saronno wrote:
Does anybody know how to interface the NAND chip with openOCD?
Yes, but it doesn't work fully reliably yet. The SSD needs to be in the right state that it works, and I dont know how to initialize it into that state if it isn't. And in some ways I have the problem that I can only send one command, but any further commands do not work correctly. But perhaps you can figure out those things...
saronno wrote:
I was able to dump the ram memory through jtag/openocd, but I have some difficulties
interfacing the NAND chip.
Yes, you need to talk to the NAND flash controller through the memory mapped interface.
saronno wrote:
This ssd, as I said previously, hardware similar, if not identical, to EVO 850.
Then my research on the EVO840 should apply to get it running, the flash controller of the EVO 850 is nearly identical to the one on the EVO 840 (but many other things have changed in the hardware)
saronno wrote:
My goal is to get the "crypto blob" because my guess is that the password is just a simple ATA password.
saronno wrote:
So, no OPAL, no ATA maximum security, ... in other word, following the famous paper who analyze ssd security
of various model, I should find the ATA password in plain text into the crypto blob.
So there are 2 ways: You can either get the crypto blob from NAND flash (with chip-off or through JTAG) or you can take it from RAM.
saronno wrote:
There is no trace of the crypto blob in memory from what I see .... so I need to acccess the NAND to get it.
The crypto blob is loaded into RAM and properly wiped directly after it is used. So you have to take a look at the RAM at the right point of time to see it.