All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 5 posts ] 
Author Message
 Post subject: Hiding data in bad blocks?
PostPosted: November 4th, 2014, 8:34 
Offline

Joined: November 4th, 2014, 3:10
Posts: 8
Location: Atlanta
I have read in numerous places that some people write data in bad blocks in order to avoid being caught. How is that possible since bad blocks are supposely inaccessible?

Thanks


Top
 Profile  
 
 Post subject: Re: Hiding data in bad blocks?
PostPosted: November 4th, 2014, 8:40 
Offline

Joined: November 9th, 2006, 15:15
Posts: 2983
You can write to a good sector then add it manually


Top
 Profile  
 
 Post subject: Re: Hiding data in bad blocks?
PostPosted: November 4th, 2014, 8:52 
Offline

Joined: November 4th, 2014, 3:10
Posts: 8
Location: Atlanta
hddguy wrote:
You can write to a good sector then add it manually

what do you mean by "then add it manually"?

Add what where? :) transfer file from a good sector to bad? if this is possible why not write to bad block directly? :?:


Top
 Profile  
 
 Post subject: Re: Hiding data in bad blocks?
PostPosted: November 4th, 2014, 9:25 
Offline

Joined: November 9th, 2006, 15:15
Posts: 2983
Take a good sector, write to it, then manually add this to one of the drives defect lists using specific hardware that allows you to add it.


Top
 Profile  
 
 Post subject: Re: Hiding data in bad blocks?
PostPosted: November 5th, 2014, 20:27 
Offline
User avatar

Joined: December 4th, 2012, 1:35
Posts: 3844
Location: Adelaide, Australia
Bad blocks are inaccessible(in most cases) by regular methods of disk access. They ARE accessible using some "Pro" tools and/or through terminal access.

In the case of Flash memory, some use a byte in the service area to say bad block or not, some Flash that is used for storing firmware, such as on a home router or other embedded OS(usually Linux) stores the bad Block table off chip, or on chip and needs to be read first before reading the actual contents. There is a talk about NAND Flash messing about that should provide you with the answer to your question.. IIRC it was by Monk (Josh Thomas) at BH/Defcon/Shmoocon or one of those.

I read, listen to and see a LOT of talks, research and assorted hackery, and it all seems to blend together at times, so don't sue me if some detail is slightly off!


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 5 posts ] 

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 6 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group