Hey Jon :^)
I've got an idea involving CDO scripting...but you'd need to have a free smtp server that didn't require authentication...

The user wouldn't see anything - but there's no full guarantee this would work either.
For one, I've seen splotchy results when attempting an autorun method on a pen drive.
But give it a shot and let me know...


'SendMail.vbs
set objNet = CreateObject("Wscript.Network")
Set objEmail = CreateObject("CDO.Message")
With objEmail
 .From = objNet.UserName
 .To = "TheCaptain@Experts-Exchange.com"
 .Subject = objNet.Computername & " is using your USB!"
 .TextBody = objNet.Username & " on " & objNet.Computername & " has just inserted your USB drive."
End With

With objEmail.Configuration.Fields
 .Item ("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2
 .Item ("http://schemas.microsoft.com/cdo/configuration/smtpserver") = "smtp.gmail.com" <<<change to the smtp server to use
 .Item ("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 25
 .Item ("http://schemas.microsoft.com/cdo/configuration/smtpusessl") = "False"
 .Update
End With
objEmail.Send

Set objNet=Nothing
Set objEmail=Nothing
wscript.quit

These kind of give some 'hints' as to how-to..
https://www.experts-exchange.com/questions/21134309/Autorun-files-on-USB-pen.html
http://www.microsoft.com/whdc/device/storage/usbfaq.mspx

But Callandor found this one...
http://www.tomshardware.com/2005/09/09/windows_in_your_pocket/index.html

Beat me to it, I just found the windows in your pocket thing. I have used Bart's PE buidler before and it works nicely, thi I have never tried to make one with a jump drive.

About sending email - see http://www.beyondlogic.org/solutions/cmdlinemail/cmdlinemail.htm

That one also allows to specify your own SMTP server, which is quite helpful for your purpose.

You can specify your own smtp server with my script as well..the advantage is that if the autorun piece works, the user of the pen drive has no idea they just reported the usage...unless of course they have a firewall...

From sirbounty's microsoft link:

>Q: What must I do to trigger Autorun on my USB storage device?
>The Autorun capabilities are restricted to CD-ROM drives and fixed disk drives.
>If you need to make a USB storage device perform Autorun, the device must not
>be marked as a removable media device and the device must contain an
>Autorun.inf file and a startup application.

which really makes it sound like I'm boned, because even if I could work around it somehow, it would certainly involve having prior access to the computer in question, which is not really helpful for anti-theft purposes.

Does anyone have an opinion about whether or not one of those little round USB hard-drives would work (at least, I think I've seen them called hard-drives)?  I'm thinking it would be a lot more likely, if indeed it is an actual hard-drive.

Thanks for all your guys' input so far...

Cheers,
-Jon

Hey Jon - did you check out the last link - using Barts PE builder?

I think if it doesn't work - it would still only apply to CDs or 'fixed' drives...probably not removable for the same reasoning...

>did you check out the last link - using Barts PE builder?

Yes, but I'm not sure I see the relevance to the autorun problem...  It *was* 14 pages long, so maybe I missed something ;-)?

Cheers,
-Jon

i like where your going with this Jon.
I know there are ways to get a usb drive to autorun, but as you say all my ways involve you having access to the pc, which defeats the whole purpose.
The only thing i can think of is to put the script into a file thats named in a way that they are likley to open it. EG. bank_details wife_nude (just about anyone nude, except for me, as that would cause immediate deletion).
Lets face it if they stole your drive they allready have no morals, you may want to create a second one called owner_details with your details, and still emails, in case rou lose it and someone legit finds it.

of course if someone legit finds it they will then think you have nude photo's of your wife in your pocket all the time..... ;)

>of course if someone legit finds it they will then think you have nude photo's of your wife in your pocket all the time..... ;)

LOL!!!  I wish...  Lack of data security is one of the biggest reasons I don't have such photos (aside from the fact that my wife probably wouldn't be cool with such pics in the first place ;-)

I'm still wondering why mickeysoft designates some removeable media (like CDs) to be OK for autorun, but other media (like jumpdrives) to be disallowed.  I'm thinking that the decision was somewhat arbitrary (or at least not based in logic), since the entire MS security track record is a complete series of jokes (like a dark comedy)...

Still, the idea of baiting potential thieves has some merit - if I can load the jumpdrive with a few "interesting" files, and get them to execute (assuming someone tries to open them) regardless of extension (which seems to be a popular spammer tactic of late), then that may turn out to be a worhtwhile alternative solution...  So, at the risk of sounding like a black-hat, is there a good way to create an executable file (or script) that appears to be an image file or other "interesting" content on my jumpdrive?

Cheers,
-Jon

sorry i didn't see the link posted before

>have you heard about the (insert dreadful chord here) u3 technology?

Can you provide further info about it?

Thanks,
-Jon

take a look at this:

https://u3.custhelp.com/cgi-bin/u3.cfg/php/enduser/std_adp.php?p_faqid=179&p_created=1159842855&p_sid=9W21eMsi&p_lva=&p_sp=cF9zcmNoPSZwX3NvcnRfYnk9JnBfZ3JpZHNvcnQ9JnBfcm93X2NudD0xOTUmcF9wcm9kcz0mcF9jYXRzPSZwX3B2PSZwX2N2PSZwX3NlYXJjaF90eXBlPWFuc3dlcnMuc2VhcmNoX25sJnBfcGFnZT0x&p_li=&p_topview=1

(loooong link)

and this:

https://u3.custhelp.com/cgi-bin/u3.cfg/php/enduser/std_adp.php?p_faqid=96&p_created=1133919677&p_sid=T3CvuMsi&p_lva=&p_sp=cF9zcmNoPSZwX3NvcnRfYnk9JnBfZ3JpZHNvcnQ9JnBfcm93X2NudD0xOTUmcF9wcm9kcz0mcF9jYXRzPSZwX3B2PSZwX2N2PSZwX3NlYXJjaF90eXBlPWFuc3dlcnMuc2VhcmNoX25sJnBfcGFnZT0z&p_li=&p_topview=1

Sorry to sound skeptical, but this [U3] still sounds kind of like a chicken-egg scenario - how do U3 overlays magically run when the drive is inserted, if no sort of autorun capability currently exists (and assuming arbitrary host computers do not have U3 already installed)?

Am I missing something?

Cheers,
-Jon
 

the u3 enabled pen drive will do the work... i mean, you won't be able to make your current pen drive work like an u3 drive (but a new one would cost about $40 depending on the size)

if you plug a u3 enabled pen drive, it will show up as two drives: one, a normal usb flash drive... two, a cdrom (on which windows will execute automatically an autorun.inf every time the pen drive is inserted)

just google for usb hack and you'll see what i mean

 i've seen hacked u3 drives that do whatever the owner wants it to do, inclusding password hash stealers that conveniently  save the stolen data in the pendrive,  

this is take from http://www.cse.msstate.edu/~rwm8/hackingU3/

Two Drives in One!
The first thing you'll notice when you plug in one of these drives is that it shows up as two different disks: A USB CDROM with the title "U3 System" that takes the first available drive letter (E: in my case), and a USB Removable Disk that takes the next drive letter (F:).

More detailed information can be found when you plug it in under Linux and take a look at dmesg:

usb 1-1: new full speed USB device using uhci_hcd and address 6
usb 1-1: configuration #1 chosen from 1 choice
scsi7 : SCSI emulation for USB Mass Storage devices
usb-storage: device found at 6
usb-storage: waiting for device to settle before scanning
  Vendor: SanDisk   Model: U3 Cruzer Micro   Rev: 2.15
  Type:   Direct-Access                      ANSI SCSI revision: 02
SCSI device sdb: 990865 512-byte hdwr sectors (507 MB)
sdb: Write Protect is off
sdb: Mode Sense: 03 00 00 00
sdb: assuming drive cache: write through
SCSI device sdb: 990865 512-byte hdwr sectors (507 MB)
sdb: Write Protect is off
sdb: Mode Sense: 03 00 00 00
sdb: assuming drive cache: write through
 sdb: sdb1
sd 7:0:0:0: Attached scsi removable disk sdb
sd 7:0:0:0: Attached scsi generic sg1 type 0
  Vendor: SanDisk   Model: U3 Cruzer Micro   Rev: 2.15
  Type:   CD-ROM                             ANSI SCSI revision: 02
sr0: scsi3-mmc drive: 8x/40x writer xa/form2 cdda tray
sr 7:0:0:1: Attached scsi CD-ROM sr0
sr 7:0:0:1: Attached scsi generic sg2 type 5
usb-storage: device scan complete

Note that Linux seems to think the CD drive is a writer. Working on the side of caution against hosing the drive, I have not attempted to "burn" to this drive with cdrecord or k3b or anything. This is doubly true now that I have found a safe way of changing what's on this part of the disk, but if you want to give it a shot (and have a spare Cruzer to try it out on), email me and let me know what happens ;). There's a pretty good possibility that it's not identifying the drive correctly.

Pehaps even better, naked photo's of sirbounty

>Pehaps even better, naked photo's [sic] of sirbounty

Chuckle ;-)

marce_lito - so, if the drive isn't purchased as a U3 drive, I'm boned?  I was somewhat confused, since the U3 site seemed to contain downloads of their software to put on a typical jump drive (although I admittedly skimmed, so my assumptions may be false)...

So far, it sounds like I'm hearing "You can use U3, but it won't do what you want unless the drive was bought as a U3 drive, since the USB ID would tell windows that it needs the U3 driver which enables autorun, etc - otherwise, although you could install U3 software on the drive, only host computers with U3 already installed would handle the drive as a U3 drive"?

Is that right?

Cheers,
-Jon

> so, if the drive isn't purchased as a U3 drive, I'm boned?

short answer? yes, you are... =P

the u3 drive will tell the computer you plug it into that you plugged a normal usb drive AND a cdrom drive... it's not much about the software... linux seems to think you've inserted a usb cdrom drive as well as windows, and windows' default configuration will execute autoruns on cdroms...

i've seen only one u3 pendrive (a sandisk drive) actually... i live in Ecuador, so those kinds of technological toys are not so popular neither much available as i may want... the drive i saw was hacked in a way that it would steal your password hashes and other sensitive information if you plugged into your computer... very dangerous device... i've seen it and it works... but i haven't had much chance to examine such a device... i've been reading a lot, though and i wanna buy one of my own, but it's a lot more expensive to bring one here than buying one in the us or everywhere else... the last time i checked, it could cost like $120 to bring a 512 MB one, and that's serious money here...

i've also seen autorun.inf files on other usb drives... they work, but they ask for confirmation (at least in my version of win xp pro service pack 2)... they work partially as they put the default action when you plug them as "Open folder to manage files" (or something like that, i have windows in spanish), but they are really executing the payload you configure them to do... something like phishing, but with a pendrive..

my point is, as pendrives in the us and other countries are fair cheap, you could buy a u3 pendrive, and give the old pendrive to AndrewJDavis so he can save naked photos of sirbounty =P

I propose a split between Stone and sirbounty - the correct answer seems to be "it can't be done with your hardware".

Bummer, but at least it's good to know one way or the other.

I'll execute the split soon if no one objects.

Cheers,
-Jon

Thanks for the points.

Thanx Jon. :^ )