Hiding data in bad blocks?

[kevinSTIr]

I have read in numerous places that some people write data in bad blocks in order to avoid being caught. How is that possible since bad blocks are supposely inaccessible?

Thanks

[hddguy]

You can write to a good sector then add it manually

[kevinSTIr]

You can write to a good sector then add it manually

what do you mean by "then add it manually"?

Add what where? transfer file from a good sector to bad? if this is possible why not write to bad block directly?

[hddguy]

Take a good sector, write to it, then manually add this to one of the drives defect lists using specific hardware that allows you to add it.

[HaQue]

Bad blocks are inaccessible(in most cases) by regular methods of disk access. They ARE accessible using some "Pro" tools and/or through terminal access.

In the case of Flash memory, some use a byte in the service area to say bad block or not, some Flash that is used for storing firmware, such as on a home router or other embedded OS(usually Linux) stores the bad Block table off chip, or on chip and needs to be read first before reading the actual contents. There is a talk about NAND Flash messing about that should provide you with the answer to your question.. IIRC it was by Monk (Josh Thomas) at BH/Defcon/Shmoocon or one of those.

I read, listen to and see a LOT of talks, research and assorted hackery, and it all seems to blend together at times, so don't sue me if some detail is slightly off!