All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 7 posts ] 
Author Message
 Post subject: NAND Recovery
PostPosted: May 17th, 2018, 21:11 
Offline

Joined: May 28th, 2016, 9:16
Posts: 128
Location: Karlsruhe / Germany
Hey Guys,

I'd like to start recovering Flash Memory like USB-Sticks, SD-Cards or other devices, where I can't repair the device (what we are actually currently doing) but have to use the chip-off method.

My current problem is, that there are three tools out there for the job. PC-3000 Flash, FE and Rusolut VNR.

I took a look into the NAND Recovery and... well.... It seems to be a whole another world than HDD recovery. To get the data off the chip is mostly not the problem but to put everything together seems to be more the problem.

But what's the best tool to start with? Rusolut says from themselves, that they are concentrating on NAND recovery and they are the experts in this area. But on another hand, they software seems to be very complex. I took a look on their website about the recovery, they are talking about a controller database but you also have to find the areas where the data is stored. This is kind of a thing, I don't understand.

Well, what do you think, is it a good idea to start NAND Recovery with VNR? And are they any more specific information, how exactly I can restore the data? Because the cases of the tutorials are quite simple. But I've also seen screens with full of blocks, when the cases are more complex.


Top
 Profile  
 
 Post subject: Re: NAND Recovery
PostPosted: May 17th, 2018, 22:41 
Offline
User avatar

Joined: December 4th, 2012, 1:35
Posts: 3160
Location: Adelaide, Australia
start by reading the freely downloadable VNR books (pdf's). These 2 docs break it down as a basis to understanding flash. Make no mistake you will be putting a LOT of hours into flash. Profit? not so much, especially in the beginning.

really you need all the tools, as each have their strengths and limitations. By limitations I am including your knowledge limitation, as some tools have very little limitations, with a huge amount of control (VNR) but flash has a tonne of variables and quirks that can leave you scratching your head for days, or failing a case completely, and not even knowing halfway why.

There are no manuals from vendors. 99% is reverse engineered.

if you search this forum, this question has been coverd a few times before, so no sense repeating it.

We are going to need good people to work on these chips coming with 32 and 64 layers, and 1TB flash chips, so I dont want to discourage you in any way.. the more eyes on the isue the better!


Top
 Profile  
 
 Post subject: Re: NAND Recovery
PostPosted: May 18th, 2018, 6:24 
Offline

Joined: May 28th, 2016, 9:16
Posts: 128
Location: Karlsruhe / Germany
HaQue wrote:
start by reading the freely downloadable VNR books (pdf's). These 2 docs break it down as a basis to understanding flash. Make no mistake you will be putting a LOT of hours into flash. Profit? not so much, especially in the beginning.


I already started to reading it. But I feel like this is just the top of the knowledge I need to know. Especially when it comes to new high capacity flash devices. But there is one thing, I don't understand: Why do I have to figure out all of the parameters of the memory to restore the data? In my personal opinion there must be some kind of database where recovery specialists can get the information from. If you have two USB-Sticks of the same model, you are going to restore the data same way. Do you? I mean, the XOR Key may be different but the position of it is going to be the same?

Another Thing I don't understand is, why we have to do the recovery by ourselves? Another department of my company is currently investing into Deep Learning. And in my personal opinion this is something that can be done easily by a Deep Learning algorithm.
[/quote]


Top
 Profile  
 
 Post subject: Re: NAND Recovery
PostPosted: May 18th, 2018, 8:09 
Offline
User avatar

Joined: December 4th, 2012, 1:35
Posts: 3160
Location: Adelaide, Australia
Quote:
If you have two USB-Sticks of the same model


Therein lies the rub.

USB sticks "models" wont really help. for example, verbatim store'n'go have looked the same for many years. inside it is a crap shoot. every single revision of firmware (which wont show up even if vendors specified models) change things. Another example: Strontium drives commonly bought at newsagents. these use repurposed things like microsd cards, sd cards, emmc soldered to the board where they wire directly to NAND - I assume there was a controller problem in the SD/microSD/emmc. When I buy these for my research pool, I usually buy 3 or four as I knowthey will all be different inside!
I have over 700 in my research pool and very few duplicate chip/controller configurations

when you get customer drives in, it is extremely rare to get one with the same parameters you have had in before.

sure there are similar drives around but the experience comes in knowing what parameters to change to get your patient 100% dialled in.

a good indication is to go to FE site and flick through the library. you will start to see the MANY combinations of parameters making up a drive.

and each step of the recovery has its own nuances.

example of a (incomplete by far) list:

1. figure out whats in your hand.
- often chips have no markings
- monoliths are not marked well, same pin config but who knows what inside.
- is it real or counterfeit? sounds like it should be a minimal concern but a bigger one than you think.
- chip IDs, but parameters can be different (DDR, SDR, WL versions, power modifications needed, etc etc)
- how many crystals, finding extra pinouts
- chips with 1.8v core, chips with different pin config, chips with other reading issues
- what is the controller (there are some weird ones out there)
- many different chip types - BGA 100, 224, 316, 272, LGAxx, tsop48, wide tsop48, tsop52, emmc (variety of) SD, MicroSD, etc

2. read the chip.
- is the dump correct? how do you know?
- is it DDR read with SDR parameter or visa versa?
- does it have too many bit errors - can we do anything to make it better.. what?
- were the reading paramers right?

3. get raw dump into a disk image..
- what layout is it? is ecc known / xor? / BCH?
- algorithm?
- does it need pages cut? blocks cut? before image or after?
- are any block missing?
- are there block numbers or need to create translation table
- inversion, pages rotated in blocks, and a whole slew of things here, and more being developed and found often
- video hard to recover, different file systems have quirks, etc etc.

4. other:
- space.. things are getting big. storage is not a trivial concern
- transfer times of dumps / recovered files / support from people is a factor
- time. ecc correction on large dumps, saving images after reversing takes hours and in some cases like SSD can take several days to save an image. It gets you down when your customers are stressed and waiting and nothing you can do to speed up recovering.
- working on a single case can blow your "intended hourly $ income rate" as customer payment probably wont cover a good number of jobs. hard to do many flash cases at once. Unlike hard disks where you might have a heap of the hooked up to various recovery tools, unless you have multiple technicians, this is going to be not as easy to do as the device/chip on a machine is a small portion of recovery time but tech eyes on the PC screen is a large %
- SO MANY different combo's of controller/flash
-vendors of flash tools working hard but basically need to reverse engineer all new stuff. no service manuals from the flash vendors!

I could go on but hope you get the picture.


Top
 Profile  
 
 Post subject: Re: NAND Recovery
PostPosted: May 18th, 2018, 12:40 
Offline

Joined: August 31st, 2017, 4:34
Posts: 15
Location: Belgium
Practice is the best way of NAND recovery learning. Ace tech sup guys were of great help to me, I unsoldered the chip, read the dump and they did the rest. Of course, if you want to be a guru, you need to work your hardest, but such help is good at the beginning


Top
 Profile  
 
 Post subject: Re: NAND Recovery
PostPosted: May 21st, 2018, 18:05 
Offline

Joined: May 28th, 2016, 9:16
Posts: 128
Location: Karlsruhe / Germany
Thank you very much for your support. I just have another question. If I take the Rusolut Website about their Adapters, I see that the most BGA adapters are... PCB Only ....

https://rusolut.com/visual-nand-reconst ... -adapters/

So I have to reball the BGA Chip and solder it onto this PCB to read it? I don't think, that the PCB is going to last very long.


Top
 Profile  
 
 Post subject: Re: NAND Recovery
PostPosted: May 21st, 2018, 19:04 
Offline
User avatar

Joined: December 4th, 2012, 1:35
Posts: 3160
Location: Adelaide, Australia
you could always buy the clamshell / test socket and fit them yourself, or make adapter. Most of us have made our own adapters for one thing or another. There are so many different varieties, but not all have available adapters from the vendor of the tool. I think most common ones are covered by Rusolut though.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 7 posts ] 

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 4 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group