wraggster
December 30th, 2013, 21:53
http://hackadaycom.files.wordpress.com/2013/12/aaa.png?w=580&h=362 (http://hackadaycom.files.wordpress.com/2013/12/aaa.png)
We hope that some of our readers are currently at this year’s Chaos Communication Congress (http://en.wikipedia.org/wiki/Chaos_Computer_Club) (schedule can be found here (http://events.ccc.de/congress/2013/Fahrplan/schedule.html) and live streams here (http://fireglow.de/755/share/30c3-streams.html)), as many interesting talks are happening. One of them addressed hacking the memory controllers (http://www.bunniestudios.com/blog/?p=3554) embedded in all memory cards that you may have. As memory storage density increases, it’s more likely that some sectors inside the embedded flash are defective. Therefore, all manufacturers add a small microcontroller to their cards (along with extra memory) to invisibly ‘replace’ the defective sectors to the operating system.
[Bunnie] and [xobs] went around buying many different microSD cards in order to find a hackable one. In their talk at 30C3 (slides here (http://bunniefoo.com/bunnie/sdcard-30c3-pub.pdf)), they reported their findings on a particular microcontroller brand, Appotech, and its AX211/AX215. By reverse engineering the firmware code they found online, they discovered a simple “knock” sequence transmitted over manufacturer-reserved commands that dropped the controller into a firmware loading mode. From there, they were able to reverse engineer most of the 8051 microcontroller function-specific registers, allowing them to develop novel applications for it. Some of the initial work was done using a FPGA/i.MX6-based platform that the team developed named Novena (http://www.bunniestudios.com/blog/?tag=novena), which we hope may be available for purchase some day. It was, among others, used to simulate the FLASH memory chip that the team had previously removed. A video of the talk is embedded below.
http://hackaday.com/2013/12/29/hacking-sd-card-flash-memory-controllers/
We hope that some of our readers are currently at this year’s Chaos Communication Congress (http://en.wikipedia.org/wiki/Chaos_Computer_Club) (schedule can be found here (http://events.ccc.de/congress/2013/Fahrplan/schedule.html) and live streams here (http://fireglow.de/755/share/30c3-streams.html)), as many interesting talks are happening. One of them addressed hacking the memory controllers (http://www.bunniestudios.com/blog/?p=3554) embedded in all memory cards that you may have. As memory storage density increases, it’s more likely that some sectors inside the embedded flash are defective. Therefore, all manufacturers add a small microcontroller to their cards (along with extra memory) to invisibly ‘replace’ the defective sectors to the operating system.
[Bunnie] and [xobs] went around buying many different microSD cards in order to find a hackable one. In their talk at 30C3 (slides here (http://bunniefoo.com/bunnie/sdcard-30c3-pub.pdf)), they reported their findings on a particular microcontroller brand, Appotech, and its AX211/AX215. By reverse engineering the firmware code they found online, they discovered a simple “knock” sequence transmitted over manufacturer-reserved commands that dropped the controller into a firmware loading mode. From there, they were able to reverse engineer most of the 8051 microcontroller function-specific registers, allowing them to develop novel applications for it. Some of the initial work was done using a FPGA/i.MX6-based platform that the team developed named Novena (http://www.bunniestudios.com/blog/?tag=novena), which we hope may be available for purchase some day. It was, among others, used to simulate the FLASH memory chip that the team had previously removed. A video of the talk is embedded below.
http://hackaday.com/2013/12/29/hacking-sd-card-flash-memory-controllers/