How to Override Usb Write Protection at Work

Demian 8:53 am on December 1, 2011 | Answers: 1    
Tags: override, protection, usb (7), windows (154), work (3), write protected

Rate Knowledge: (1 votes)

 Loading ...

• r4pP157 8:53 am on December 1, 2011
  

  Ever found yourself at work willing to get some files out of the computer to take them home with you? You probably did more than once, and if you work in a company that has the slightest interest in security, then you probably found that usb ports and sd card slots were write protected, so you could read information from them, but not write anything to them.
  Nowadays we have the cloud where you could upload whatever you need and then download it back at home, but sometimes the internet connection is restricted and you are banned from that option as well.
  If this ever happened to you, then you know it’s annoying, but luckily, there’s a workaround for this problem.
  Before I start, please note this is potentially against your company policies and as such, you could get fired if not sued, if someone ever comes to find out what you did, so be aware of this, and know your company policies.
  Warning aside, this workaround requires some level of “hacking”, more of a social engineering which might not be possible to perform for all, so I’ll just give you the details of what needs to be done and how I did it in my case and let you find out how you can accomplish the same on your own.

  I’m assuming you have already checked it’s not your pen drive or sd card which is actually write protected (some have a switch on them) and that there’s no other possible error with the pen drive you’re trying to write to (sometimes windows won’t be able to write because the filesystem on the drive is broken and you’ll need to format it again). So the writing protection is on windows itself and it’s managed by a key in the windows registry. It usually is the same windows XP/Vista/7 when it exists:

  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\StorageDevicePolicies]

  Inside that key you have just one DWORD called “WriteProtect”. If you have a 00000001 value in it, then the usb writing is actually locked. Changing that value to 0 will turn the write protection off and you’ll be able to write into whatever you plug in to the usb or sd card ports.
  Easy, right? The only problem is that if you have this kind of security, then you most likely cannot write the registry either, which means you can’t modify the value because you have no administrator access. How do we overcome that? A bit of social engineering/soft hacking.
  You need a keylogger software which are freely available in the web, such as Steel (Download here) and, hopefully, good relationship with your system administrator.
  Just start the keylogger and be sure to make it invisible. Make some tests to be sure it’s recording everything being typed. Call your system administrator and tell him you need to install some software (such as java) which requires administrator rights to be installed and cross your fingers. The sys admin will most likely right click in your installer and select the “Run as…” option which will ask him the username and password of someone with administrative rights. He will enter the info as requested and voilà! Guess what you have now? Administrator rights!
  The hard part is over. Now you should find your CMD shortcut, right click on it, select “Run As…” and enter your sys admin data. When the console opens, just type “regedit” and hit enter.

  Now you can edit the value and save the information to the registry unlocking your usb ports. I’d recommend to lock it back again after writing as there are companies that run remote scans on the computers searching for vulnerabilites such as being able to write to usb ports, which would give you away.

  As usual, I’m here just providing information, and cannot be held responsible for your firing or imprisonment, so please, take responsability for your own actions!