Friday, 25 March 2016

Using E2B with the datAshur Pro encrypted USB flash drive

Easy2Boot allows you to boot literally hundreds of Windows-based, linux-based and other bootable software all from one USB drive. You can also keep all of your personal files and Windows\linux utilities on the same drive and carry it with you, on your keychain, wherever you go. But what if you lose it?

Does your Easy2Boot USB drive contain licensed software, company volume licence Product Keys or confidential files? Perhaps it contains a WindowsToGo VHD  or linux already set up with your Chrome/FireFox passwords, etc. The best way to keep it secure is to use one of the PIN-entry types of USB drives that are available.

After my previous blog about the (slow) datAshur Personal encrypted USB 2.0 drive and the problems I had booting from it, iStorage (the makers of the drive) sent me a datAshur Pro for testing and review.
datAshur Pro USB 3.0

iStorage have four models in their current range. Here are the basic points that concern E2B users including the price and advertised read/write speeds:



datAshur Personal  (USB 2.0) 32GB=£59       27/24MB/s  (plastic case, not epoxy encapsulated)
datAshur                 (USB 2.0) 32GB=£99      27/24MB/s  (bootable versions are available)
datAshur Pro          (USB 3.0) 32GB=£109  116/43MB/s
datAshur SSD        (USB 3.0) 30GB=£159  195/162MB/s (fixed-disk type)

The plain 'datAshur' model is apparently available in two forms (though the iStorage website does not offer two choices when ordering, so I suggest you contact iStorage first if you want to order one of these). Except for the Personal version, they are all made of aluminium with an outer aluminium case and epoxy encapsulated for extra security (though, in my experience, using any form of encapsulation can lead to overheating and loss of long-term reliability).

Judging from the stated USB speeds, it appears that the first two models have the same 'innards'.

Software-based encryption can be cracked because we can make a copy of the encrypted USB drive contents (or encrypted files on the USB drive), then transfer the copy to a nice fast system (or batch of systems) and then brute-force attack it. Although this may take a while, it is not impossible (or so I understand, though I am not experienced in these matters). Of course, for use with E2B, we cannot boot from an encrypted file anyway, so we have to use a 'PIN-keypad' type of protection.

If using a 'PIN' USB drive like the datAshur, we should be able to boot to our personal OS and/or use it as a multiboot E2B USB drive. If we wish, we can also add software encryption as well, by using Rohos or VeraCrypt, etc.

Various other companies rebrand the Pro, such as Kingston and Aegis.

The datAshur Pro 64GB

When I opened the Pro and removed it from it's plastic packaging, it was pre-formatted as:

    FAT32 (type 0x0C) 57.6GB  volume name=DATASHURPRO    type=Removable

Again, no extras were provided except a small 'user manual' card, but at least the Pro came with a strong wire loop for attaching to a key chain (see picture above).

As it would damage the USB connector to hang a heavy bunch of keys from the datAshur stick when in use, I also had to fit a hook to my key ring, so that I could easily remove the datAshur when needed, and I will attach a plastic key fob containing my phone number, in case I leave it behind anywhere (it will also make it more noticeable). Attaching a similar key fob to my car keys will remind me about it when I go to start the car before I leave it behind. The other alternative was to attach it to my keys via a long chain or lanyard, but that always seem to get things into a tangled mess!


The aluminium slide-on protective cover had no method of attaching a wire or string to it. If it did, I could have attached the cover to my car key ring, so that I would see the empty case before I started the car and left the datAshur behind!

Considering that the whole point of this device is that it is for use 'on the go', it would have been nice if these things had been thought about - key fobs would be good advertising for iStorage too! The PIN number security feature is pointless if you leave it enabled and connected to a system that is still on!

In use

When it arrived, I was mildly surprised it was formatted as FAT32 because Windows does not recommend or even allow you to format a drive larger than 32GB as FAT32. I guess this was done for compatibility with non-Windows OS's.

Not a problem, as I can use RMPrepUSB to reformat it. The previous datAshur Personal was formatted as NTFS - maybe the Personal drive I had purchased previously was old stock?

The first and only FAT32 partition on the Pro started at the first 'cylinder' = LBA 8064 rather then the more typical sector 63 or 2048, thus wasting just 4MB of usable space. The 32KB FAT32 clusters did however start on a nice even boundary (LBA 65536) which would have improved file write speed (RMPrepUSB also aligns the clusters when you format a drive as FAT32).

Strangely also, the very last sector of the drive contained a backup NTFS Partition Boot record and there was at least a partial $MFT record at the 3GB point (LBA 6200336), suggesting it had been formatted as an NTFS volume at one time and then reformatted as a FAT32 volume. The FAT32 volume contained a PDF User Manual. TestDisk could find no other files on the drive.

Note: Although you can configure these drives to be read-only, E2B requires a writeable USB drive.

A quick initial speed test in RMPrepUSB showed better read\write transfer rates than the datAshur Personal of 46MB/s read and 42MB/s write when used in a USB 3.0 port on my Z87 PC. This was confirmed using a quick Crystal DiskMark test which completed much faster than the datAshur Personal...

Initial USB 3.0 transfer rates for the Pro version.
But keep reading, it got much faster!

USB 2.0 ports gave 29MB/s read and 21MB/s write using the RMPrepUSB speed test. This seemed consistent with the USB 3.0 performance.

I re-formatted the drive as FAT32, exFAT and NTFS, and found little difference in file write times, taking 40 seconds to copy a 1.488GB ISO to a freshly-formatted datAshur Pro in each case (Windows 10 shows a 38MB/s average speed). This probably shows that the speed is limited by the encryption software.

But see below for more benchmarks...

During use, I noticed that the Pro hardly got warm, which was reassuring considering that the electronics are epoxy encapsulated.

Booting from the datAshur Pro

First, I should mention that, unlike the datAshur Personal, the Pro was detected on the EeePC's right-hand USB ports and I didn't have to squeeze the USB connector shield to make it fit more tightly. So there is obviously a difference in the USB connectors between the two models!

Windows 10 Install ISO + EeePC (32-bit, USB 2.0) test

This started well with a reasonably fast boot, however WinPE Setup reset the datAshur Pro at the 'spinning circle of dots' phase and I had to quickly re-enter the PIN. 20 seconds later it loaded the blue LOADISO console window and I could choose Home or Pro because it had successfully loaded the ISO as a virtual drive.

Note: The same Windows 10 install boot test, when run on the Acer 7741G notebook, did not reset the Pro - it loaded the LOADISO blue window and loaded the ISO as a virtual drive smoothly!

Windows To Go .VHD + Z87 PC (USB 3.0)

I tested booting a 20GB Windows 10 To Go VHD file from Easy2Boot. It booted fine the first time, but the second and subsequent times I had to re-enter the PIN during the 'spinning circle of dots' phase because the datAshur Pro had been reset. Performance was acceptable however and because my PC was already activated for Windows 10 Home, WindowsToGo was also fully activated.

P.S. Because WinToGo automatically hides the system's internal hard disks (they do not appear in Explorer), booting from a USB drive with WinToGo provides a 'sandbox' environment. If you suspect that the WinToGo OS has become infected, you can simply copy over a fresh version of the VHD and start again.

Zorin 11 32-bit .iso + EeePC (32-bit, USB 2.0) test

The Zorin ISO loaded nicely, though it was a bit slow as the EeePC only had USB 2.0 ports.
Kaspersky AV reset the datAshur Pro during booting and I had to re-enter the PIN.

Kali-linux-light-2016.1-i386.iso + EeePC (32-bit, USB 2.0)) test

Hmmm. This is strange! The datAshur Personal seemed to get reset during the early Kali boot process, but the Pro did not reset and booted smoothly. I then re-tested the Personal and that too booted to Kali fine on both the EeePC and the Z87 system with no resets. No matter how many times I re-tested the Personal I did not need to re-enter the PIN, yet it definitely did reset on previous days!

I suspect that it is something about the register state of the chipset that causes the Kali USB driver to either reset the USB bus/USB device or not. For instance, I have observed that booting first to some linux distros and then resetting the system, can cause a system to no longer power up properly. If it is a notebook, I have to pull out the power cord, remove the battery, wait for it to lose all power (pressing the power button often helps), and then re-connect and switch it on again, before it will even power-up, run POST and then boot from the hard disk again!

The state of the chipset registers can vary between a 'cold power-on' state and  a 'warm reset' state as it depends on what the BIOS and software/drivers have previously written into them. Combine this with the complication that most modern PCs are never fully off (unless you unplug the power cord), so many of the chipset registers are really only in the 'default' state after a 'cold power-on' which means I have to switch it off at the mains supply each time in order to test anything in a reproducible manner. For notebooks, you have to remove the battery too!

The datAshur Pro also booted to Kali on the Acer 7741G notebook just fine too (no PIN re-entry needed).

Acer Aspire 7741G tests

If you follow my blog, you will have read previously that I could not get the datAshur Personal to be recognised by the Acer Aspire 7741G BIOS at all.

When I tested the Pro however, it worked fine every time! So I re-tested the Personal and it still would not be detected by the Acer BIOS on power up and so I could not boot from it on any USB port. I even connected both the Pro and Personal at the same time - the Pro was detected by the BIOS, but the Personal was not.

Another strange thing - it is now much FASTER!

After booting to WinToGo from a VHD and then rebooting back to my main HDD and my main Windows 10 install, I suddenly noticed that files were copying to the Pro much quicker than before!

 A 1GB ISO was being written at an average speed of over 60MB/s now? I had not reformatted the Pro. It just now seems to be faster! I re-tested with Crystal DiskMark and got this result:

USB 3.0 results - 162/70

Testing on the USB 2.0 ports on my Z87 PC, now gives results of 42/40 (strangely similar to the initial USB 3.0 test results). For USB 2.0 however, 42/40 is very fast, so booting E2B payloads on USB 2.0 ports should show very fast speeds. The maximum theoretical speed for USB 2.0 is approx. 60MB/s and personally, I have not previously seen a USB storage device go much over 30 MB/s before on USB 2.0.

BTW: I noticed that when I went to the Properties - Optimise menu, it said the drive was 'thin provisioned'. I am not sure exactly what this means for a real physical USB device???


Even after removing the Pro and re-inserting it and changing the Disk Signature in the MBR and Volume ID in the PBR, and even reformatting it, it still treated the drive as a 'Thin provisioned drive'.

Later, when I had 40GB of files on the drive, DiskMark and RMPrepUSB gave results of 162MB/s read and 15MB/s write!!!

Copying a 5877MB file from the Pro in 38 seconds gave a read rate of approx 150MB/s and writing the same 5877MB file back, took 380 seconds = 15MB/s write - truly weird!

Reformatting the Pro to NTFS and re-testing, returned a rd\wr speed test result of 174MB/s and 74MB/s and file writes were much faster again (avg. 60MB/s). I filled the drive with files and I still got similar speeds.

iStorage confirmed that they would expect 100+MB/s read and at least 40MB's write speeds. So I am not sure why it was so slow during the first few days of testing (both USB 3.0 and USB 2.0 speeds were slower than the are now). I strongly suspect the Windows USB (UASP) Haswell drivers on my Z87 system are 'erratic'.

Summary

For use with E2B and USB booting, I am happy to say that the datAshur Pro behaves itself far better than the Personal did. It also seems more robust and is a lot faster (especially on a USB 3.0 port).

The 'OS reset on boot' problem is a nuisance however (especially as it seems to have a 'random' nature!).

During another week of solid use, the transfer rate has remained at 160\70. I really don't know why it only tested at 44/40 (even though I reformatted it many times over a period of 3-4 days!). I have noticed that the USB 3.0 (UASP) drivers on my Haswell Z87 do seem to be 'unpredictable' however (e.g. can start connecting\disconnecting USB 3.0 devices continuously some days!), so I am prepared to blame my Z87 test PC (I did not have another USB 3.0 computer available to test it on).

If you need a larger capacity USB drive, you will need to try the datAshur SSD (240GB max) but bear in mind that it is a fixed-disk type and so you will need to make .imgPTN files from your Windows ISOs or add an E2B 'Helper' removable Flash drive. Also, the maximum recommended partition size for E2B is 137GB (because many BIOSes have a USB driver bug and cannot access USB drives past 137GB).

You can ask iStorage for a sale-or-return free trial of any model.

In conclusion, the datAshur Pro is neat and fast, and apart from the 'reset on boot' problems (which all similar devices will probably suffer from), if you need a secure 'PIN-type' USB drive that is bootable, this is the one to get!

P.S. You might also want to consider an encrypted HDD enclosure such as the IODD 2541.
For a blog on the unencrypted 2531 version, see here.