Hello,

I was contemplating a scenario and was curious about its feasibility:

Suppose we have an eMMC with a damaged controller, shorted. We could cut through layers and arrange the necessary new pinout to create a dump of the NAND, as described in the document by Rusolut here:

https://rusolut.com/wp-content/uploads/2018/10/damagedEMMC.pdf

Now, my question is:

If this were a chip from an Android phone and the data is encrypted (paired with the CPU), could we copy the dump to a chip of the same size, solder it onto the phone, and then power it on to extract the data?

Your assumption is that there is no serialisation between the emmc and cpu. I don't do android stuff but the chances of that I think would be slim.

_________________
Data Recovery Services in the UK.
https://www.usbrecovery.co.uk/

That is what I was thinking also. Even with a same size chip from the manufacturer.
But where is this serialization of chip ID (CID)? in the spare area, not assigned area?
If its a physical extraction that mean that for example in a 16GB eMMC we will have around 18ish GB including the spare area. A bit by bit dump.

Maybe I am not being clear:
If we make a dump working directly with the NAND inside the eMMC bypassing the controller, we will have access to hidden data.

"The CID (Card Identification) in NAND flash memory is typically stored in the extended CSD (Card Specific Data) register. The extended CSD register is part of the standard interface and configuration information used by embedded memory devices, including eMMC (embedded MultiMediaCard) and NAND flash.

The CID is a unique identifier assigned to each NAND flash memory chip during its manufacturing process. It includes information such as the manufacturer ID, OEM/application ID, product name, and other details specific to the memory device.

Please note that the exact location of the CID within the extended CSD register can vary based on the specific NAND flash chip and its manufacturer. Accessing and interpreting the CID often requires knowledge of the NAND flash memory's technical specifications and may involve low-level operations using specialized tools or commands.

If you are working with a particular NAND flash device, it's advisable to refer to the datasheet or technical documentation provided by the manufacturer for detailed information on the structure of the extended CSD register and the location of the CID."

So in theory if this can be edited, we should be sorted? its so difficult to find answers to these questions.
I could assume it can't be in the controller I would say, it makes no sense to me. Anyway if that were the case, and the controller is dead: bye bye.