nice article on NAND Flash RE/hacking

[HaQue]

Here is an article I found while looking for something else entirely. I like the explanation of using the FTDI chip for reading NAND.

http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Reverse-Engineering-NAND-Flash-Memory-POS-device-case-study-part/ba-p/6581528#.VJkbAZDAA

[AesEbu]

I made the hardware of this nand reader a few month ago, but no idea how to get software.

[HaQue]

about 3/4 down the page

DumpFlash – enhanced Flash reader/writer software

You need software to achieve bit-banging and for this there is a NANDTool open source project maintained by Bjoern Kerlers. I ported the entire C++ code to a Python project and created the DumpFlash project. I also added support for NAND Flash programming. Here are the highlights:

Read/Write support

[pclab]

Nice article, but one question:
With this software he provides, we can recover the data of a flash drive for instance??
Any tests on this one?

[AesEbu]

about 3/4 down the page

I think there is no compiled program, and I have absolutely no idea what I should do with all these weird files. And he speaks about a Windows 7 machine, but I felt that it was a linux software.

[ici_lemmy]

about 3/4 down the page

And he speaks about a Windows 7 machine, but I felt that it was a linux software.

If this is python it should work on linux and windows...
But IMHO, if you don't know what to do with "all these weird files", you shouldn't do it...

[lcoughey]

If only flash recovery were as simple as getting a dump of the NAND chips.

[HaQue]

As Luke says, often getting the dump of the NAND is the easy part. You then have to deal with Wear levelling algorithms(many, many), XORed DATA in a variety of ways, encryption, different controller operations such as updates, etc etc.

and as ici_lemmy says, the files at https://github.com/ohjeongwook/DumpFlash are python scripts. You would need to go to the python webpage and download a windows install for python, after that these files should "run" from a command prompt.

also do this:

Download the DumpFlash code first. You should also install prerequisite packages like pyftdi and libusbx. With everything set up, you can query basic Flash information using the –i option. (Figure 15)

then as seen in the part "DumpFlash – enhanced Flash reader/writer software", if you look at the screenshot you can see what he typed in to get the output.

IMHO, it is worth continuing with what you started as learning how to run python scripts opens another chapter for your computing and hacking around.

I often use it for manipulating files, wordlists and general things I need more than a batch file for.


Basically create a folder such as d:\nand_stuff and put all the files in. then in a command windows, type

[AesEbu]

Ok, thank you for your answer. In fact, I just want to recover an old ide ssd drive with only one nand chip (1GB). I already have the hardware for the nand reader, so why not try? If I can't do anything, I will buy another ssd drive, with unknown software already installed.

[HaQue]

Ok, thank you for your answer. In fact, I just want to recover an old ide ssd drive with only one nand chip (1GB). I already have the hardware for the nand reader, so why not try? If I can't do anything, I will buy another ssd drive, with unknown software already installed.

That's interesting, and old IDE SSD... Exactly, why not try? If you have time for a bit of playing, how about show the model/type and some pics of the SSD drive? Is the SSD for some type of embedded system?
Maybe we can walk you through the process and help you recover it. I think you could dump this with not much more effort than what you have already done.

If I can't do anything, I will buy another ssd drive, with unknown software already installed.

I am confused about this bit, can you elaborate on the unknown software bit.. why would it be unknown?

Start by installing python package that suits your system from https://www.python.org/ then the prerequisites of http://libusbx.org/ and https://github.com/eblot/pyftdi.
try and figure out how to install the packages on your own because this process really helps to get you familiar with how all this works. If you have trouble, post your issues, as these types of things are tricky sometimes for a variety of reason.. even for people that do this type of thing all the time. But often it is surprisingly easy.

after you have dumped the chip, a look in a hex editor will help to see what comes next.

What files/filesystem or filetypes are you expecting? is it a system or individual files you need off it?

good luck!

[pcimage]

As far as I know, some of the knock-off Chinese PC3K PCI software came on a little IDE "Flash HDD" or something like that, maybe that's it?

[Amarbir[CDR-Labs]]

As far as I know, some of the knock-off Chinese PC3K PCI software came on a little IDE "Flash HDD" or something like that, maybe that's it?

No What Was Long Ago ,
They Had a 40GB HDD Version And Once Those HDD's Were Hard To Find They Also Had it Working With higher capacity once .Anyway i am thinking whats the use of this project .Is he sure after taking the dump he can extract data .Might be might be not .And for Nand Reading Anyone can use a higher end programmer or the nand reader from many companies like softcenter ,etc etc .

[AesEbu]

Is the SSD for some type of embedded system?

You're right, that's a video monitor.



There is a label on the pc motherboard, where it says "Windows XP Embedded". The mystery is lifted.



I had the same problem there is a year or two, I bought a new ssd, and the monitor has booted normally. I thought it was the same thing this time, but I just saw a lot of bad capacitors on the motherboard. It's certainly the real problem.

[LarrySabo]

I had the same problem there is a year or two, I bought a new ssd, and the monitor has booted normally. I thought it was the same thing this time, but I just saw a lot of bad capacitors on the motherboard. It's certainly the real problem.

Are you referring to bad caps on the motherboard pictured in your post? I don't see any. Did you test them with an ESR meter or something, are you referring to another MB, or am I going blind?

[HaQue]

I don't either but I suspect the ones in red circle first and blue possibly second choice. I would have thought the blue circled ones would go first though

[LarrySabo]

They look okay to me, although it's hard to see the ones in the corner clearly. Because they appear to be the same size as healthy others on the board, I suspect they are fine. The ones in the blue circle look fine, too. That white stuff is just the gunk they put on them to keep them from vibrating, I believe. (I used to see a lot of that in CRT monitors and sure wish I knew of a source. It's terrific stuff!)

[fzabkar]

I had the same problem there is a year or two, I bought a new ssd, and the monitor has booted normally. I thought it was the same thing this time, but I just saw a lot of bad capacitors on the motherboard.

Did you try to access the SSD via an IDE motherboard in a regular PC?

Did you measure the voltage outputs of the PSU at the LHS?

As for the capacitors, I would take LarrySabo's advice and test them in-circuit with an ESR meter.

[AesEbu]

I made an adapter for my ide/sata to usb converter, and the ssd is fine, I can see files and directories.



So I have to change the bad caps and see what happens.

[LarrySabo]

They are clearly bad. I hope new ones help clear things up.

[HaQue]

Great, I think you are well on the way to a working system again