This instructable shows you how to make a cheap (<$20) and compact USB Write Blocker.  This device will allow you to block USB write operations to your flash drives.  Why would you want to do this?  Reason 1: Your friend asks you for help with their computer.  You stick in your flash drive full of all your fun security tools.  His anti-virus software starts deleting your stuff.  Now you have to reload your flash drive.  What an inconvenience.  Reason 2: You are doing some sort of forensic investigation and notice some flash drives near the system you just confiscated.  You want to look at them without altering them.

This device was originally presented at Black Hat Europe 2012.  The code is somewhat commented, but it might be somewhat challenging to understand without the background as presented at Black Hat.  You should be able to get my white paper and PowerPoint slides from blackhat.com, so I will not repeat that information here.

There are two possible packages for the write blocker.  Both use the same code.  If you are soldering phobic, you can buy an FTDI Vinco development board for around $30, upload the software, and you are done.  If you want to have a much smaller device you should get a FTDI V2DIP1-32 development board (about $18) and an old USB cable to be used for its connector.

Step 1: Get Parts

You will need either (a FTDI V2DIP1-32 and a USB cable) or (a FTDI Vinco development board) to complete this project.  You will also need an FTDI Debug module in order to program your device.  All of these items should be available from your favorite electronics supplier. 

Step 2: Construct Device

If you opted for the Vinco, there is nothing to do.  If you opted for the cheaper and more compact V2DIP1-32 device there are 4 wires to solder.  Note that the red wire in the picture was from a little soldering goof on my part.  I accidently pulled the +5V pad off the board so I ran a jumper to the only other +5V pin on the board which is attached to the debug port.

Cut your USB cable.  If it has the standard wire colors construction should be very easy.  If you are like me, you probably have at least one USB cable with the full size B connector (for a printer or similar) taking up space, so these are good choices for sacrificial cables.

Strip the 4 wires in the cable.  Solder them to the board using the table below as a guide:

Pin #  Wire Color  Function
____  _________  _______
1       Red           +5V
4       Green        USB D+
5       White         USB D-
7       Black         Ground

You may want to apply some hot glue AFTER you test the connections to make sure things are nice and rigid and you don't strain the wires by pulling on the cable.

Step 3: Program the Device

Program the device using the code in the attached zip file.  Note that this file has been updated from what I originally uploaded.  There was a small problem with the original file (a pathname was wrong) that was easily fixable, but I wanted to make sure it was 100% correct as is.  Also, this file is meant to be compiled with version 1.4.4 of the Vinculum toolchain.  I am looking into what this is, but FTDI broke something in version 2.0.0 and this device no longer works.  Here is the back door way of downloading this old version.  Follow this link http://www.ftdichip.com/Firmware/vnc2toolchain/Vinculum%20II%20Installer%20V1.4.4.exe 

Also, please note that a few users have reported problems with 64-bit Windows 7.  I'm looking into this, but for the moment I have verified this to work on 32-bit Windows, and both 32-bit and 64-bit Linux without any issues.  Speaking of Linux, if you are wanting to build this device to do forensics stuff under Linux, I would recommend you have a look at my instructable for The Deck and in particular have a look at the 4Deck module.  The 4Deck will allow you do do write blocker at high speed USB on your Linux system, while the write blocker described here only does full speed. 

Step 4: Use It

Plug a thumb drive into the device first, then connect the device to a computer.  After a short delay your device should be recognized.  Note that this may take slightly longer than usual as this device operates at USB full speed only.  Also, if you are using Linux (if you aren't you should!) be aware that Linux loads more up front than Windows so the delay is more noticable.

If you notice any bugs or glitches, please let me know.  You can find me on Twitter at @ppolstra.

<p>Hey, is it possible to prevent writing and reading using this device. Would I only need to change the code or is there more to be done? </p>
If you want to prevent both, you could certainly do so with this device, but it would be easier to just make a device with only the power lines connected if you are trying to make a &quot;USB condom&quot; for a charger, etc.
<p>Thanks for confirming that. I'm experimenting with security and intend on allowing read/write commands to be read when a certain criteria is met. I'll be using the larger board for this but if you don't mind, how exactly are the write commands blocked? Does the device send a false positive signal back or does an error occur when you try to write to it in Windows?</p>
<p>The commands are whitelisted. Only safe commands are passed through to the USB drive when writeblocking is enabled. It is faked otherwise. I initially responded with &quot;unsupported command&quot; when you tried to write, but Windows is so stupid it will get stuck in an infinite loop when it repeatedly tries the command so now I just say it worked, when it really didn't.</p>
<p>I see, that's what I presumed happened. Although the development module may not allow it, I'll be experimenting with RFID sensors to &quot;unlock&quot; Read/write access. Thanks again for the useful information.</p>
more than one pic would be nice
I add a few more pictures. I have included pictures of the Vinco option, debug module, and device with drive attached.
Hi, the of FTDI Vinco development board is VNCLO-MB1A? Thank you!

About This Instructable


8 favorites


Bio: Born at an early age and causing trouble ever since.
More by ppolstra: The Deck - Portable Penetration Testing and Forensics System Cheap and Effective USB Write Blocker Fun Hackable Speaker Timer
Add instructable to: