manipulate the CD image for U3 compatible devices.

The bad news: we have to mess around with the stick's firmware, most of tools are windows-only, come from china, are extremely technical if not downright obscure, and we might well blow it all up with the wrong settings. Alright, it's not going to be pretty...

Easy case: it works with u3-tool

  • Your stick is in the supported devices (or you feel adventurous and just try)
  • Create an iso image with your file(s) in it (genisoimage / isomaster / your favorite burning tool)
  • Replace usb stick's CD image with your own using u3-tool.

General case

Following mostly comes from this great tutorial:

  • Find out what chip the stick has.
    ChipGenius and Flash Drive Information Extractor are particularly good at that. Get latest version from flashboot.ru (Yes it's in russian, did i forget to mention we'd be visiting russia along the way ? Get chrome to translate the page for you it'll be alright).
    Chip is Phison or SMI ? We're in business, others i don't know.
    For example, i have a Kingston Data Traveller stick and it turns out to be Phison-based.
  • Lookup device's VID & PID you got in previous step in flashboot.ru's database to find out which tool you need. ChipGenius might tell you as well. Looks like it's MPAll for Phison chips (you need the right version), UFDisk Utilities for SMI etc. Download and install from flashboot.ru.
  • If you end up with MPAll as well, follow the tutorial and try to get the settings right (good luck). In the F1 part you want 2 partitions: one cd-rom, and one removable disk. Set the partitions sizes, iso image etc. Flash the drive and pray.
    For UFDisk Utilities, follow the tutorial in vinayak's answer.
  • Your usb stick now (hopefully) comes up as a read-only CD Drive with your presentation in it, and a read-write removable drive for the user.

Solution 3

Any file/folder containing * in their name will be read-only in Windows.

Even admin can't delete or modify it. Remaing space is available for other use. Formting the device will delete it. As * is a invalid charactor for a file name you can't add it to a file name from Windows. In order the rename the file, boot into a linux OS and just rename it. Tested on Windows 7, from Ubuntu, NTFS formatted pen drive. FAT fs may not support.

Solution 4

I would suggest exporting the presentation as a PDF document and using the Acrobat Pro features to digitally sign the document, turning on the modification protection as part of that. This will prevent someone from modifying the presentation, however they could just attempt to reproduce the master from scratch on a blank presentation by copying and pasting all the content.

See http://www.adobe.com/uk/epaper/tips/acr5digsig/

Solution 5

Your best bet is to hire the services of a company that preloads data onto USB flash drives. This is possible and here are two websites that offer this service:

http://www.usbpromos.com/special-options
http://www.maikii.eu/data-preload
http://usbmedia.us/preload.php

If you're not concerned about the user not being able to remove the pre-loaded content, maybe you'd prefer something like isostick which is a flash drive that shows up as an optical drive as well as a USB flash drive.

If you'd rather they not be able to remove the pre-loaded content and you'd prefer to go the DIY route, you might want to read this article. It explains how you could use a tool called SMI UFDisk Utilities to create write-protected partitions on USB flash drives with Silicon Motion Inc. (SMI) controllers (e.g. Lexar USB flash drives). You can use ChipGenius and FlashGenius to find out what controller your USB stick is using.

There's another tool called DM UDisk AP (VirusTotal scan result) that claims to be able to do the same for flash drives with AppoTech DM Controllers (SanDisk, Transcend, Apacer, etc. according to the blog post).

Nevertheless, you could use ChipGenius to find the model and make of flash memory chips used in the flash drive and search for their respective manufacturer tools that allow you to create a read-only partition.

Share:
16,216

Related videos on Youtube

Mitaksh Gupta
Author by

Mitaksh Gupta

Updated on September 18, 2022

Comments

  • Mitaksh Gupta
    Mitaksh Gupta over 1 year

    I am having a 8GB pen drive, I need to put a PowerPoint into that and make it read only. Rest of the space should be usable for the user.

    Assuming the user will be using Windows only, what are my options to do that?

    I went through other answers present on SuperUser, but none could solve my problem completely.

    Is partitioning the pen drive, and then making 1 partition as read only, a solution to this? If yes, then please guide me how to do that.

    • Art Gertner
      Art Gertner over 9 years
      possible duplicate of how to write protect a USB key?
    • Mitaksh Gupta
      Mitaksh Gupta over 9 years
      no this is not a duplicate, here I am sure of the OS. so I am looking for a windows specific solution
    • Doktoro Reichard
      Doktoro Reichard over 9 years
      The problem here is that, no matter what OS you have, the end user, if he has the pen, can eventually bypass any reasonable protection you have in place. The duplicate question mentions NTFS write permissions, which may work well. Another thing you could do is to use Information Rights Management.
  • Vinayak
    Vinayak over 9 years
    Actually, I think it is possible. This website offers just that.
  • totti
    totti over 9 years
    How is it ? Is it work ?
  • lemonsqueeze
    lemonsqueeze over 9 years
    As a side note, this can also be used to have the drive present itself as a fixed drive instead of removable media, which can be quite useful in some situations.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Unable to auto mount usb and "mount: special device /dev/sdb1 does not exist error"
WinUSB - installation failed, 32512
The USB drive is read only even write protection is off
Can't boot from USB drive after copying iso with dd
Can udev be used (udev rules) to whitelist certain usb devices?
USB hard drive no shown with fdisk
"One or more partitions are busy on /dev/sd*" what to do?
The ext4 file system creation in partition failed to install Ubuntu?
Unable to mount a Windows partition in write mode
Can not manage flags in gParted on Ubuntu 16.04