CIRCLean - USB key sanitizer

CIRCLean

Malware regularly use USB sticks to infect victims and the abuse of USB sticks is a common vector of infection (as an example Lost USB keys have 66% chance of malware).

CIRCLean is a independent hardware solution to clean documents from untrusted (obtained) USB keys / USB sticks. The device converts automatically untrusted documents into a readable format and stores these clean files on a trusted (user owned) USB key/stick.

The code runs on a Raspberry Pi (a small hardware device), which also means it is not required to plug or open the original USB key on a computer. CIRCLean can be seen as kind of air gap between the untrusted USB key and your operational computer.

CIRCLean does not require any technical prerequisites of any kind and can be used by anyone. CIRCLean is free software which can be audited and analyzed by third-parties. We also invite any organizations to actively reuse CIRCLean in their own products or contribute to the project.

Usage

CIRCLean is designed to be used by everyone and the following visual shows how to use in 8 easy steps.

Simple visual explanation of the USB cleaner

Step 1

Unplug the device:

Step 2

Plug the untrusted key in the top usb slot of the Raspberry Pi:

Step 3

Plug your own key in the bottom usb slot:

Note: Make sure your own key is bigger than the untrusted one. The extracted documents might be bigger than the original ones.

Step 4

Connect the power to the micro USB:

Step 5

If you have a Raspberry Pi with a diode, wait until the blinking stops:

Else, plug a headset and listen to some music during the conversion. When the music stops, the conversion is finished.

Step 6

Unplug the device and remove the USB keys:

How to get your own instance

The source code with all the sources to convert the content and the scripts needed to build your own image to write on a SD card are available.

If you prefer to use a pre-build image (last update: 2014-05-20), you can use CIRCLean (2014-05-20).

Please make sure you received the right file by checking the hash:

  • MD5: b02e5e94fdf595500eea07cee7f5488a
  • SHA1: a195e255a6cc33108fbe4fb81d33b0b5290f8d3a
  • SHA256: 98733f7c96d0905c0f5e32672b54b08bdd13264c77540016d13bd37029cb4b01

You can also verify the integrity of this web page by checking the PGP detached signature.

Copying the pre-build image to an SD card

While copying the pre-build image, make sure the destination disk is the SD card and not your disk.

MacOS

Find the raw disk identifying your SD card (something like diskN where N is the higher value) :

diskutil list

If the SD card is already formated and mounted, you need to unmount it (replace N with the value found):

diskutil unmountDisk /dev/diskN

Then you can copy the image to the SD card using dd:

sudo dd bs=1M if=2014-05-20_CIRCLean.img of=/dev/diskN

Linux

Find the raw disk identifying your SD card (something like /dev/sdX1 where X is character):

df -h

The disk is most probably mounted and need to be unmounted before the copy:

umount /dev/sdX1

Then you can copy the image to the SD card using dd:

dd bs=1M if=2014-05-20_CIRCLean.img of=/dev/sdX

Windows

As recommended by the RaspberryPi, Win32DiskImager utility to copy the file image to the SD card. You can also use dd for Windows.

Technical details

The sanitizing is done by converting and copying the content of the untrusted key to the trusted one. It is based on the mime type of the files, you can have more details in the README.md file of the git repository. Also, a short description of all the scripts is available in the same file.

Changelog

Version 1.0 - 2014-05-20

  • Based on Raspbian Jessie
  • Fully automated tests with Qemu
  • Mimetype: support of PDF, Office documents, archives, windows executables
  • Filesystem: USB keys have to be formated in vfat
  • Support of multiple partitions
  • Renaming of autorun.inf on the source key
  • Operating system is read only
  • Use pdf2htmlEX v0.11