Forum rules
Please do not post questions about data recovery cases here (use this forum instead). This forum is for topics on finding new ways to recover data. Accessing firmware, writing programs, reading bits off the platter, recovering data from dust...SD Card Hacking. Good intro to inside SD
January 13th, 2014, 7:02
This video was presented by bunnie and Xobs, you might remember seeing the previous work on identifying the dodgyness going on in MicroSD world.
Here they manage to run some code - I think just a few instructions on the 8051 but extremely interesting.
I wish I had the facilities to build some hacking flexible circuits and pogo pinned jigs.
There are a few things very briefly mentioned that I wish had been explored a lot more, but the talk is great. With the release of the ANT catalogue, it is conceivable if not probable that this kind of thing is already out there.
checkout the video here, and also the rest of the conference is very interesting as well.
The Exploration and Exploitation of an SD Memory Card [30c3]
http://www.youtube.com/watch?v=CPEzLNh5YIo
Here they manage to run some code - I think just a few instructions on the 8051 but extremely interesting.
I wish I had the facilities to build some hacking flexible circuits and pogo pinned jigs.
There are a few things very briefly mentioned that I wish had been explored a lot more, but the talk is great. With the release of the ANT catalogue, it is conceivable if not probable that this kind of thing is already out there.
checkout the video here, and also the rest of the conference is very interesting as well.
The Exploration and Exploitation of an SD Memory Card [30c3]
http://www.youtube.com/watch?v=CPEzLNh5YIo
Re: SD Card Hacking. Good intro to inside SD
January 15th, 2014, 15:28
Motivated by the research above, I thought I might test out my JTagulator on an SD card.
This particular card is a 2GB Sony Class 4. The controller appears to be made by Phison, a PS2233 or something close. The NAND ID is 0x98 0xD5 0x94 0x32 and the part number is likely HVPE4F4. I have seen the manufacturer of these to be listed in vatious places as both Toshiba and Hynix, and also Samsung. I don't know which it is.
I noticed that after the coating was removed, there were 2 sets of traces leading to the edge of the card. I was thinking test point or programming points.
I decided to start with the smaller set, 4 traces. I soldered some thin wires under the microscope to the pads that were not used for the NAND Flash chip.
The wires were too fragile so I made up a board to hold it, and also extension made from a sd-microsd adapter so I could insert it in my laptop still while analysing.
Here is the whole setup.
I will post details of what signals I find soon, I didn't realise the time until the birds started singing.. dang, another day feeling tired coming up
This particular card is a 2GB Sony Class 4. The controller appears to be made by Phison, a PS2233 or something close. The NAND ID is 0x98 0xD5 0x94 0x32 and the part number is likely HVPE4F4. I have seen the manufacturer of these to be listed in vatious places as both Toshiba and Hynix, and also Samsung. I don't know which it is.
I noticed that after the coating was removed, there were 2 sets of traces leading to the edge of the card. I was thinking test point or programming points.
- 3.jpg (35.02 KiB) Viewed 7677 times
- traces.jpg (60.89 KiB) Viewed 7677 times
I decided to start with the smaller set, 4 traces. I soldered some thin wires under the microscope to the pads that were not used for the NAND Flash chip.
- 3a.jpg (101.18 KiB) Viewed 7677 times
The wires were too fragile so I made up a board to hold it, and also extension made from a sd-microsd adapter so I could insert it in my laptop still while analysing.
Here is the whole setup.
I will post details of what signals I find soon, I didn't realise the time until the birds started singing.. dang, another day feeling tired coming up
Powered by phpBB © phpBB Group.