All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 32 posts ]  Go to page Previous  1, 2
Author Message
 Post subject: Re: why flash manufacturers encrypt chips?
PostPosted: November 18th, 2022, 3:25 
Offline

Joined: October 3rd, 2005, 0:40
Posts: 4311
Location: Hungary
the xor key is an output of an lsfr most of the cases, with params chosen so that it has large period.
It would be nice to write code to find out parameters of the lsfr for an actual pattern, then we could generate it without the need of recovering the whole pattern from the target device, probably a small part would be sufficient...

pepe

_________________
Adatmentés - Data recovery


Top
 Profile  
 
 Post subject: Re: why flash manufacturers encrypt chips?
PostPosted: November 20th, 2022, 17:09 
Offline

Joined: November 10th, 2022, 16:20
Posts: 8
Location: localhost
pepe wrote:
the xor key is an output of an lsfr most of the cases, with params chosen so that it has large period.
It would be nice to write code to find out parameters of the lsfr for an actual pattern, then we could generate it without the need of recovering the whole pattern from the target device, probably a small part would be sufficient...
I understand that "seed" for LFSR takes much more less space then actual pattern, but anyway if there will be unique "seeds" per sector, they itself will consume a lots of flash space (in total). How many unique patterns are used per example disk? I am assuming they are reused, can anyone share example pattern of key reuse?


Top
 Profile  
 
 Post subject: Re: why flash manufacturers encrypt chips?
PostPosted: November 20th, 2022, 20:12 
Offline
User avatar

Joined: December 4th, 2012, 1:35
Posts: 3844
Location: Adelaide, Australia
Yes these sorts of 'tricks' are often used in small devices, as you can have a very simple algo to create blocks of XOR... which takes up minimal firmware memory, or CPU instructions. I would have thought the algo could be figured out if you have the XOR block to reverse, but with my limited knowledge I couldn't find a way to generate the patterns.

I spent a while trying to decompile firmware to attempt to figure out this exact thing, plus others but did not have much success. The main problem in flash is the sheer number of different devices, each with their own way of doing things.

Best Practices? Manuals? Public Documentation? Core CPU support in IDA? Good IC Quality? Similarity between Vendors? Return on investment of research? NOPE, forget all that.


Top
 Profile  
 
 Post subject: Re: why flash manufacturers encrypt chips?
PostPosted: November 21st, 2022, 2:09 
Offline

Joined: October 3rd, 2005, 0:40
Posts: 4311
Location: Hungary
it might be done in hw...

_________________
Adatmentés - Data recovery


Top
 Profile  
 
 Post subject: Re: why flash manufacturers encrypt chips?
PostPosted: November 26th, 2022, 22:38 
Offline

Joined: August 13th, 2016, 17:10
Posts: 193
Location: Vienna, Austria
I agree, it is definitely done in hardware, doing the LSFR/XOR in firmware would be far too slow and wasteful.


Top
 Profile  
 
 Post subject: Re: why flash manufacturers encrypt chips?
PostPosted: November 27th, 2022, 18:49 
Offline
User avatar

Joined: September 8th, 2009, 18:21
Posts: 15461
Location: Australia
Would it make sense to use the LBA as the seed? Then you wouldn't need to store it.

_________________
A backup a day keeps DR away.


Top
 Profile  
 
 Post subject: Re: why flash manufacturers encrypt chips?
PostPosted: November 28th, 2022, 11:58 
Offline
User avatar

Joined: May 13th, 2019, 7:50
Posts: 907
Location: Nederland
fzabkar wrote:
Would it make sense to use the LBA as the seed? Then you wouldn't need to store it.


Wouldn't that result in different XOR for each LBA?

_________________
Joep - http://www.disktuna.com - video & photo repair & recovery service


Top
 Profile  
 
 Post subject: Re: why flash manufacturers encrypt chips?
PostPosted: November 28th, 2022, 13:17 
Offline
User avatar

Joined: September 8th, 2009, 18:21
Posts: 15461
Location: Australia
Arch Stanton wrote:
fzabkar wrote:
Would it make sense to use the LBA as the seed? Then you wouldn't need to store it.


Wouldn't that result in different XOR for each LBA?

I was addressing "okton's" point about unique seeds for each LBA. I have no idea whether this is really the case, or why it would be necessary.

BTW, a hardware implementation of LSFR is surprisingly trivial. For a 16-bit implementation, you just need a 16-bit shift register (4 x 4-bit) plus a quad XOR gate.

https://en.wikipedia.org/wiki/LSFR

https://upload.wikimedia.org/wikipedia/commons/a/a8/31_bit_Fibonacci_linear_feedback_shift_register.webm

_________________
A backup a day keeps DR away.


Top
 Profile  
 
 Post subject: Re: why flash manufacturers encrypt chips?
PostPosted: November 28th, 2022, 15:11 
Offline
User avatar

Joined: May 13th, 2019, 7:50
Posts: 907
Location: Nederland
fzabkar wrote:
Arch Stanton wrote:
fzabkar wrote:
Would it make sense to use the LBA as the seed? Then you wouldn't need to store it.


Wouldn't that result in different XOR for each LBA?

I was addressing "okton's" point about unique seeds for each LBA. I have no idea whether this is really the case, or why it would be necessary.

BTW, a hardware implementation of LSFR is surprisingly trivial. For a 16-bit implementation, you just need a 16-bit shift register (4 x 4-bit) plus a quad XOR gate.

https://en.wikipedia.org/wiki/LSFR

https://upload.wikimedia.org/wikipedia/commons/a/a8/31_bit_Fibonacci_linear_feedback_shift_register.webm


Thanks Franc, that makes a nice idea for a X-mas decoration ;)

_________________
Joep - http://www.disktuna.com - video & photo repair & recovery service


Top
 Profile  
 
 Post subject: Re: why flash manufacturers encrypt chips?
PostPosted: August 20th, 2023, 12:57 
Offline
User avatar

Joined: May 13th, 2019, 7:50
Posts: 907
Location: Nederland
Arch Stanton wrote:
rec wrote:
Arch Stanton wrote:
Maybe for same reason hard drive manufacturers do this.

Also I have been wondering if encryption accomplishes the same as XOR scrambling.. XOR scrambling serves a purpose, say increase of entropy. Could encryption do the same?


I don't understand why a XOR operation increases entropy. Could you explain?

As for your encryption question the answer is yes if you use the right mode, see here:
https://github.com/pakesson/diy-ecb-penguin


Maybe I should have avoided that word, but if we XOR block of zeros with XOR key or block, do we not increase entropy? AIUI storing very similar data close is more prone to corruption and to avoid this XOR is applied to introduce noise and avoid worst case patterns. I assumed this increase in noise leve translates to high Shannon entropy. But I am no expert on the matter, it's what I read everywhere (NAND Flash Data Recovery Cook Book and other places / documents). If we look at typical XOR-ed block of repeating bytes in VNR we see

Attachment:
xor-block.png


Which seems to me higher entropy data than a repeating pattern. If the same is already accomplished by some form of encryption XOR scrambling seems like an un-needed extra step. So maybe reasoning is, encryption gives us required noise AND we can position/market encryption as a feature. I do not know, I am simply guessing, thinking out loud.


In answer to my own question, it now seems to me the advantage of encryption is two-fold:

1. Encryption
2. Scrambling

So with encryption the requirement for for scrambling' or 'whitening' is met as it is. Cells in modern flash memory are so small that there is crosstalk between them. Because of this, if too many adjacent bits are set the same way, it can cause more bit errors than if the bits were more random. Because of this, 'scrambling' or 'whitening' techniques are used to balance the number of 1s and 0s. This could be done with a simple linear feedback shift register (XOR). Or it could be done with an algorithm like AES that effectively scrambles the bits while also providing some nice security and fast secure erase benefits.

For reference see for example:

https://www.jstage.jst.go.jp/article/el ... 5/_article
http://soc.yonsei.ac.kr/Abstract/Intern ... evices.pdf
https://patents.google.com/patent/US8261159
https://patents.google.com/patent/US8713330

_________________
Joep - http://www.disktuna.com - video & photo repair & recovery service


Top
 Profile  
 
 Post subject: Re: why flash manufacturers encrypt chips?
PostPosted: August 20th, 2023, 15:34 
Offline

Joined: February 22nd, 2023, 13:49
Posts: 65
Location: Eastern Europe
It looks like HDD encoding at intervals of 1T, 1.5T, 2T.
There are also no consecutive zeros and ones on the plates.
And there are also preliminary distortions up to 0.25T.
Also from averaging...


Top
 Profile  
 
 Post subject: Re: why flash manufacturers encrypt chips?
PostPosted: August 20th, 2023, 17:43 
Offline
User avatar

Joined: May 13th, 2019, 7:50
Posts: 907
Location: Nederland
SWM, if you say so.

_________________
Joep - http://www.disktuna.com - video & photo repair & recovery service


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 32 posts ]  Go to page Previous  1, 2

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 19 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group