Flash Extractor
© Soft-Center
About     Shop     Downloads     Manual     Library     Forum     Services     Contacts
Flash Extractor \ Forum \ Chat \ Recovery at home -- a tale of SD cards and woe... \
Recovery at home -- a tale of SD cards and woe...   Search  Register  Log in
23.09.2023 - tech support stopped
23.09.2024 - forum closed
Reply to topic
Author Message
joshua



Joined: 23 Jun 2012
Posts: 2
Location: Mountain View, CA
PostPosted: Mon Jun 25, 2012 11:47    Post subject: Recovery at home -- a tale of SD cards and woe...
Reply with quote
Hi folks.

I've been browsing the web for the past few days, and it seems like there really is precious little information out there on on-flash formats...

A few weeks ago, I dropped my laptop, and it landed on the SD card sticking out of the side of it, resulting in
a pretty ghastly scene. I figured that since I didn't care about the data all *that* much, I wasn't worried about make things worse, and so I got to work building some hardware to dump the NAND flash out. A bunch of hacking later, I have what seems like a reasonable looking dump of the flash -- the entropy level looks right, and there are definite patterns to it -- but it appears to be arranged in a way that makes very little sense to me, and there are not any of the strings that I expect in it. (You can see the full set of photos from what I did here, if anyone is wondering what people do when they *don't* have real labs to do this all in Very Happy)

Looking around the web, it looks like a handful of these cards are XORed, but when I tried XORing the first 32MB or so with all single-byte combinations, I still didn't get the 'FAT32' string that I expected to be in there. This is using an EN2683B-BA controller; it seems like it's a something along the lines of http://flash-extractor.com/library/SM/EN2683/EN2683__ec_de_d5_7a__2x1 , though I'm not sure exactly what the above maps to. How does the wear leveling work on these? Am I wrong in expecting the 'FAT32' string to be at the beginning? Also, has anyone ever managed to extract a datasheet for the controller out of Silicon Motion?

If anyone can give me a hand with this, I'd be more than happy to share my RTL for the FPGA so that people can dump even tougher flash devices.

(bonus in the link above: my attempts to reconnect with the original flash controller. I bought another two of the same type of SD card -- the same SKU from Amazon, even! -- but it was too late, and they had switched to two packages, presumably with a different firmware on the flash controller. I also attempted to reuse the original flash controller, but I think it probably got fried by a pin-to-pin short when the card originally got crumpled.)

Best regards, and thanks to anyone who might be able to help!
joshua
Display posts from previous:   
Reply to topic All times are GMT + 4 Hours
Page 1 of 1

 

Last added
AU6384   ec da 80 15   1x1 AU6980   ec d3 55 25   1x1 AU6980   ad dc 80 95   1x2 AU6980 B4   ad dc 80 95   1x1 AU6983   2c d5 94 3e   4x1 AU6982   ec d5 55 a5   1x1 AU6982   ec d5 55 25   1x1 AU6982   ec d3 51 95   2x4 AU6982   ec d3 14 a5   1x1   v2
News
01.02.2024 Save FE key
23.09.2022 The End
11.11.2021 Legs for NR
16.08.2021 Sector Number Slow
15.07.2021 New drivers
© Soft-Center ltd.