Came across it looking how to deal with multiple different samsung drives caught in bad states due to shitty firmware. My original salty post warning about vendor branded Samsung drives on eBay is here: https://news.ycombinator.com/item?id=37165189
BTW thank you for raising this.
From these experiences, I’m going out of my way to never buy anything made by Samsung.
All data is lost the moment you see ERRORMOD, there is no recovery of data that I am aware of. It is sometimes possible to clear the drive and recover function for the now untrustworthy drive: https://forums.servethehome.com/index.php?threads/pm9a3-firm...
It’s not the only way a drive can fail, but it’s the most immediately obvious one.
Other ways of the firmware failing result in no drive showing up at all, or data corruption. Physical failures can also happen, like breakage of the solder balls under the chips (which fixable enough to get data off it).
One of the current vendor provided consumer SSD firmware update utilities for Linux as a live-usb decrypts the firmware and writes it out to disk decrypted before uploading it, so simply using seccomp to fail a rmdir syscall nets you the decrypted version without having to reverse engineer any of the updater/decryption code.
I deleted my own negative rant about SSD manufacturers not opting in to lvfs/fwupd when drives have a high risk of bricking without firmware updates.
The lock on your front door is so trivial to bypass, yet deters the vast majority of people from entering your house without your permission.
So when you start publishing their code they can DMCA you.
Also, wouldn't someone trying to distribute "illicit copies" just distribute the original unmodified file since it's a self-extracting binary with no license check? And what reason would anyone have to do that when they already publish it for free on their own site, and why should they care if someone did?
The goal is not to produce cryptographically secure code, its to make it annoying enough so most people dont bother.
If someone had a ton of money, it would be funny to just send the thing to a data recovery lab, have them swap the platters onto an unmodified model and get a raw image of the data to work with. (Or maybe the key is hidden inside the drive firmware chip itself?)
The fundamentals in the article are all relevant to the hard drive challenge, though the actual multi-step solution to our CTF is rather different.
If hacking hard drives sounds intriguing to you, we're hiring reverse engineers and security researchers! See our whoishiring posts and careers page for details:
- https://news.ycombinator.com/item?id=47977643
- https://redballoonsecurity.com/careers/
Be sure to mention Hacker News if you apply.
Didn't finish it but learned a ton.
For anyone reading, Red Balloon is a great place with great people and I highly recommend anyone remotely interested give them a look.
Ah well. ;)
This says a lot right here:
>One of my initial ideas was to modify the HDD firmware to introduce a delay of a few hundred milliseconds when a specific sector is read from the drive, which would give enough time for the exploit to trigger successfully.
>As it would later turn out I found other ways to dial in my race condition attack and ended up not needing to modify the HDD firmware at all.
The result is a remarkable paper documenting outstanding milestones that is outstanding on its own, and was completely unintentional to begin with, and with subject matter that was also unintentional if not a completely unrelated subject than the direction that the initial ambition was leading toward.
If your research leaders or techniques don't allow for excursions like this, you'd probably be better off getting some.
Well, if you want more mayhem than was expected . . .
* https://www.cbc.ca/news/science/nsa-hid-spying-software-in-h...
* https://www.wired.com/2015/02/nsa-firmware-hacking/
:)
Start publishing it and it's a good chance you'll get a DMCA notice in short order.
