Professional Documents
Culture Documents
f=13&t=31127
FAQ Search
Login Register
HDDGURU FILES
Main » Forums home » Research and development All times are UTC - 5 hours [ DST ]
Forum rules
Please do not post questions about data recovery cases here (use this forum instead). This forum is for topics on finding new ways to recover data. Accessing firmware, writing programs, reading bits off the platter, recovering data
from dust...
Author Message
HaQue Post subject: SSD firmware hacking. Posted: May 6th, 2015, 1:47
I've been Looking into some SSD firmware as this seems to be a good place to start research. Samsung firmware is encoded by a rather silly method. I really wonder why
they bothered.?. I have coded up a small python script to decode Samsung firmware and the associated file that accompanies a firmware update. I am using Python 3.4.3
Code:
b = bytearray(open(sys.argv[1], 'rb').read())
for i in range(len(b)):
b[i] = (lookup[b[i] >> 0x04 & 0x0F] << 0x04) | (b[i] & 0x0F)
open(sys.argv[1] + '.decoded', 'wb').write(b)
http://www.samsung.com/global/business/semiconductor/minisite/SSD/global/html/support/downloads.html
For firmware update ISO's, you can strip out the relevant DSRD.enc update info file and, for example, "DXM06B0Q.enc" firmware files in a number of ways.
here are a few steps that work:
2. Open the extracted folder, then navigate to the appropriate disk image that holds the firmware. it will be called something like "Bootable_2.88M.img". Depending on the
ISO, if it is a DOS or Linux based boot, the files will be in various places, not hard to find. Interestingly there is also mac trash files and deleted firmware, looks rather
sloppy TBH.
3. Extract the files from this image, you can use winhex to parse the image, probably even R-Studio or GetDataBack..or whatever. many ways to do this.
Attachment:
here is before and after screenshot, but the actual firmware file is probably WAY more interesting
Attachment:
1 de 6 22/6/2023, 2:09
View topic - SSD firmware hacking. https://forum.hddguru.com/viewtopic.php?f=13&t=31127
I have some other stuff I am working on, hopefully I can get something interesting to share out of it.
Attachments:
Top
fzabkar Post subject: Re: SSD firmware hacking. Posted: May 6th, 2015, 3:55
Thanks very much for that. I don't know any Python, but your code is easily understandable.
_________________
A backup a day keeps DR away.
Top
Spildit Post subject: Re: SSD firmware hacking. Posted: May 6th, 2015, 5:08
_________________
1Q9xrDTzTddUXeJAFRn37aqh1Yr6buDCdw - (Bitcoin Donations)
paypal.me/Spildit - (PayPal Donations)
The HDD Oracle - Platform for OPEN research on Data Recovery.
Top
Agrail Post subject: Re: SSD firmware hacking. Posted: May 12th, 2015, 9:44
for i := 0 to Length(b)-1 do
b[i] := b[i] xor lookup[b[i]];
What deals with unpacking of firmware from previous drives like MLC SSD (VBM18C1Q, VBM19C1Q, VBM1AD1Q,...)?
2 de 6 22/6/2023, 2:09
View topic - SSD firmware hacking. https://forum.hddguru.com/viewtopic.php?f=13&t=31127
Top
HaQue Post subject: Re: SSD firmware hacking. Posted: May 12th, 2015, 16:25
Actually I haven't really started looking at the firmware itself in great detail
I was starting to look at the update mechanism itself and was attempting to reverse the flasher utility
I never really got into reversing DOS 16-bit programs and certainly haven't much experience in DOS extenders. The usual tools puke at this and to make it worse the
stubbed exe is also packed... As far as I know there never has been any interest in anyone unpacking it
Joined: December 4th, 2012, The firmware itself should be just a mixture of arm and thumb code and may or may not be worth looking at
1:35
Posts: 3779 Thanks for the checksum info!
Location: Adelaide, Australia
Top
Agrail Post subject: Re: SSD firmware hacking. Posted: May 14th, 2015, 11:23
Can you explain, how did you know about this algorithm of microprogram unpacking? I have spend a lot of time for analysis of packed firmwares for XOR detection...
I seen the flasher, there is nothing interesting in it. It doesn't contain a tech key - only 92h command and a few of simple tests inside it.
Joined: May 12th, 2015,
5:37
Posts: 27
Location: Russia
Firmware has a special block structure and consist of ARM and Thumb codes. That's why before you will upload it into disassemble, try to find which blocks and by which
addresses are uploading on SSD RAM. Also, please don't forget that controller have three CPU cores.
If you will have some interesting information about the Samsung SSD, please write me a private message. In exchange I can tell you what I know about these drives or to
offer something more interesting for you
Top
albanytech Post subject: Re: SSD firmware hacking. Posted: August 4th, 2015, 12:09
I will preface this by saying I have mostly VBA coding experience and am just learning Python.
Joined: August 4th, 2015, That said, I have a need to encode the *.enc file. I have been using the samsung_ssd_decode.py with great success. Now, I would like to make a change and encode to
11:11
Posts: 2 test a firmware package. While the code is straight forward, I'm having difficulty with the same process in reverse. Any help is appreciated.
Location: Here or there
Since I'm a new member, I tried to PM but the system said I needed more activity. So, I'm now being active.
Top
fzabkar Post subject: Re: SSD firmware hacking. Posted: August 4th, 2015, 14:17
albanytech wrote:
Now, I would like to make a change and encode to test a firmware package. While the code is straight forward, I'm having difficulty with the same process in reverse.
Code:
import sys
Joined: September 8th, lookup = [0x01,0x03,0x05,0x07,0x09,0x0B,0x0D,0x0F,0x0E,0x0C,0x0A,0x08,0x06,0x04,0x02,0x00]
2009, 18:21
Posts: 14899 decFile = open(sys.argv[1] + '.encoded', 'wb')
Location: Australia
b = bytearray(open(sys.argv[1], 'rb').read())
for i in range(len(b)):
b[i] = (lookup[b[i] >> 0x04 & 0x0F] << 0x04) | (b[i] & 0x0F)
open(sys.argv[1] + '.encoded', 'wb').write(b)
I would test it by encoding and then decoding a test file. The result should be identical to the original file.
_________________
A backup a day keeps DR away.
Top
3 de 6 22/6/2023, 2:09
View topic - SSD firmware hacking. https://forum.hddguru.com/viewtopic.php?f=13&t=31127
albanytech Post subject: Re: SSD firmware hacking. Posted: August 4th, 2015, 15:03
Top
chrisfoster Post subject: Re: SSD firmware hacking. Posted: August 17th, 2015, 22:04
I think you will find the Zheino CHN-25PATA01 range of drives, likely to be the most hack-able as they are specifically designed to be utilized in a wide range of industrial
machinery. They respond to email and I think you would be able to communicate directly with the engineering group
Joined: August 17th, 2015,
21:40
Posts: 39 Available on Amazon or from Ali Express here:http://goo.gl/VYdv5a
Location: Adelaide, South
Australia
Cheers
Top
HaQue Post subject: Re: SSD firmware hacking. Posted: August 17th, 2015, 22:29
Thanks a lot, will have a look at those for sure. nice to someone else in SA even knows what an SSD is, let alone hacking one!
edit:
looking them up, I got a chuckle at the Lost in Translation.. couldn't resist, hope no-one is easily offended:
Attachment:
Top
HaQue Post subject: Re: SSD firmware hacking. Posted: August 17th, 2015, 22:46
Why is their whole support page just an image and link to http://www.baidu.com/ ? same with the News Page..
forum looks dodgy:
Code:
CCCCCCCCCCCC
ccccccccc
Moderators:xiong 1 0 enter topicfdsfsdfs
12 months ago | By Raziel
Top
chrisfoster Post subject: Re: SSD firmware hacking. Posted: August 17th, 2015, 22:51
If you go through a checkout process and pay via Paypal, as a buyer you cannot lose. I know from the perspective of an eBay seller for 14 years, the buyer always wins
and in some cases keeps the goods as well
Joined: August 17th, 2015,
21:40
Posts: 39 Edit: I just bought one off eBay Australia (Australian stock) @ $82 and I have no fear of losing money
Location: Adelaide, South
Australia
http://www.ebay.com.au/itm/171110782702
4 de 6 22/6/2023, 2:09
View topic - SSD firmware hacking. https://forum.hddguru.com/viewtopic.php?f=13&t=31127
Top
Serdyuk Post subject: Re: SSD firmware hacking. Posted: August 26th, 2015, 7:21
Sorry for my stupid question, but i can't find any .enc files. There are only four files in iso image: btdsk.img, isolinux.bin, isolinux.cfg, memdisc.
Top
HaQue Post subject: Re: SSD firmware hacking. Posted: August 26th, 2015, 8:40
Serdyuk wrote:
Sorry for my stupid question, but i can't find any .enc files. There are only four files in iso image: btdsk.img, isolinux.bin, isolinux.cfg, memdisc.
not stupid at all. This stuff gets easier the more you play around with it.
after you extract files from the ISO, you will be left with a few files... You then have to further extract from one of these files.
Joined: December 4th, 2012, You will notice btdsk.img is about 2,880kb, and being the largest file you can be certain this one contains the firmware. So extract this file... with z-zip, "extract here"
1:35
Posts: 3779 then look in folder "btdsk\Samsung\DSRD\FW\DXT09B0Q" for example
Location: Adelaide, Australia
if you read number 2. and 3. where I explained it above, it should make sense.
Top
Serdyuk Post subject: Re: SSD firmware hacking. Posted: October 2nd, 2015, 11:37
HaQue, thnx
Joined: August 26th, 2015, I disassembled this firmware and now i'm trying to understand this code.
7:14
Posts: 3 How can i find port addresses?
Location: mircwood
Top
naonao5321 Post subject: Re: SSD firmware hacking. Posted: August 4th, 2016, 11:50
@HaQue
I want to edit "dsrd.enc",so I use "samsung_ssd_decode.py" to change it ,but how to change "dsrd.enc.decoded" to "dsrd.enc" ? and can't use
Joined: August 4th, 2016, "samsung_ssd_decode.py" to change "CXM03B1Q.enc".
10:41
Posts: 1
Location: China
Attachments:
Top
fzabkar Post subject: Re: SSD firmware hacking. Posted: December 25th, 2017, 17:15
Top
Agrail Post subject: Re: SSD firmware hacking. Posted: January 9th, 2018, 5:28
Top
omeric4c Post subject: Re: SSD firmware hacking. Posted: February 27th, 2018, 7:00
5 de 6 22/6/2023, 2:09
View topic - SSD firmware hacking. https://forum.hddguru.com/viewtopic.php?f=13&t=31127
a question,when I got firmware files. DSRD.enc and DXM06B0Q.enc ,and decoded it ,how to write back to ssd?
Top
Display posts from previous: All posts Sort by Post time Ascending Go
Main » Forums home » Research and development All times are UTC - 5 hours [ DST ]
Who is online
6 de 6 22/6/2023, 2:09