Hacking SD Card & Flash Memory Controllers

We hope that some of our readers are currently at this year’s Chaos Communication Congress (schedule can be found here and live streams here), as many interesting talks are happening. One of them addressed hacking the memory controllers embedded in all memory cards that you may have. As memory storage density increases, it’s more likely that some sectors inside the embedded flash are defective. Therefore, all manufacturers add a small microcontroller to their cards (along with extra memory) to invisibly ‘replace’ the defective sectors to the operating system.

[Bunnie] and [xobs] went around buying many different microSD cards in order to find a hackable one. In their talk at 30C3 (slides here), they reported their findings on a particular microcontroller brand, Appotech, and its AX211/AX215. By reverse engineering the firmware code they found online, they discovered a simple “knock” sequence transmitted over manufacturer-reserved commands that dropped the controller into a firmware loading mode. From there, they were able to reverse engineer most of the 8051 microcontroller function-specific registers, allowing them to develop novel applications for it. Some of the initial work was done using a FPGA/i.MX6-based platform that the team developed named Novena, which we hope may be available for purchase some day. It was, among others, used to simulate the FLASH memory chip that the team had previously removed. A video of the talk is embedded below.

Continue reading “Hacking SD Card & Flash Memory Controllers”

A Motherboard for a WiFi Enabled SD Card

Over the last few months, a few very capable hackers have had a hand in cracking open a Transcend WiFi-enable SD card that just happens to be running a small Linux system inside. The possibilities for a wireless Linux device you can lose in your pocket are immense, but so far no one has gotten any IO enabled on this neat piece of hardware. [CNLohr] just did us all a favor with his motherboard for these Transcend WiFi SD cards, allowing the small Linux systems to communicate with I2C devices.

This build is based upon [Dmitry]’s custom kernel for the Transcend WiFiSD card. [CNLohr] did some poking around with this system and found he could use an AVR to speak to the card in its custom 4-bit protocol.

The ‘motherboard’ consists of some sort of ATMega, an AVR programming header, a power supply, and a breakout for the I2C bus. [Lohr] wired up a LED array to the I2C bus and used it to display some configuration settings for the WiFi card before connecting to the card over WiFi and issuing commands directly to the Linux system on the card. The end result was, obviously, a bunch of blinking LEDs.

While this is by far the most complex and overwrought way to blink a LED we’ve ever seen, this is a great proof of concept that makes the Transcend cards extremely interesting for a variety of hardware projects. If you want your own Transcend motherboard, [CNLohr] put all the files up for anyone who wants to etch their own board.

Rescuing an SD card with an Arduino

A few days ago, one of [Severin]’s SD cards died on him, Instead of trashing the card, he decided to investigate what was actually wrong with the card and ended up recovering most of the data using an Arduino and an immense amount of cleverness.

SD cards can be accessed with two modes. The first is the SDIO mode, which is what cameras, laptops, and other card readers use. The second mode is SPI mode. SPI is slower, but much, much simpler. It turned out the SDIO mode on [Severin]’s card was broken, but accessing it with an Arduino and SPI mode worked. There was finally hope to get files off this damaged card.

[Severin] used a few sketches to dump the data on the SD card to his computer. The first looked at the file system and grabbed a list of files contained on the card. The second iterated over the file system and output all the files in hex over the serial port. With a bit of Python, [Severin] was able to reconstruct a few files that were previously lost forever.

Even though the SD card was completely inaccessible with a normal card reader, [Severin] was able to get a few files off the card. All the sketches and Python scripts are available on the Githubs, ready to recover files from your broken SD cards.

Pocket Serial Host acts as an Apple II disk drive

apple-II-pocket-serial-host

[Osgeld] is showing off what he calls a sanity check. It’s the first non-breadboard version of his Pocket Serial Host. He’s been working on the project as a way to simplify getting programs onto the Apple II he has on his “retro bench”. When plugged in, the computer sees it as a disk drive.

The storage is provided by an SD card which is hidden on the underside of that protoboard. This makes it dead simple to hack away at your programs using a modern computer, then transfer them over to the retro hardware. The components used (starting at the far side of the board) are a DB9 serial connector next to a level converter to make it talk to the ATmega328 chip being pointed at with a tool. The chip below that is a level converter to get the microcontroller talking to the RTC chip seen to the right. The battery keeps that clock running when there’s no power from the 5V and 3.3V regulators mounted in the upper right.

The video after the break shows off this prototype, the breadboard circuit, and a demonstration with the Apple II.

Continue reading “Pocket Serial Host acts as an Apple II disk drive”

Hackaday links: September 11, 2012

Xbee sensors at Lowe’s?

Lowe’s, the home improvement big box store, is selling some home automation items which might be Xbee compatible. They’re being sold under the brand name Iris. There is some debate as to whether they’re Xbee, or just 802.15.4 hardware. Either way they might be worth checking out for your wireless projects.

Father sword replica from Conan the Barbarian

Sometimes its just fun to watch the master at work. In this case it’s a blacksmith replicating the sword from Conan the Barbarian. [via Reddit]

LG washing machine that phones home

LG has built an interesting troubleshooting feature into some of their washing machines. This video shows the encoded audio it will output if you use the right button combination. You’re supposed to hold your phone up to the machine while talking to customer service and they’ll be able to get some type of debugging information from the dial-up modem type of sounds. If you end up decoding this audio we want to know about it! [Thanks Pedro]

MicroSD card adapter for Raspberry Pi

[TopHatHacker] was surprised to see a full-sized SD card slot on the Raspberry Pi. His temporary solution to get his microSD card working was to uses a miniSD adapter. He cut away the case and bent the pins until they lined up with the microSD card.

Batman’s cowl for retro motorcycle enthusiasts

Okay, we think this Batman cowl in the style of 1950’s motorcycle garb is pretty cool. Just realize that if you’re seen wearing this you will be thought of as one of the crazy guys in town. [via BoingBoing]

Accessing an SD card through a parallel port, just because

[Vinod] sent in a very cool build he says is somewhat of a ‘mad project': he mounted an MMC and SD card under Linux using the parallel port on his computer. Even though parallel ports are getting rarer these days, we absolutely love [Vinod]’s dedication and willingness to dig around the Linux kernel.

The hardware portion of the build is very simple – just an SD/MMC header and a few resistors wired up to a parallel port. The software side of the hack gets pretty interesting with [Vinod] building a kernel module, something we rarely see on Hackaday.

We’d have to agree with [Vinod]’s ‘mad project’ sentiment, if only because of the terrible throughput of [Vinod]’s adapter; it takes him more than a minute to transfer a 1.5 MB file onto the SD card – terribly slow, to put it mildly. Nevertheless, we’ve got to respect [Vinod] for pushing the limits of uselessness and still building something cool in the process.

Building a media player with an MSP430

A media player based on an Arduino and SD card has been done to death several times over, but that doesn’t mean we can’t appreciate [Matt]’s MSP430 audio player. It’s a very nice piece of work that supports a FAT16 file system and only takes up 54 bytes of RAM.

To make his dream of a 430 media player a reality, [Matt] based his work on the DIY Life Talking MSP430 project. Unlike this previous attempt to play music with a ‘430 and SD card, [Matt] threw in a full FAT16 file system, allowing him to drag and drop audio files on his computer to the SD card.

Right now [Matt]’s build can play a stereo audio file through its speakers, but the sound quality over a mono file is greatly reduced. The maximum sample rate is 16kHz; a ‘good enough’ sample rate if you’re listening with terrible headphones. In the video after the break, [Matt] plays this awesome Symphony of Science on his homebrew media player. We’re guessing his camera doesn’t do his project justice, but it’s still impressive nonetheless.

Continue reading “Building a media player with an MSP430″