33 comments

[ 3.9 ms ] story [ 77.2 ms ] thread
This is the 2013 presentation about firmware analysis / modification of the internal controller inside of uSD cards.
Yeah, those mini and regular SD cards looked huge, and micro SD is pretty much a universal standard by now.
Sweet username!
what’s so great about it?
what’s so great about it?
Shameless plug for bunnie: the "The Hardware Hacker" book has a fair bit more on the subject, and is, the verall, quite a good read.
Second this book for an insider’s look at the culture around Shenzhen and China’s position in the electronics market in general.
I'd also suggest his blog is a goldmine for anyone even remotely interested in developing electronics projects.
Thanks for not dressing it up with an affiliate link, seriously.
Why? I like affiliate links.
Would that be so bad that a fellow HackerNews user could get some revenue instead of having one of the richest person/corporation on Earth collect the full share of the sale instead?
If they were shady about it, perhaps. I have no objection to affiliate links that are disclosed.
Can you generate an affiliate link where the affiliate fee is directed to a non-profit?
If the non-profit has a known affiliate code, adding it to any random Amazon item should be sufficient.

There is also AmazonSmile, although I am not 100% sure whether affiliate links still generate revenue when using a Smile link.

Smile transfers a portion (0.5%) of the sale to a charity of the buyers choice. You can't force or even suggest one in the link and it only applies to smile.amazon.com links. I think St Jude's is the default though so they may come out ahead if you change the URL.
I have enough of a problem with the link essentially advertising Amazon, to be honest.
It's less that one HN user could get a kickback, and more that if posting your own affiliate links was accepted practice, HN would end up being flooded with such links any time they were remotely tangentially on-topic.
As an aside, it's kind of bizarre the hardcover edition is cheaper than the ebook and paperback editions.
> Those in high-risk, high-sensitivity situations should assume that a “secure-erase” of a card is insufficient to guarantee the complete erasure of sensitive data.

People in such situations should be encrypting anything sensitive that goes onto external storage anyway, you shouldn't be in a position where you have to "secure-erase" anything.

Destruction of data is still safer than the non-zero chance of breaking your encryption measure.
(comment deleted)
Maybe "secure erase" caches, swap space, and RAM - don't know if it's true but I understand RAM can hold a pattern when powered down, sufficient to be recovered if you need it enough. Anything you consume unencrypted gets displayed unencrypted at some point and so is stored in some way in clear-text (unless you use external mechanical means for the last step?).
> It can be anything from high-grade factory-new silicon to material with over 80% bad sectors.

Guess I hadn't considered that a 512GB SD card could be repackaged as a 32GB card if the wear pattern isn't even and only 90% of the cells are dead. Also, 2013. I'm not convinced recycling this way is cost-effective.

So are there any practical applications, in the sense of projects reprogramming sd cards for other uses, as a cheap micro controller, etc?
Given the lack of I/O, probably not (or perhaps in not thinking creatively enough). But you can get microcontrollers for less than a dollar anyway...

Relatedly, I remember the eyeFi (or similar) wifi-enabled SD cards got 'hacked' a few years ago, and you could get a Linux shell on them.

I mean, it still does have I/O, it just needs to present itself as a regular SD card. So computation could be triggered by e.g. changing the contents of a file with a certain name, and output would be another file.

One immediate practical application is a hidden cryptographic partition on an SD card. It could be implemented in a way such that during normal use, no data shows up, and the corresponding blocks are marked as bad. But create a password file with the right content, and the firmware decrypts and exposes the hidden data. Since there's no way to read the firmware, only to update it, even detecting such a scheme would require tearing the SD card down in a lab - not really feasible for routine searches, given how many cards there are around (used in phones and tablets etc).