How is floppy drive write protection enforced?

Discussion in 'other security issues & news' started by Devinco, Jul 3, 2004.

Thread Status:
Not open for further replies.
  1. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Hi Everyone,

    I've always taken floppy write protection for granted, just flip the tab (3 1/2") and it is safe. But I would like to understand how the write protect mechanism actually works. I've searched Wilders and Google, but haven't found anything yet so I thought I'd ask here.
    From what I understand when you put in a write protected floppy some kind of sensor (either mechanical or optical) detects there is a hole open in the floppy. But then what?
    1. Is the write protection enforced there in the floppy drive? So when the OS tries to send data to it the drive says to the OS no go?
    2. Or does the drive merely pass the "write protected state" (or signal) on to the floppy controller? So when the OS tries to send data to the drive, the floppy controller says to the OS no go?
    3. Or does the drive pass the "write protected state" on to the floppy controller which then passes it on to the OS? In this case, the OS would be the one enforcing the write protection.

    I would think that option 1. would be the safest least corruptable method.
    If write protection is controlled (enforced) by an OS driver only (option 3.), could it then be compromised by malware?
    Even if write protection is controlled by the drive (option 1.), could 32 bit drivers like what are in Windows be compromised to ignore or bypass the write protection and write to the floppy any way?

    Thanks
     
    Last edited: Jul 3, 2004
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,770
    Location:
    Texas

    (I removed my erroneous statement.)

    Floppy

    This site says some operating systems can protect floppies. Link
     
    Last edited: Jul 3, 2004
  3. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Hi Ronjor,
    Thank you for the reply and links. They are very informative. I read the article twice and followed other links there, but maybe I am missing something.
    The article says:

    That means that the protective dust cover window on the floppy disk(that protects the media) is mechanically opened and closed. But the Write protect switch has an optoelectronic sensor to determine write protect status.
    Does the optoelectronic write protect sensor directly control the opening and closing of the protective dust cover on the floppy disk?
    I thought the dust cover on the disk is automatically opened when the disk is inserted?
    If the dust cover is not controlled by the optoelectronic write protect sensor, then where is the signal from the sensor sent to?
    Then what prevents the writing to disk?

    Thanks
     
  4. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,770
    Location:
    Texas


    The read/write heads do not touch the diskette media when the heads are traveling between tracks. Electronic optics check for the presence of an opening in the lower corner of a 3.5-inch diskette (or a notch in the side of a 5.25-inch diskette) to see if the user wants to prevent data from being written on it.

    That is a quote by the way. :cool:
     
    Last edited: Jul 3, 2004
  5. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    So then are you saying that the enforcement of the write protect mechanism is self-contained within the drive itself and independent of the floppy controller and OS?
    So let's say a malware infested OS with compromised floppy io driver sends a command to the floppy controller to write to the floppy (and perhaps ignore the reply that it is write protected). The floppy controller then sends a command to the drive to write to disk. Within the drive the electronic optics first determine that the disk is write protected before the write head moves into position. And because it is between tracks the write head is not touching the media, so no writing can occur. This write protection mechanism is electronically controlled (not by software) and cannot be compromised by malware.
    Is this all correct?

    Thanks
     
  6. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,770
    Location:
    Texas

    Under the scenario you decribe, ignoring the write protect mode, I suppose it would write to the floppy.

    And, I suppose, any firmware coded into the floppy controller "could" be compromised from the start enabling malware to do damage.

    What do you think?
     
  7. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    I think you are right. Firmware is probably too specific to each drive for them to target. But the OS floppy io driver is universal, that is my concern. When the floppy drive system was developed I think the designers made the write protect feature as an end user convenience so they would not accidently overwrite their files. How could they have imagined that software would be deliberately used to try to defeat it?
    I guess there is no such thing as absolute security. Just do the best that you can and move on.

    Ronjor, Thank you very much for helping me to understand this, it is appreciated. :D.

    P.S. To anyone reading this, if you have any knowledge about malware having successfully bypassed the floppy write protect mechanism, I (and probably others at Wilders) would be VERY interested - please post here. Once it is discovered, perhaps we can find a way to protect against it. Thank you
     
    Last edited: Jul 4, 2004
  8. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    For those interested, here is a blast from the past that provides some more info on the subject:

    The Risks Digest

    There were several relevant posts, but here are the two that I found most interesting:

    and
    So what I understand from this is:
    1. In the original floppy drive design, write protection enforcement is controlled within the drive itself and cannot be circumvented by malware. Unless the drive has firmware, which the malware could then maybe flash. Due to the drive specific nature of firmware this is highly unlikely although it is theoretically possible.
    2. Due to manufacturers never ending quest to save a cent, they may have changed the original design to save money. In today's market, if it would save them a fraction of a cent in manufacturing cost, (at the expense of security), I'm sure they would do it. So, if manufacturers did not stray from the original design, then floppy write protection is pretty safe from malware. If they did stray from the original design, then who knows?

    The info from the above posts is dated (circa '89), so any new info on this subject would be appreciated.
     
  9. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    Just rest assured than when you have the tab on the floppy in the write protect position the disc cannot be written to. It is a mechanical device and malware is not able to move that tab ;) It is just like a VHS video tape. With the plastic tab in position you can record but when you break out the tab you can no longer record to it unless you place a stiff piece of tape over the hole in place of the tab. Floppy works the same way except that you slide the tab into position instead of breaking it out so you can reuse the disc.
     
  10. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Thanks BigC,

    That's good enough for me.
    Should new info on this subject appear, I'm sure we will hear about it here on Wilders.
     
Loading...
Thread Status:
Not open for further replies.