Sdcard 30c3 Pub
Sdcard 30c3 Pub
Sdcard 30c3 Pub
[intechopen.com]
Also, Bad Blocks
● TLC/MLC Flash price is < 0.1nano$/bit
– Onlyachievable because every piece of silicon fabricated is sold,
regardless of fabrication errors – nothing is thrown away
– Work around: bad block remapping
● In some cases, over 80% of blocks are bad (e.g. 16GiB chip sold as 2GiB)
– Also, blocks go bad with P/E cycles
[xeltek]
[theregister.co.uk]
Why do it at this layer?
Rainbow tables Application
OS JFFS, YAFFS
Bus controller
Device controller SSD, SD, USB mass storage
Raw Flash
● Considering:
– Flash geometry changes every 12-18 mos
● New ECC rules
● New page size, block mapping
● Intensely cost-sensitive market
● Lowest cost, highest performing Flash chips are proprietary
The Concern
● This is the set up for a MITM attack
● What runs on the microcontroller? Can it be
hacked? Can I trust my Flash memory?
Programmable
My computer microcontroller Raw Flash
Fakes Turn In; New
Quest: Hack an SD Card
● Find and hack an SD card
– Control
the micro to make an LED flash, at a bare
minimum
– Challenge: no public docs available on controllers
● Our story
– Hardware tools developed to inspect, learn, and hack
SD cards
– Softwaretools and static code analysis to discover
back doors and controller structure
Step 1: Acquire targets
SD Cards Ahoy
Card Survey
What's inside
Easy mode decap
Taps: gen 1 monolithic
Taps Gen2
Taps: gen 2, monolithic
and discrete
Tap in-system
Tapping system diagram
●
Capabilities: DDR3 memory (16-bit, 800MT/s, 256 MiB) DDR3
–Flash ROM emulation
● DDR3 as Flash
● Dual-port implementation, Multi-port 800MT/s DDR3 controller
FLASH
memory chip FLASH memory chip is
removed or installed depending
on objective (i.e.,
FLASH observation/logging or fuzzing)
microcontroller
SD card
ROM reader
Identifying a target
● Discrete implementation – more hacking options than monolithic
● SLC memory (unscrambled, trivially readable)
– Easy
to check for strings:
“China Buildwin SD Controller,Anti
Japig,Author:Y/G/S/P/X Date:20087”
– Cross-check against google → Appotech controller, likely 8051
● AX211
Factory Firmware
● Initial code had to get there
somehow
– Tryto get ahold of the factory's
flashing tool
Obtaining software
Obtaining software
Programming tool
Strange filenames
About the 8051
About the 8051
http://www.win.tue.nl/~aeb/comp/8051/set8051.html
About the 8051
http://www.win.tue.nl/~aeb/comp/8051/set8051.html
About the AX211
About the AX211
About the AX211
Programming process
Open programmer 2005FM.BIN
Boot
Ready
Start burn
Load TestBoot.BIN
Load SD interpreter
Ready
Check flash size
Load FLASH_SCAN.BIN Run flash scan, send
Result back to
Passthru Results host
Set up programming SD
Load FLASH_PRO.BIN commands Load code to RAM,
Okay Return Okay
Program firmware
Load correct BIN file Write firmware to
Wait for next card Done Flash
Windows AX2005
programming jig AX211 SD card
programmer
x86 8051 8051
SD Protocol: Hardware
● Signals:
– CMD
– DAT0 – DAT3
– CLK
● Signal integrity
– Commands use CRC7
– Data uses CRC16
● Also supports SPI mode
SD Protocol: Software
● 64 Possible Commands
– CMD0: Reset / Go Idle
– CMD10: Get CID
– CMD41: ACMD “escape”
– CMD60 – CMD63: Reserved for mfgr
● 32 bits of “argument” data
sleep:
mov R5, #0xff
mov R6, #0x20
top_of_pause:
djnz R5, top_of_pause
djnz R6, top_of_pause
ret
“Hello, World”
Observed 65 changes:
00000000 57 57 57 57 57 57 57 47 47 47 47 47 47 57 57 57 |WWWWWWWGGGGGGWWW|
00000010 57 57 57 57 57 57 47 47 47 47 47 47 47 57 57 57 |WWWWWWGGGGGGGWWW|
00000020 57 57 57 57 57 57 47 47 47 47 47 47 47 57 57 57 |WWWWWWGGGGGGGWWW|
00000030 57 57 57 57 57 57 47 47 47 47 47 47 47 57 57 57 |WWWWWWGGGGGGGWWW|
00000040 57 57 57 57 57 57 47 47 47 47 47 47 57 57 57 57 |WWWWWWGGGGGGWWWW|
00000050 57 57 57 57 57 47 47 47 47 47 47 47 57 57 57 57 |WWWWWGGGGGGGWWWW|
00000060 57 57 57 57 57 47 47 47 47 47 47 47 57 57 57 57 |WWWWWGGGGGGGWWWW|
00000070 57 57 57 57 57 47 47 47 47 47 47 47 57 57 57 57 |WWWWWGGGGGGGWWWW|
00000080 57 57 57 57 57 47 47 47 47 47 47 47 57 57 57 57 |WWWWWGGGGGGGWWWW|
00000090 57 57 57 57 57 47 47 47 47 47 47 47 57 57 57 57 |WWWWWGGGGGGGWWWW|
000000a0 57 57 47 47 47 47 47 47 47 57 57 57 57 57 57 57 |WWGGGGGGGWWWWWWW|
000000b0 57 57 47 47 47 47 47 47 47 57 57 57 57 57 57 57 |WWGGGGGGGWWWWWWW|
000000c0 57 57 47 47 47 47 47 47 47 57 57 57 57 57 57 57 |WWGGGGGGGWWWWWWW|
000000d0 57 57 47 47 47 47 47 47 47 57 57 57 57 57 57 57 |WWGGGGGGGWWWWWWW|
000000e0 57 57 47 47 47 47 47 47 47 57 57 57 57 57 57 57 |WWGGGGGGGWWWWWWW|
000000f0 57 57 47 47 47 47 47 47 57 57 57 57 57 57 57 57 |WWGGGGGGWWWWWWWW|
00000100 57 47 47 47 47 47 47 47 57 57 57 57 57 57 57 57 |WGGGGGGGWWWWWWWW|
00000110 57 47 47 47 47 47 47 47 57 57 57 57 57 57 57 57 |WGGGGGGGWWWWWWWW|
00000120 57 47 47 47 47 47 47 47 57 57 57 57 57 57 57 57 |WGGGGGGGWWWWWWWW|
00000130 57 47 47 47 47 47 47 47 57 57 57 57 57 57 57 57 |WGGGGGGGWWWWWWWW|
00000140 57 47 47 47 47 47 47 47 57 57 57 57 57 57 57 57 |WGGGGGGGWWWWWWWW|
00000150 57 47 47 47 47 47 47 57 57 57 57 57 57 57 57 57 |WGGGGGGWWWWWWWWW|
00000160 47 47 47 47 47 47 47 57 57 57 57 57 57 57 57 57 |GGGGGGGWWWWWWWWW|
00000170 47 47 47 47 47 47 47 57 57 57 57 57 57 57 57 57 |GGGGGGGWWWWWWWWW|
00000180 47 47 47 47 47 47 47 57 57 57 57 57 57 57 57 57 |GGGGGGGWWWWWWWWW|
00000190 47 47 47 47 47 47 47 57 57 57 57 57 57 57 57 57 |GGGGGGGWWWWWWWWW|
000001a0 47 47 47 47 47 47 47 57 57 57 57 57 57 57 57 57 |GGGGGGGWWWWWWWWW|
000001b0 47 47 47 47 47 47 57 57 57 57 57 57 57 57 57 57 |GGGGGGWWWWWWWWWW|
000001c0 47 47 47 47 47 47 57 57 57 57 57 57 57 57 57 47 |GGGGGGWWWWWWWWWG|
000001d0 47 47 47 47 47 47 57 57 57 57 57 57 57 57 57 47 |GGGGGGWWWWWWWWWG|
000001e0 47 47 47 47 47 47 57 57 57 57 57 57 57 57 57 47 |GGGGGGWWWWWWWWWG|
000001f0 47 47 47 47 47 47 57 57 57 57 57 57 57 57 57 47 |GGGGGGWWWWWWWWWG|
Writing a Debugger
● Bidirectional SD communications
– Send CMD with four 8-byte arguments
– Get CMD back with four 8-byte responses
● Basic commands
– peek/poke
– GPIO control
– IRQ status
– NAND emulator
– 32-bit opcodes?
● https://github.com/xobs/ax2xx-code
0xa5 “Escape” opcode
● Undefined in standard 8051
● All over the place in AX211 code
● 0xa5 0xXY
● 0xa5 0x7Y 0xWZ
8 bit or 32 bit?
● Four 32-bit registers
– ToC/ToU
● Present one version of file for verification, another for execution
● Bootloader manipulation, etc.
– Selective-modify
● Scan for assets of interest, e.g. security keys, binaries, and
replace with insecure versions
Other Direction:
Samsung MMC
● Samsung pushed firmware patch to eMMC cards in Android
● Contains ARM7 code
– http://forum.xda-developers.com/showthread.php?t=2096045
– Uses “class 8” instructions reserved for manufacturer
“By inspecting some code, it seems that we know how to dump the eMMC RAM:
Look at the function mmc_set_wearlevel_page in line 206. It patches the RAM (using the
method mentioned before), then it validates what it has written (in lines 255-290). Seems that
the procedure to read the RAM is as following:
1. CMD62(0xEFAC62EC) CMD62(0x10210002) to enter RAM reading mode
2. MMC_ERASE_GROUP_START(Address to read) MMC_ERASE_GROUP_END(Length
to read) MMC_ERASE(0)
3. MMC_READ_SINGLE_BLOCK to read the data
4. CMD62(0xEFAC62EC) CMD62(0xDECCEE) to exit RAM reading mode ”
Other Direction: TLC
● TLC Flash has scrambling
applied to avoid “read-disturb”
and “program-disturb” issues
– Scrambling is a proprietary
algorithm, as of yet unknown
– Highly structured
Wrap-up
● SD cards contain fully programmable
microcontrollers
● Controller program modifiable via special
host commands
– Potential for MITM attack scenarios ☻
– Potentialfor extremely cheap microcontroller
for fun projects ☺
Special Thanks
● Shout out to .mudge for creating
CFT which enabled this research,
and many other good things (some
yet to come!)
Q&A
● Demo (time allowing)
● Thanks for your attention!
About the 8051
Internal RAM External RAM
0x0000 - 0xffff