If you're interested in this type of stuff. Here's a pretty good Youtube video on the subject of SD card data recovery (soldering with a breakout PCB). His channel is also packed with useful info on the subject of data recovery from all types of devices.
Would that be so bad that a fellow HackerNews user could get some revenue instead of having one of the richest person/corporation on Earth collect the full share of the sale instead?
Smile transfers a portion (0.5%) of the sale to a charity of the buyers choice. You can't force or even suggest one in the link and it only applies to smile.amazon.com links. I think St Jude's is the default though so they may come out ahead if you change the URL.
It's less that one HN user could get a kickback, and more that if posting your own affiliate links was accepted practice, HN would end up being flooded with such links any time they were remotely tangentially on-topic.
> Those in high-risk, high-sensitivity situations should assume that a “secure-erase” of a card is insufficient to guarantee the complete erasure of sensitive data.
People in such situations should be encrypting anything sensitive that goes onto external storage anyway, you shouldn't be in a position where you have to "secure-erase" anything.
Maybe "secure erase" caches, swap space, and RAM - don't know if it's true but I understand RAM can hold a pattern when powered down, sufficient to be recovered if you need it enough. Anything you consume unencrypted gets displayed unencrypted at some point and so is stored in some way in clear-text (unless you use external mechanical means for the last step?).
> It can be anything from high-grade factory-new silicon to material with over 80% bad sectors.
Guess I hadn't considered that a 512GB SD card could be repackaged as a 32GB card if the wear pattern isn't even and only 90% of the cells are dead. Also, 2013. I'm not convinced recycling this way is cost-effective.
I mean, it still does have I/O, it just needs to present itself as a regular SD card. So computation could be triggered by e.g. changing the contents of a file with a certain name, and output would be another file.
One immediate practical application is a hidden cryptographic partition on an SD card. It could be implemented in a way such that during normal use, no data shows up, and the corresponding blocks are marked as bad. But create a password file with the right content, and the firmware decrypts and exposes the hidden data. Since there's no way to read the firmware, only to update it, even detecting such a scheme would require tearing the SD card down in a lab - not really feasible for routine searches, given how many cards there are around (used in phones and tablets etc).
33 comments
[ 3.9 ms ] story [ 77.2 ms ] threadhttps://youtu.be/jjB6wliyE_Y
Here's the point where it is all wired up.
https://youtu.be/jjB6wliyE_Y?t=518
There is also AmazonSmile, although I am not 100% sure whether affiliate links still generate revenue when using a Smile link.
People in such situations should be encrypting anything sensitive that goes onto external storage anyway, you shouldn't be in a position where you have to "secure-erase" anything.
As for RAM encryption, Linux already supports it, if you're using a very new AMD CPU with SME: https://github.com/torvalds/linux/blob/master/Documentation/...
https://news.ycombinator.com/item?id=6980058
Guess I hadn't considered that a 512GB SD card could be repackaged as a 32GB card if the wear pattern isn't even and only 90% of the cells are dead. Also, 2013. I'm not convinced recycling this way is cost-effective.
Relatedly, I remember the eyeFi (or similar) wifi-enabled SD cards got 'hacked' a few years ago, and you could get a Linux shell on them.
One immediate practical application is a hidden cryptographic partition on an SD card. It could be implemented in a way such that during normal use, no data shows up, and the corresponding blocks are marked as bad. But create a password file with the right content, and the firmware decrypts and exposes the hidden data. Since there's no way to read the firmware, only to update it, even detecting such a scheme would require tearing the SD card down in a lab - not really feasible for routine searches, given how many cards there are around (used in phones and tablets etc).