All times are UTC - 5 hours [ DST ]


Forum rules


Please do not post questions about data recovery cases here (use this forum instead). This forum is for topics on finding new ways to recover data. Accessing firmware, writing programs, reading bits off the platter, recovering data from dust...



Post new topic Reply to topic  [ 28 posts ]  Go to page Previous  1, 2
Author Message
 Post subject: Re: Flash Drive Research project
PostPosted: June 16th, 2014, 15:22 
Offline
User avatar

Joined: September 8th, 2009, 18:21
Posts: 10847
Location: Australia
labtech wrote:
Wondering if there could be a way of masking the main on board controller (presumably one that has failed) with one that is connected to it from a outer socket. ... Specifically, targeting SSDs, since many times there is no feasible solution due to encryption and much desoldering work.

Yes, that sounds like an easier approach for SSDs. Depending on the nature of the failure, you may be able to disable the controller via its reset pin. This usually places all the I/O pins in a high impedance state. Alternatively, you could remove or short (?) the crystal oscillator, unless of course it is embedded within the controller.

_________________
A backup a day keeps DR away.


Top
 Profile  
 
 Post subject: Re: Flash Drive Research project
PostPosted: June 16th, 2014, 22:47 
Offline
User avatar

Joined: December 4th, 2012, 1:35
Posts: 3160
Location: Adelaide, Australia
I don't know if I would want to do that, it is possible the controller could write to the NANDs without user interaction. If the donor controller decided it needed to "fix" anything apon boot, there could be data loss. Also when each flash device is initialised, from what Ive seen, the controller and NANDs marry to each other pretty closely.
It can be quite difficult to know if a controller contains the same firmware, and if it does, same settings for the NANDs.

That said, this exact principle has worked on some sandisk flash drives(ive seen anecdotal evidence), the ones that are encrypted.

It is almost like flash drive and SSDdrive vendors are oblivious to the fact that DR is performed on the drives, or purposely designed to make it hard. Is encryption really necessary between a controller chip and a set of NANDs?

There is a massive research hole in this area.


Top
 Profile  
 
 Post subject: Re: Flash Drive Research project
PostPosted: June 16th, 2014, 23:37 
Offline
User avatar

Joined: September 8th, 2009, 18:21
Posts: 10847
Location: Australia
The controller can't do anything if it is being held in the reset state. When its I/O pins are in high-Z mode, they are effectively disconnected from the circuit. It would be just like having two devices on the same bus, with one device disabled. That's how buses are designed.

_________________
A backup a day keeps DR away.


Top
 Profile  
 
 Post subject: Re: Flash Drive Research project
PostPosted: June 18th, 2014, 8:45 
Offline
User avatar

Joined: August 13th, 2008, 13:10
Posts: 811
Location: World
HaQue wrote:
A Lesson on Over-Engineering


Hi HaQue!
Very interesting project.


Top
 Profile  
 
 Post subject: Re: Flash Drive Research project
PostPosted: June 18th, 2014, 9:28 
Offline
User avatar

Joined: December 4th, 2012, 1:35
Posts: 3160
Location: Adelaide, Australia
Thanks :)
I have been able to take a data image, data dump, pattern dump and sector dump on 7 drives so far, and ready to solder some connectors on 8 more, so this is definitely helping me get through the mountain of data I want to take on each drive. It has saved me 14 solders and un solders of NAND Chips! so pretty significant boost for such a simple idea.
TBH, I was not looking forward to all the soldering, but now the process is simplified, I should have results a lot quicker.


Top
 Profile  
 
 Post subject: Re: Flash Drive Research project
PostPosted: June 28th, 2014, 5:32 
Offline

Joined: August 8th, 2007, 6:32
Posts: 1197
Location: inside ROM
Great work. Mate! Thats what i call creative thinking.


Top
 Profile  
 
 Post subject: Re: Flash Drive Research project
PostPosted: July 2nd, 2014, 12:09 
Offline

Joined: July 2nd, 2014, 8:05
Posts: 169
Hi HaQue,

This is simply amazing what you're doing.
We're about to complete new chip-off Data Recovery and Digital Forensics tool manufacturing for NAND devices with open block management algorithms, scrambler analysis and extraction tool (XOR extraction), and many other nice and unique options. I think we can supply you tool on some conditions. If you're intrested, let's find a way for communication (my email in profile).

Besides the method HaQue described there's another one, for reverse engineering of controller algorithm on working devices(works in ~80% of cases).

0. Kill MBR otherwise Windows doesn't allow to write pattern
1. Write pattern 0x77 across entire LBA space of flash device (for XOR analysis and extraction)
2. Write pattern with 16-byte running number in every sector like "0000000000000001". (for Spare area analysis, Virtual block allocation)
3. Write some known text like "I'm a new page" to some sector at beginning and remember sector number, use sector 2048 to make it easy to remember (for Replacement/Log block analysis, obsolete block analysis [forensics], and block header analysis).


Top
 Profile  
 
 Post subject: Re: Flash Drive Research project
PostPosted: July 3rd, 2014, 9:12 
Offline

Joined: July 2nd, 2014, 8:05
Posts: 169
My mistake in secont item:

2. Write pattern with 16-byte running number in every sector like "0000000000000001" on HALF of capacity, to leave space with XOR (for Spare area analysis, Virtual block allocation)

_________________
VISUAL NAND RECONSTRUCTOR. A big revolution in chip-off data recovery


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 28 posts ]  Go to page Previous  1, 2

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group