Close
0%
0%

SD Card Data Diode System

A system to transfer files from an airgapped PC to an non-airgapped PC by dumping files from SD card to serial port back to another SD card.

int-mosfetInt-Mosfet
Following
Liked Like project

Just one more thing

To make the experience fit your profile, pick a username and tell us what interests you.

Pick an awesome username
hackaday.io/
Your profile's URL: hackaday.io/username. Max 25 alphanumeric characters.
Pick a few interests
Projects that share your interests
People that share your interests

We found and based on your interests.

Choose more interests.

OK, I'm done! Skip
Similar projects worth following
0 comments
3 followers
View Gallery
Using 2 Arduino Uno's with an SD card shield and the SD card libraries, and a working serial data diode design, I hope to build a system to transfer files from one SD card to another without the possibility for the receiving side to talk back to the transmitting side.

This project is a computer security one. The challenge this project addresses is to help prevent the possibility of malicious communications going from internet-connected PCs back to airgapped PCs when a file is transferred from the airgapped PC to the network-connected one. The main use case is to generate ciphertext securely on the airgapped PC, and to transfer it over to a recipient via a network-connected PC. Another use case is to generate your passwords for all your online accounts on the airgapped PC, put into an encrypted file, then transfer over to be used on networked PCs. If you just use a USB stick to transfer a file from an airgapped PC to a non-airgapped one, with exploits like BadUSB and other forms of USB malware there may be a way to get malware on the USB stick then back to the airgapped PC that you trust most. This is because there is two-way communication anytime you plug in a USB stick to a PC. This is the main scenario I hope this device can help prevent.

This project plans to alleviate this problem by using one-way communication from a serial port on the Arduino Uno where the user places the "airgapped" SD card, to another Arduino Uno that reads from the serial port and writes what it receives to a file on the SD card. Even though every transducer is technically bi-directional, I am unable to find *practical* research or a proof-of-concept that can breach this data diode at this time, side-channel attacks must be used to do so at this time.

This project may be world changing because it simplifies this form of secure one-way transfer of files that is previously limited to state agencies and militaries around the world. It may help prevent a lot of malware infections (that is my hope, at least). The data diode design I am using is located here: http:://imgur.com/a/5Cv19

My plan is to get Arduino Uno's with SD card shields and to use the SD card library to read a file from one side, to dump that to the serial port, with the data traveling through a serial data diode that I have verified to be working, then to read in from the serial port on the other side, and to put that into a file. I believe that capability is laid out in the SD card libraries, but I am not 100% sure at this time. I am prototyping with Arduino mostly because of the easy-to-use SD card library and platform. I do hope the concept can be expanded to any platform though, being "platform agnostic".

schem0.sch

Super simple schematic of the board I made.

sch - 159.93 kB - 08/28/2017 at 04:11

Download

schem0.brd

This is all you need to send to Oshpark for a PCB run.

brd - 27.31 kB - 08/28/2017 at 04:11

Download

  • 1 × HCPL-7720-000E Opto and Fiber Optic Semiconductors and ICs / Optocouplers and Optoisolators
  • 2 × 47nF Capacitor
  • 2 × Arduino Uno
  • 2 × SD card 1 FAT partition for now, one file (.txt or .csv) for transfer
  • 2 × Adafruit Assembled Data Logging shield for Arduino Product ID: 1141 (this is new version, it's different than old version, heads up)

View all 6 components

  • Log 3

    Int-Mosfet08/31/2017 at 23:39 0 comments

    So I've verified that the project works with the code provided.  So now we have a proof of concept to move a file from one SD card to another one-way through an opto-coupler.

    To prevent corrupting the file a bit (not sure why that's happening), you have to plug in the transmitter first, then plug in the receiver, then hit the reset button on the transmitter.  By plugged in, being plugged into a USB power source is sufficient.  After the reboot a clean transfer will happen.

    I found it odd that just using one wire to transfer, some corruption wasn't happening, but adding my opto-coupler board (labled "Tinfoil Transfer"), there's some weird data being sent to the file.

  • Log 2

    Int-Mosfet08/28/2017 at 04:17 0 comments

    I've made a PCB and I've got some bare bones working code.  I will get pictures of the PCB up shortly (my first one!).  The github link has been added.

    So I've shown a proof-of-concept of sending a "file" one way over the serial port (what's actually happening is parsing the file, sending what's being parsed over serial port, then creating a new file and storing what's sent into a new file on receiver side).

    What's really needed now is better parsing of the SD card (to get all files on the card) and a good forward error correction (FEC) implementation.  To really make this idea good is going to take a lot of work, if someone can do it please show me.

  • Log 1

    Int-Mosfet07/20/2017 at 05:29 0 comments

    I've got some good news and bad news.  Good news is I can successfully send a file over serial port from one SD card to another.  I'll get a github repo up in next few weeks, at least by September.  I haven't tried it yet with the optocoupler but I am 99.9999% sure it will work so long as 1-way transmission over serial port is working (the key is the optocouplers are CMOS compatible, that's why it works).

    Bad news is that sending files isn't going to work like I expected (and I should've known better when I did a project where I had to convert JPG files to raw binary files, to be able to manipulate raw data easily).  I was thinking I could just transfer all the binary info as is over the serial port, but I need to decode each file first (compression or file formats etc.).  So if your SD card has .docx, .pdf, .jpg, and .txt files all on it, I need to detect each of those files and begin a decoding process before I can move it over the serial port.  I don't think I'll have code space for that and since this is a security project the code has to be as simple as possible and minimal to make for easy verifying and minimize potential bugs.  There's already enough code from the Arduino bootloader to the SD FAT library running, adding a PDF decoder to that will start to get gnarly real quick.

    So for the time being, this tool will be for 1 file (right now I have to hardcode the file name in the code, may change that eventually), generally either a TXT or CSV file.  That file can be absolutely huge though.  The main use will be transferring large text strings from an air-gapped PC to a non-air-gapped one.

    That's a real let-down for me, so I'll keep looking for ways to make this work, as minimally as possible.  In mean-time, I'm also making my first PCB with Eagle.  Taking me a while.  I'm using a HCPL-7720 optocoupler because it's already in Eagle :p.  It's basically the same as the HCPL-7723 but half the speed.  I'll learn how to add parts and stuff eventually.  It's not intuitive but I'm starting to get the hang of it.  What I wanted to do was have another shield that goes on top of the SD card shields, but it connects the 2 Arduinos.  This is proving to be difficult (I know what I want to do, but not working).  I think I'm going to create the barebones PCB I need, and use cables to connect it for my first prototype; and get better with Eagle and the PCB I'm envisioning.

  • Log 0

    Int-Mosfet06/09/2017 at 03:32 0 comments

    So this is my first log, I've been busy with work, and spending time with my SO. I've been able to get my prototypes I'm going to work on built, the main thing now is software. I'm going to start slow, just sending (hopefully it works) one whole file over serial port, with hardcoded names in the code. But I would be very pleased if I could, say, push a button, my code scans the SD card for all the file names (saves those as strings, uses those strings to open files for reading and then transferring those strings, with headers or markers that it's a file name, and opening a file on receiver and being able to close after copying over; this is my vision right now).

    Today I had a couple of hours to work (and I wasn't exhausted from coding/designing/tracking bugs down all day) and was able to copy a file back to the same SD card, worked like a charm. I'm thinking it would be wise to make a copy of files, then ready that for transfer, just in case something happens, the original file shouldn't be touched otherwise.

    I'm trying to learn Eagle to make my first board, it's going to be a really simple board but I've never made my own board, it always gets done for me and I program them or suggest design changes. If I could get that done for a small price, would be great, but another side of me says to learn the CAD program and make a board. I don't like how Eagle needs to be online though, may switch to KiCAD because of that.

    Anyway, enough blabbing, that's a small status update right now, main thing is I'm happy I can copy files to SD card by dicing up the file into buffers of 64 bytes, this gives me a little more confidence my idea will work how I thought it would.

View all 4 project logs

Enjoy this project?

Share

Discussions

Does this project spark your interest?

Become a member to follow this project and never miss any updates

Going up?

About Us Contact Hackaday.io Give Feedback Terms of Use Privacy Policy Hackaday API

© 2025 Hackaday

Yes, delete it Cancel

Report project as inappropriate

You are about to report the project "SD Card Data Diode System", please tell us the reason.

Send message

Your application has been submitted.

Remove Member

Are you sure you want to remove yourself as a member for this project?

Project owner will be notified upon removal.