💽 A journey into USB virtual CD-ROM

Context

I ran on a weird USB stick the other day. I plugged it and two disks appeared on my computer. I tried to remove and format both of them, but a CD-ROM like didn’t even have the option “Format”. 😕

I couldn’t do anything with most of the drive so I searched on how to remove this useless thing and reclaim the memory capacity.

📖 What is it?

First of all, you need to understand what’s the difference between drives, disks, volumes, partitions, etc.

The following is only a quick and non-exhaustive explanation:

1. Disk and drive ¹

Historically, a ‘drive’ is the whole physical object with mechanics, head assembly and associated electronics while a ‘disk’ is the spinning media in it. Nowadays, both terms are used to refer to any storage device.

2. Partition and volume ²³

Inside a disk, we can divide the memory into multiple spaces called ‘partitions’. A ‘volume’ is any memory area (or partition if we want) associated to a file system.

3. File system ⁴

“The file system is used to control how data is stored and retrieved on a volume. It’s the practical way to store data organized into files and directories instead of unordered and unrelated bytes.

The file system takes care of the file content and structure (tree). Directories and files are given properties (like read only) and access permissions.”

Here’s a little diagram to explain it:

Diagram of logical objects inside a memory!

From this diagram and the explanations above, we can definitely say that partitions and volumes are really close. We’ll refer to partition for more technical purposes while the term volume can be used by anyone, when we see multiple volumes mounting on our computer.

Now that we’re all on the same page, we can return to our topic: what’s the secret about this drive?

🔎 Recon

Logical

As I said before, this specific USB key is divided into two different devices that appeared on my computer. I first used Disk Management⁵ and Diskpart⁶ on my Windows to do a primary reconnaissance.

Detection of disks, partitions and volumes with Disk Management


Detection of disks, partitions and volumes withDiskpart

The first device has a partition (with a volume) that is less than 500MB. It is formatted with a standard file system (FAT32) with common read/write permissions on files and directories.

The second volume is around 1.4GB. It has the distinctive type of ‘CD-ROM’ and it appears to mount as a CD-ROM formatted with a CDFS⁷. This file system is specific to Compact Disc and its main features are to ‘write-once’ and ‘read-only’.

I then did another reconnaissance on a Linux host, to see if there was any difference or more specific detail to found.

I started to list the available devices with lsusb⁸ to see if the drive is identified.

Detection of devices with lsusb

My pen drive is well recognized as a single physical flash drive, so I continue and list the memory areas with df⁹ and lsblk¹⁰.

Detection of memory spaces with df and lsblk

Both tell similar information that I can now note for later such as:

• the Linux /dev¹¹ directory identifies two logical devices: sda and sr0;
• sda is a standard disk with one partition on it (450MB) formatted with VFAT type of format;
• sr0 is a ROM device, no partition is detected, but it is formatted with an ISO9660¹² type of format.

Just like in Windows, I could retrieve most of the information. In addition, I know that as CD-ROM can’t handle partition, so the memory space is evaluated directly as a volume with an ISO9660 format (CDFS respects this type). Another tool can give additional intel about disk, see sfdisk¹³ for more.

Then I tried to format both of them with parted¹⁴ and dd¹⁵ but without any success.

🪓 Pop it open!

During my interminable researches (my fault: I started by the wrong end), a vaste majority of forums were indicating tips and tricks that didn’t worked for me. And after a while, I found a comment suggesting to open to drive case.

My (so-called) weird USB stick.

And as I was doubtful about this ROM thing, I opened it to make sure there wasn’t a physical ROM chip inside (I was so wrong with this idea 🤫).

USB opening!

From there, I had access to the electronics and the chips in particular. I confirmed that there wasn’t any physical ROM chip and like a large majority of flash drives, it is composed of:

• A plug;
• A mass storage controller chip;
• A NAND flash memory chip.

Front and back of my USB stick.

I didn’t open this USB key just for fun (as you might guess) but to get information about those chips. Indeed, references written on their cases can help me to find the manufacturer and maybe some official documentation.

Zoom on chips references (SM3257QAA and H27UAG8T2CTR).

After researches on both of them, only the mass storage controller chip ends to something. With a simple query of the chip reference in a web browser, I was able to found it on Flash Extractor. This website provides a large library of USB analysis and softwares for data recovery.

📝 Note: Deeper into USB logical structure and mechanism: USB in a NutShell.

Finally, I succeed to find the perfect tool for my need: SMI Mass Production Tool¹⁶. This software allowed me to scan my USB port and re-configured my drive but I can suppose it works only for SM32xx mass storage controller chip.

⚠️ Warning: This software does not work for every flash drive.

🤔 Why need of such a thing?

The main use case of virtual CD-ROM is that it is very useful to work with ISO images librairies.

The second use case is just to simplify CD-ROM usage when you’re working with a lot of it. Virtualizing a large amount of CDs on a hard drive can be really helpful so it gives the advantage of portability.

The last one, this one, is to forbid the user to modify the content of the volume. Indeed, as this volume is formatted with CDFS, I can’t change a single file in it or format it with another file system.

🙌 Remove a virtual CD-ROM volume

To remove this virtual CD-ROM, I first need to scan the USB port on my machine to see if the software detects it.

Scanning USB port with SMI_MP_Tools.

Next, I need to configure what I want instead. To do that, a setting button is available. The configuration is blocked by a password but a quick query give me the answer (password is “320”) and I can select the default configuration default.ini. In the configuration, there is whole bunch of stuff I don’t want to mess it up so I change only what I need, eq:

• erase all block on the memory chip;
• format it with FAT32 file system;
• set the size to the entire drive (1920MB for me).

Setting the right parameters.

Validate, I click on my drive and hit “Start”, a pop-up ask to confirm to erase all the blocks, type yes… Bam! ~30 secondes later, operation succeed.

SMI_MP_Tools interface on success.

Final check on the computer, and it’s done.

😈 Create a virtual CD-ROM volume

To re-create a virtual CD, nothing too complicated. The settings give the possibility to specify a path to make an autorun. This path must specify an ISO image that will create a CD-ROM.

We can create an ISO image with ImgBurn. Simply drag and drop some files we want in the ISO image, select ISO9660 file system, like the one I had before, hit Run.

Screenshot of ImgBurn software.

We can now select this image in SMI Mass Production Tools. We also want to choose the size of the public partition (it needs to fit with the available size due to the virtual CD-ROM volume).

Setting the right parameters.

Once complete, we can start the process and we’ll have a nice read-only CD-ROM volume and a public USB key of the specified size.

Screenshot of the two newly created devices.

⛏️ Digging further down

To go further, I would look into the “Device Descriptor”, see where and how this virtual device is defined by the manufacturer into the SMI Mass Production Tools software, probably with a little of reverse.

And maybe I’ll write another post on it. 😉