All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 6 posts ] 
Author Message
 Post subject: Malware in Hide Sector in SSD (Please Help)
PostPosted: April 18th, 2021, 0:48 
Offline

Joined: April 18th, 2021, 0:37
Posts: 2
Location: Sao Paulo
Hello everyone,

I have been suffering attacks on my computer for a while now and I disbelieved that I could have a virus in some sector marked as bad block on my ssd ...
searching now on the internet I came across this article that seems to have given me a light explaining that it is possible for malware to be hidden in spaces reserved for bad blocks in ssd, is that right?

Does anyone know any software that is possible to erase or rewrite these sectors? I've tried using HDPARM to sanitize my ssd and do Wipe several times but without any results ...

I would appreciate it if anyone could help ...

This is article...

Profile photo for Izaac Wilkowski
Izaac Wilkowski
, former Bitcoin Flipper
Answered 3 years ago ยท Author has 51 answers and 140.3K answer views

contrary to what everyone is saying, within ssd based devices they can.

This is because they can abuse the marking of bad blocks within the device.

But let's go back a step. SSDs fail at a much faster rate than other drives. As a result, processes exist to handle areas of memory just disappearing. At the level of the drive a byte of the sector is changed to indicate that this sector is bad, but this can be done by an attacker and the bad block table can be updated to reflect the attackers change. To anyone outside the device, to any program with the device, and to the operating system, everything within that sector is garbage and is ignored. But if that area isn't garbage, but instead a malicious codebase, the attacker has just created an elaborate hidden partition within the drive.

Astoundingly, you can still force a read/write request to bad blocks (at least on android at the time of this research) so attackers can freely use this space. Next other elaborate tricks can be performed, but that is another subject.

What is important about this attack is that programs need to respect the bad block table in order to function. Operating systems have to believe these sectors are bad, and upon reinstall this table is not rechecked. Which means that this style of attack persists through reinstall, cannot be found by conventional antivirus and looks like normal hard drive wear. It is long term, untraceable, and can be weaponized easily.


https://www.quora.com/Can-malware-or-rootkits-survive-wiping-SSD-or-HDD-during-OS-reinstallation


Top
 Profile  
 
 Post subject: Re: Malware in Hide Sector in SSD (Please Help)
PostPosted: April 19th, 2021, 1:24 
Offline
User avatar

Joined: December 4th, 2012, 1:35
Posts: 3744
Location: Adelaide, Australia
I have heard this before. I am not trying to be a d*ck to you, but hoping to help you look at this situation subjectively.


I had a sore chest, and I found an article that suggests I could be having a heart attack. This is similar to what you are saying.

1. what actual evidence exists about these attacks? Are you seeing real evidence, or unexplained behaviour?
2. Are you a target that another party would spend the significant investment to attack you in this manner?

This is extremely uncommon, and I would be holding back on this train of thought without hard evidence, which may or may not be possible to find.


Top
 Profile  
 
 Post subject: Re: Malware in Hide Sector in SSD (Please Help)
PostPosted: April 19th, 2021, 3:06 
Offline

Joined: August 13th, 2016, 17:10
Posts: 121
Location: Vienna, Austria
For SSDs, the bad-blocks are managed by the SSD itself, and the bad-block management is not directly accessible from the host computer. Contrary to USB-sticks, where the bad-block list is in a hidden area that can be accessed by the host computer. The firmware of each SSD vendor and each SSD model is different, so there is no generic way to hide malware in bad blocks. For USB sticks, there is some standardisation (one or maximum a few different standards) for the bad-block management.
The only possible way I can think of is the ATA command for simulating bad blocks, but from my experience this seems to be seldomly implemented by the vendors. If you want to investigate, you can search for "hdparm --make-bad-sector"


Top
 Profile  
 
 Post subject: Re: Malware in Hide Sector in SSD (Please Help)
PostPosted: April 19th, 2021, 17:51 
Offline

Joined: March 15th, 2020, 16:40
Posts: 11
Location: Republic of Srpska
Even if this is true, there still needs to be part of virus located on regular ssd space which could be executed on startup and then that part can call rest of itself from "bad blocks". Otherwise, there would be no mechanism to start it thus it would be harmless.


Top
 Profile  
 
 Post subject: Re: Malware in Hide Sector in SSD (Please Help)
PostPosted: April 19th, 2021, 18:47 
Offline

Joined: April 18th, 2021, 0:37
Posts: 2
Location: Sao Paulo
HaQue wrote:
I have heard this before. I am not trying to be a d*ck to you, but hoping to help you look at this situation subjectively.


I had a sore chest, and I found an article that suggests I could be having a heart attack. This is similar to what you are saying.

1. what actual evidence exists about these attacks? Are you seeing real evidence, or unexplained behaviour?
2. Are you a target that another party would spend the significant investment to attack you in this manner?

This is extremely uncommon, and I would be holding back on this train of thought without hard evidence, which may or may not be possible to find.



Hello, where's the full article for us to see ... When we do something, we should do it right ... otherwise, it will seem like I'm terrified of being able to finish the things I start ... always end up dying first ... .


Top
 Profile  
 
 Post subject: Re: Malware in Hide Sector in SSD (Please Help)
PostPosted: April 24th, 2021, 4:48 
Offline
User avatar

Joined: December 4th, 2012, 1:35
Posts: 3744
Location: Adelaide, Australia
to keep it simple, elaborate on:

"suffering attacks on my computer "


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 6 posts ] 

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 5 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group