Drive Badger: open source platform for covert data exfiltration operations, ranging from small computers to big servers.

contact@drivebadger.com

Overview

Drive Badger is developed and periodically retested on our own hardware.

Additionally, we are sometimes permitted to test it on other hardware. Below you can find logs from such tests.

Hardware list

Dell PowerEdge R710 server (2009 model, Xeon E5504, LSI MegaRAID SAS 1078)

Tested in March 2021. Found problems:

  • no USB 3.0 (UASP on USB 2.0 still worked), this is a known problem
  • Kingston DataTraveler G3 pen drives (3 different pieces) were not recognized (SanDisk Extreme Portable SSD and PNY Elite Portable SSD were recognized properly on both front and rear USB ports), this is a known problem
  • graphical mode didn't work (crashed the whole machine before X finished loading)
  • LSI MegaRAID SAS 1078 didn't properly reported SMART for drives - drive serial numbers were not recognized, but it didn't affect the functionality

MSI Omen GL75 9SC (Core i7-9750H)

Tested in April 2021. Found problems:

  • both USB 3.0 ports on the right side work improperly with USB Storage devices under Linux and cannot be used to boot Drive Badger, this is a known problem
  • in graphical mode, built-in touchpad doesn't work (this is a common issue for MSI laptops)

HP ProLiant ML110 G7 server with front panel opened by force (without key)

Tested in April 2021. Found problems:

  • drives were not spinning, most probably there was no power in the drive cage (effect of breaking in to the case?) - this was probably related to lots of errors referencing very similar device number, as topology visible in /dev/disk/by-path
  • P410 controller reported itself empty
  • however 2 RAID1 devices were visible in /dev/disk/by-path, but inaccessible when trying to access them

Lenovo V14-IIL (Core i5-1035G1)

Tested in April 2021. The only found problem is the one descibed here (V14-IIL is an Ideapad model without Novo Button, without classic boot menu).

Fit-PC2 by CompuLab (Atom Z530)

Tested in April 2021. Found several problems:

  • no LUKS support
  • Intel GMA 950 has problems supporting WQHD and 4K monitors - HDMI signal is switching off right after loading gma500 Linux kernel module (after boot, but before asking for LUKS password for persistent partition)

Sony Vaio PCG-7V1M / VGN-FE48M (Core 2 T5500)

Tested in June 2021. All 3 USB 2.0 ports didn't allow booting from USB device (tried 3 different devices: SanDisk, PNY, Kingston), even when properly configured in BIOS, and the same devices were visible by preinstalled Windows 7.

MSI Leopard GL75 10SCXR (Core i7-10750H)

Tested in June 2021. Found problems:

  • in UEFI boot mode, Kali Linux Live in both 32/64-bit variants is completely skipped during boot, and also not seen in boot menu - booting Drive Badger requires going into UEFI settings and changing boot mode to Legacy (this is a problem, since UEFI settings can be password protected)

MSI GF63 Thin 10SC (Core i5-10300H)

Tested in September 2021. Found problems exactly as in the above MSI Leopard GL75 10SCXR.

HP ProLiant Microserver G7 (AMD Turion II Neo N54L)

Tested in December 2021. Found problems:

  • several problems with recognizing network interfaces and DHCP on current Linux kernels (solution: install firmware-linux-nonfree package, duplicate eth0 or enp0s* entries in /etc/network/interfaces file for interface name enp2s0)
  • specific method of internal drives enumeration on G7 in connection with LUKS-encrypted drives, make Kali Linux in Encrypted Persistent Partition mode to ask for LUKS passwords for these drives first. Kali won't start, until you enter the proper LUKS passwords for all such drives, or disconnect them. You need to reconnect them right after entering LUKS password for your persistent partition, to allow them to be detected when Drive Badger starts.

From the founder...

Being in IT security business for almost 25 years, I realized, that breaking protections (or preventing it) is becoming less and less important. We are not living in Outlook Express times anymore...
The key point is the ability to keep the privileges permanent, once obtained. This becomes more and more difficult, as IT systems get more and more complicated - and this is exactly the goal of Drive Badger project: to give non-ITSEC people the ability to keep either the privileges, or the outcome of the successful break-in.