To some, an SD card is simply an SD card, notable only for the amount of storage it provides as printed on the label. However, just like poets, SD cards contain multitudes. [Jason Gin] was interested as to what made SanDisk’s High Endurance line of microSDXC cards tick, so he set out to investigate.
Naturally, customer service was of no help. Instead, [Jason] started by scraping away the epoxy covering which hides the card’s test points. Some delicate soldering was required to hook up the test points to a breakout board, while also connecting the SD interface to a computer to do its thing. A DS Logic Plus signal analyzer was used to pick apart the signals going to the chip to figure out what was going on inside.
After probing around, [Jason] was able to pull out the NAND Flash ID, which, when compared to a Toshiba datasheet, indicates the card uses BiCS3 3D TLC NAND Flash. 3D NAND Flash has several benefits over traditional planar Flash technology, and SanDisk might have saved [Jason] a lot of time investigating if they’d simply placed this in their promotional material.
We’ve seen other similar hacks before, like this data recovery performed via test points. If you’ve been working away on SD cards in your own workshop, be sure to let us know!
What concerns me most is if there are vendor-proprietary commands that allows one to overwrite the firmware while it’s plugged in to your PC/laptop/smartphone. SD cards have the potential to act like BadUSB sticks and it’s something nobody seems to be concerned about.
these could be waaaay more evil then BadUSB, as it also has full control over the flash memory – you can carry all the payload you want AND have a secure place to store whatever you’re after, all the while keeping it a secret from any commercial AV packages that could normally detect things on a flash drive, making this a viable attack vector for airgapped devices…STUXNET 2.0 anyone? :D
OoooOOoo thanks. another reason not to sleep tonight.
I would be interested if someone could characterize different cards garbage collection/maintenance routines/algorithms. The limitations these can bring out are not well captured in a data sheet and can differ wildly from manufacturer/SD card line.
When I write this article https://www.mischianti.org/2019/12/15/how-to-use-sd-card-with-esp8266-and-arduino/ I buy some SD from china, and 2 of that have a manipulated firmware, they are 2Gb sd selled like a 8Gb SD, and I can’t find a program to reset to the original value, I think if proprietary command are known a lot of fake can be created.
They are already known. Both for usb sticks and for sd cards. Just search for factory software for flash controllers.
(If you trust chinese software, that is). That software actually allows to manipulate visible size and other things too.
Digging through the links to seek the benefits 3D NAND Flash enjoys over traditional planar Flash technology, it appears it’s mainly added capacity for a given unit of real estate. I had been (unrealistically, given the physics) hoping that it included superior wear characteristics, thinking back to the SLC-based RAMSAN storage devices Texas Memory Systems built in the mid-aughts.
Could you please do the same for INDUSTRIAL microsd cards? I’d like to know if there’s a real difference between industrial and high endurance cards… Other than voltage fluctuation protection and better shielding…