All times are UTC - 5 hours [ DST ]


Forum rules


Please do not post questions about data recovery cases here (use this forum instead). This forum is for topics on finding new ways to recover data. Accessing firmware, writing programs, reading bits off the platter, recovering data from dust...



Post new topic Reply to topic  [ 31 posts ]  Go to page Previous  1, 2
Author Message
 Post subject: Re: SSD firmware hacking.
PostPosted: February 27th, 2018, 19:05 
Offline

Joined: March 19th, 2017, 9:16
Posts: 13
Location: hdlaing
here I have a samsung firmware update software , the modle almost same,but it for a fixed DELL model number(s) MZ7LM120HCFD00D3, who can modifiy it for all MZ7LM120HCFD00XX SSD?
software Download link is https://downloads.dell.com/FOLDER037232 ... 38_A00.EXE


Top
 Profile  
 
 Post subject: Re: SSD firmware hacking.
PostPosted: February 28th, 2018, 4:17 
Offline
User avatar

Joined: September 8th, 2009, 18:21
Posts: 15461
Location: Australia
ISTM that the firmware payload file is "RI_PM863_GA38.fwh". This file appears to be a 1MiB firmware image preceded by an 0x200 byte header. I would guess that you could strip the header and then download the 1MiB image with hdparm. The results may be catastrophic, though. Your choice ...

_________________
A backup a day keeps DR away.


Top
 Profile  
 
 Post subject: Re: SSD firmware hacking.
PostPosted: February 28th, 2018, 5:52 
Offline

Joined: March 19th, 2017, 9:16
Posts: 13
Location: hdlaing
yes ,the file has a header, maybe not 0x200 byte ,only 0x1B0 byte for header


Top
 Profile  
 
 Post subject: Re: SSD firmware hacking.
PostPosted: February 28th, 2018, 9:32 
Offline

Joined: August 13th, 2016, 17:10
Posts: 193
Location: Vienna, Austria
The whole 1MiB file has to be decrypted and sent to the SSD (the Samsung tools are doing both decryption and sending). If you only send the rest, not the first 200 bytes, the signature check on the firmware inside the SSD will prevent loading broken firmware.
The Samsung tools also check whether the firmware actually fits the SSD. If you use hdparm instead of the Samsung tools, this check is circumvented and you have to make sure that it is compatible yourself.


Top
 Profile  
 
 Post subject: Re: SSD firmware hacking.
PostPosted: February 28th, 2018, 14:29 
Offline
User avatar

Joined: September 8th, 2009, 18:21
Posts: 15461
Location: Australia
sourcerer wrote:
The whole 1MiB file has to be decrypted and sent to the SSD (the Samsung tools are doing both decryption and sending). If you only send the rest, not the first 200 bytes, the signature check on the firmware inside the SSD will prevent loading broken firmware.

The file does not appear to be encrypted, nor are they Samsung's tools, AFAICT.

_________________
A backup a day keeps DR away.


Top
 Profile  
 
 Post subject: Re: SSD firmware hacking.
PostPosted: September 23rd, 2018, 13:28 
Offline

Joined: January 21st, 2017, 5:57
Posts: 2
Location: india
Spildit wrote:
Thanks for sharing !
Nice !

I am created a account in hdd oracle with the name gautam.dotcom. But it not accepting password. Please help.


Top
 Profile  
 
 Post subject: Re: SSD firmware hacking.
PostPosted: October 12th, 2018, 2:41 
Offline

Joined: June 25th, 2006, 13:51
Posts: 137
Location: Italy
Hi

and what about the SandForce nightmare? :?


Top
 Profile  
 
 Post subject: Re: SSD firmware hacking.
PostPosted: January 24th, 2021, 0:27 
Offline

Joined: January 24th, 2021, 0:23
Posts: 1
Location: United States
I've a question:

I have a device that reads a cfast2.0 since those are more expensive, I used a adapter with an SSD.
Once the adapter is plugged in, the device reads the SSD ID and since it does not match gives me an error that the "media is not certified"

Basically I want to fool the device changing the name ID of the SSD to avoid this message.

How can I customize the name ID of my Samsung SSD?

I would love your help with this.


Top
 Profile  
 
 Post subject: Re: SSD firmware hacking.
PostPosted: May 19th, 2022, 17:44 
Offline
User avatar

Joined: September 8th, 2009, 18:21
Posts: 15461
Location: Australia
This free tool decrypts some later Samsung SSD firmware, eg 850 Pro, version EXM04B6Q:

https://github.com/chrivers/samsung-firmware-magic (decryption tool)

https://semiconductor.samsung.com/consumer-storage/support/tools/ (Samsung firmware)

The 860 Evo (ver RVT04B6Q) is an even newer format which isn't supported by the tool.

_________________
A backup a day keeps DR away.


Top
 Profile  
 
 Post subject: Re: SSD firmware hacking.
PostPosted: May 20th, 2022, 15:30 
Offline
User avatar

Joined: September 8th, 2009, 18:21
Posts: 15461
Location: Australia
The decoded payload has a 0x200-byte header which incorporates a table of modules at offset 0x100. The table consists of several sections. The first dword is the number of modules in that section. Each module is then described by 4 dwords which include its offset relative to the end of the 0x200-byte header, and its size. All parameter values are little-endian.

Code:
Offset(h) 00       04       08       0C

00000000  53414D53 554E475F 5353445F 42494E00  SAMSUNG_SSD_BIN.
00000010  302E3031 53544830 30303031 4F454D5F  0.01STH00001OEM_
00000020  47454E00 00000000 00000000 32303135  GEN.........2015
00000030  30333237 31383A33 35000000 00020000  032718:35.......
00000040  00001000 00001000 00000000 04000000
00000050  00000000 00270315 06000000 01010042
00000060  00000000 00000000 00000000 00000000
00000070  00000000 00000000 00000000 00000000
00000080  00000000 00000000 00000000 00000000
00000090  00000000 00000000 00000000 00000000
000000A0  00000000 00000000 00000000 00000000
000000B0  00000000 00000000 00000000 00000000
000000C0  00000000 00000000 00000000 00000000
000000D0  00000000 00000000 00000000 00000000
000000E0  00000000 00000000 00000000 00000000
000000F0  00000000 00000000 00000000 00000000
00000100  01000000 00000000 00000000 003E0100  <-- start of table of modules
          ^^^^^^^^ -------- -------- --------
          1 module 1st mod  start    size

00000110  00608100 03000000 01000000 003E0100
          -------- ^^^^^^^^ -------- --------
          ???      3 mods   1st mod  start

00000120  00000200 00000040 01000000 003E0300
          -------- -------- ======== ========
          size     ???      2nd mod  start

00000130  00800000 00808040 01000000 00BE0300
          ======== ======== ++++++++ ++++++++
          size     ???      3rd mod  start

00000140  00000300 00020080 03000000 02000000
          ++++++++ ++++++++
          size     ???

00000150  00BE0600 00000200 00000041 02000000
00000160  00BE0800 00400000 00108041 02000000
00000170  00FE0800 00400200 00000480 03000000
00000180  03000000 003E0B00 00000200 00000042
00000190  03000000 003E0D00 00400000 00108042
000001A0  03000000 007E0D00 00400200 00000880
000001B0  00000000 00000000 00000000 00000000
000001C0  00000000 00000000 00000000 00000000
000001D0  00000000 00000000 00000000 00000000
000001E0  00000000 00000000 00000000 00000000
000001F0  00000000 00000000 00000000 92BEC20D
                                     ^^^^^^^^  checksum / CRC

Structure of one section in the table

Code:
03000000   number of modules to follow

section# start    size     ???
-------- -------- -------- --------
02000000 00BE0600 00000200 00000041  1st module
02000000 00BE0800 00400000 00108041  2nd module
02000000 00FE0800 00400200 00000480  3rd module


Attachments:
EXT0DB6Q.enc.decoded.7z [306.01 KiB]
Downloaded 313 times

_________________
A backup a day keeps DR away.
Top
 Profile  
 
 Post subject: Re: SSD firmware hacking.
PostPosted: May 20th, 2022, 16:08 
Offline
User avatar

Joined: September 8th, 2009, 18:21
Posts: 15461
Location: Australia
The 32-bit CRC is calculated over the preceding 0x1FC bytes.

In HxD (freeware hex editor) one would select Analysis -> Checksums -> CRC-32.

_________________
A backup a day keeps DR away.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 31 posts ]  Go to page Previous  1, 2

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 13 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group