Have you ever wondered if it is possible to automatically and silently hack into a computer to steal important data or plant a backdoor by just inserting a USB flash drive? It was possible on Windows XP computers by using a U3 smart drive due to the weak built-in security on the operating system. A U3 smart drive by SanDisk or Memorex looks exactly the same like any other normal USB flash drive except it comes with an additional emulated read-only CD-ROM partition along with the removable storage disk drive. Plugging in a U3 smart drive will show up 2 drive letters in Computer rather than just 1.
The original purpose for a U3 to have an emulated CD-ROM on a USB flash drive is to automatically run applications such as the U3 Launchpad which is similar to the Windows start menu when the U3 smart drive is inserted to a computer using the Windows AutoRun feature. This is similar to inserting a software installation disc to a computer and an installer menu will automatically appear. To turn your U3 USB smart drive into an ultimate hack tool, all you need to do is modify the content on the emulated CD-ROM such as the autorun.inf to instruct Windows to automatically run your payload instead of the U3 Launchpad when the drive is connected to a computer.
One of the most popular and easy to use payload is called USB SwitchBlade. The package comes with a universal customizer tool that writes a custom ISO image file to the U3 partition and the payload that is copied to the storage drive can be configured by running the application and check the appropriate boxes. Here are the steps to install USB SwitchBlade payload to a U3 smart drive.
1. Plug in your U3 smart drive to your computer.
2. Download Universal U3 CD-ROM Customizer (Universal_Customizer.exe) and extract to a new folder.
3. Run Universal_Customizer.exe as admin (Right click > Run as Administrator). If you received an error message like the one shown below, you are probably using an older version 184.108.40.206 that only works on XP. Make sure you download the Universal Customizer version 220.127.116.11 from the link provided by us.
U3 Customizer can only customize one device at a time. Please eject all devices except the one you want to customize.
4. Select Accept and click Next.
5. Click Next again.
6. Change the location of the backup if you need to and specify a password to protect the backup file.
7. Click Next and the updater tool will start backing up your files from your U3 smart drive and then write the USB SwitchBlade payload to the emulated CD-ROM drive.
8. Download -=GonZor=- Payload Config tool and extract the files from archive to the storage drive of the U3 smart drive.
9. Run SBConfig-V2.1.5.exe from the storage drive and check the boxes that you want the payload to be active. For example, checking the “Dump Firefox Passwords” option will attempt to extract all the passwords saved in Firefox and save it to the storage drive.
10. Click the Update Config button once you’ve completed selecting the payload options.
Your ultimate USB hack tool is now ready. Simply plug in the U3 smart drive to an unpatched Windows XP computer and it will automatically run the payload invisibly to extract and save the information to the storage drive on your U3 smart drive. The whole process should take about 30 seconds to a minute to complete depending on the speed of the computer and also the amount of data to dump.
Page 2 contains instructions on how to update the tools within the payload and also important information about this technology.