Disable all write functionality due to customer security requests

fastgeek 2014-03-19 17:44:31 UTC #1

Hello folks,

Spent some time searching this sub-forum before asking and see that most requests such as these are met with a healthy degree of skepticism regarding trying to fool copy protection and what not; that's not the case here. However seems that all of those threads are quite old... so new thread time!

This is a 100% honest, no kidding request to neuter some rather expensive drives into CD/DVD/BR ROMS. :eek:

I work in the semiconductor industry and we are getting a lot of pressure to disable ALL BURN FEATURES on our systems BluRay burners due to customer security concerns. And I do mean everything: CD, DVD and BR. It's irritating... but the customer is the customer!

Before someone states the inevitable, these are slim-line drives, so the market is extremely limited. Additionally we only buy devices with multi-year road maps; so just buying whatever is available at NewEgg / Fry's isn't an option.

The two drives in question are a Sony / Optiarc BD-5850H, which went EOL and has since been replaced with a Teac BD-W26SS-B. I've contacted Sony & Teac directly... but am reaching out to the community too.

Right up front - I know absolutely nothing about modifying firmwares! But would it be possible to dump the FW from the drives, modify them accordingly and flash as/when needed?

Thank you!
Jason

_Jethro 2014-03-19 19:16:01 UTC #2

Just buy rom drives

Liggy 2014-03-20 01:05:22 UTC #3

It could be possible to disable burning by modifying the firmwares. However the Optiarc firmwares are encrypted and so far nobody has figured out how to decrypt and re-encrypt them.

No idea about the Teac drive though

DoMiN8ToR 2014-03-20 01:46:11 UTC #4

Welcome to the forums fastgeek, what an interesting question! Liggy has lots of experience with patching firmwares, so if anyone knows, it’s probably him. Maybe you can supply a firmware dump? Also wouldn’t it be possible to limit the OS to not allow burns? I guess this is because they don’t want people to store things off the network? (like trade secrets etc.)

roadworker 2014-03-20 02:52:55 UTC #5

[QUOTE=DoMiN8ToR;2722877]Also wouldn’t it be possible to limit the OS to not allow burns?[/QUOTE]
You can disable windows IMAPI for limited user accounts,and prohibit software installations,but there are still portable burning programs which can easily circumvent such restrictions…

fastgeek 2014-03-21 18:15:47 UTC #6

Sorry for the delay… only had a notification of the first reply and just happened to look at this browser tab. D’Oh!

Actually I’m working with Group Policies for Removable Drives to enable/disable write access. However, even if it does work, the customers may not accept it as it can easily be reversed. Chances are we’ll pay Teac for a custom firmware; but options are good!

No worries about the Optiarc. We already figured that we would have no choice but to replace those drives with Teacs since Sony got out of the optical drive game… but would’ve been nice.

If someone can tell me how to dump the firmware off the Teac I’d be glad to do so!

Oh, and DoMiN8ToR, yes, something like that. Getting any kind of media in and out of a fab/foundry is next to impossible… but customers are growing increasingly paranoid. This whole thing is a double edged sword, since it limits our ability to make protected backups of the system; but that old saw about “The customer is always right” applies here… no matter how much I disagree with it! The easy solution would be to use ROM drives. But despite what Jethro may think, finding [u][i]slim line drives[/u][/i] is hard enough as it is; let alone a pure ROM drive. Matter of fact, most (if not all) drives that are listed as “DVD-ROM” still have the ability to write CD’s. Add in BluRay to the equation and it gets even more frustrating. Teac tells me they have such a drive, but it’s already EOL and suggesting we use a known EOL product to the product management teams would go over like a lead balloon!

Thanks again,
Jason

chef 2014-03-22 08:22:32 UTC #7

And? The user can just boot a live cd/dvd, your policies become useless!

fastgeek 2014-03-22 08:49:57 UTC #8

[QUOTE=chef;2723098]And? The user can just boot a live cd/dvd, your policies become useless![/QUOTE]

You are correct. However these machines run inspection tools; if they go down the tool goes down. This isn’t something that can “just happen” without a lot of people being aware of it. Plus getting media into the facility in the first place is a major challenge. The policy idea is merely an “in addition to” idea.

roadworker 2014-03-26 07:56:05 UTC #9

If your costumers are on a network,you can centralize imagefiles on the server and let them mount those they need…that way,you can leave out optical drives altogether…

fastgeek 2014-03-26 11:43:23 UTC #10

Am currently trying to find a utility to grab the firmware; however haven’t had any luck so far. If someone has a suggestion as to what software can accomplish this it would be most welcome!

[QUOTE=roadworker;2723575]If your costumers are on a network,you can centralize imagefiles on the server and let them mount those they need…that way,you can leave out optical drives altogether…[/QUOTE]

Unfortunately that’s not an option. The optical drive is critical to system updates; in which case the system is booted from a WinPE disc. Also keep in mind that a semiconductor customer fab is not your typical corporate environment… the rules and restrictions are absolutely mind bending!