[ubuntu-uk] Photo keyring compatible with standards?

Alan Pope alan at popey.com
Tue Jan 20 17:27:56 GMT 2009 

2009/1/20 Christopher Swift <chris.r.swift at googlemail.com>:
> Bus 002 Device 002: ID 1908:1320

Via google I found

http://tppl.net/cgi-bin/avantify.cgi?url=08/12/29/0155249&threshold=3

Second opinion - scanning another 1.5" photo frame (score: 3, Informative)
by AYeomans (322504) <ajvNO at SPAMyeomans.org.uk> on Monday December 29, @03:58PM

Here [virscan.org] is the virscan.org scan of the DPFmate.exe file on
a similar photo keyring. This scans almost clean, with the only
warning being "Suspicious - DNAscan" from QuickHeal.
All sounds to me that the Walmart photo frame may be truly infected.
Interesting to see if a re-scan gives the same results, after AV
signature updates.
To identify my photo frame, it has USB vendor code 1908:1320, and
gives dmesg output as

    [ 1615.074173] scsi 2:0:0:0: CD-ROM buildwin Photo Frame 1.01 PQ: 0 ANSI: 2
    [ 1615.131784] sr1: scsi3-mmc drive: 40x/40x writer cd/rw xa/form2 cdda tray
    [ 1615.132336] sr 2:0:0:0: Attached scsi CD-ROM sr1
    [ 1615.132793] sr 2:0:0:0: Attached scsi generic sg2 type 5
    [ 1618.229611] ISO 9660 Extensions: Microsoft Joliet Level 3
    [ 1618.243632] ISOFS: changing to secondary root

and has files on it

    -r-xr-xr-x 1 a root 49 2007-12-13 17:07 Autorun.inf
    -r-xr-xr-x 1 a root 135904 2008-07-25 11:46 DPFMate.exe
    -r-xr-xr-x 1 a root 1344 2008-05-19 18:53 flashlib.dat
    -r-xr-xr-x 1 a root 22044 2008-07-23 16:15 LanguageUnicode.ini
    -r-xr-xr-x 1 a root 96281 2008-06-11 16:29 MacDPFmate.zip
    -r-xr-xr-x 1 a root 758 2008-07-07 12:21 StartInfoUnicode.ini

Hey, I always stick odd USB devices into Linux first to check them out.
For background info, this photo frame does nothing when first
connected. You can set it to "transfer" mode, at which point it
emulates a USB CD-ROM of 304 Kbyte size. That CD image tries to
autorun the DPFmate software to compress and transfer images to the
device. The photos are *not* visible on the device through normal
access, must have transferred them to a hidden area. I'd be interested
if anyone has more info on the USB protocols used.

Cheers,
Al.

More information about the ubuntu-uk mailing list