|
A client recently had some questions regarding the security of the ASUS AI Direct Link software, distributed with ASUS motherboards and preinstalled by OEM vendors. Google didn't have much on the subject.
Supposedly you need an ASUS motherboard, and both PC's must run the AI Direct Link software.
Curious as to how this software works, I thought I'd take a quick look.
A search in Google for AIDirectLink_V10011.zip should find it.
Basically you install the software. It has a system tray icon, which you can right click on. There are 3 options:
1) Enable Incoming Folder (Turn on the software "networking functionality" to enable file transfer)
2) Change Incoming Folder
3) Disable Incoming Folder
The default Incoming Folder is "C:\Program Files\ASUS\AI Direct Link\\AIDirectLinkIncoming"
I thought I'd have a look at my open ports to see what it was listening on and the associated protocol, but to my surprise nothing was listening.
If you enable Incoming Folder, it asks you the following:
Scenario 1 - Public account
My next though was Windows SMB shares. A quick 'net share' reveals the share:
C:\Documents and Settings\patrick>net share
Share name Resource Remark
-------------------------------------------------------------------------------
C$ C:\ Default share
esSharedFolder$ C:\Program Files\ASUS\AI Direct Link\\AIDirectLinkIncoming ADL Folder.
ADMIN$ C:\WINDOWS Remote Admin
IPC$ Remote IPC
Pretty obvious now. The 'public account' creates a hidden share (indicated by the '$' in the share name) and gives it Anonymous user access.
Therefore, you can remotely access it from another PC by accessing the UNC path (err.. Start -> Run, or 'net use \\<target>\esSharedFolder$' on the command line):
\\<target>\esSharedFolder$
If you check the NTFS permissions, it also creates an Anonymous/Guest style windows account without any group memberships:
C:\Documents and Settings\patrick>net users
User accounts for \\<target>
-------------------------------------------------------------------------------
__vmware_user__ Administrator
ASPNET esNetUser Guest
HelpAssistant SUPPORT_388945a0
The command completed successfully.
So it has created 'esNetUser' and assigned it permissions to the shared folder.
That is it. So much for special ASUS technology, eh?
Scenario 2 - "Use my account". Lets you specify your own username and password. In this example, I have used abc:abc as the user/pass.
If we have a look at the shares 'net share', we get a similar result.
C:\Documents and Settings\patrick>net share
Share name Resource Remark
-------------------------------------------------------------------------------
...
esSecurFolder$ C:\Program Files\ASUS\AI Direct Link\\AIDirectLinkIncoming ADL Folder.
...
This time around, the name is changed to 'esSecurFolder$'. So you can access it via \\<target>\esSecurFolder$ or 'net use \\<target>\esSecurFolder$ /u:abc abc'.
(The /u:abc abc part specifies the username and password.)
Additionally, this time it has created a NT user account:
C:\Documents and Settings\patrick>net users
User accounts for \\<target>
-------------------------------------------------------------------------------
__vmware_user__ abc_ai Administrator
ASPNET Guest HelpAssistant
SUPPORT_388945a0
The command completed successfully.
In this example, it has deleted the esNetUser, and created 'abc_ai' user. My guess is the _ai is to ensure it does not accidentally change the password of a preexisting user, e.g. 'patrick', or remove my account if I disable the sharing function.
Well, that is basically it. Once again the NTFS permissions on the folder have been set, this time for the 'abc_ai' account.
|