Scribd Logo
Upload

Welcome to Scribd!

  • Psychson GitHub PDF

    Uploaded by

    eustoque2668
    126 views6 pages
    This repository contains the following items: firmware -- this is 8051 custom firmware written in C. Patch -- this is a collection of 8051 patch code written in C. Tools -- these are the compiled binaries of all the tools. Take note that the firmware patches have only been tested against PS2251-03 firmware version 1.03. (which is for an 8K eD3 NAND flash chip)

    Original Description:

    Original Title

    Psychson · GitHub.pdf

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This repository contains the following items: firmware -- this is 8051 custom firmware written in C. Patch -- this is a collection of 8051 patch code written in C. Tools -- these are the compiled binaries of all the tools. Take note that the firmware patches have only been tested against PS2251-03 firmware version 1.03. (which is for an 8K eD3 NAND flash chip)

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    126 views6 pages

    Psychson GitHub PDF

    Uploaded by

    eustoque2668
    This repository contains the following items: firmware -- this is 8051 custom firmware written in C. Patch -- this is a collection of 8051 patch code written in C. Tools -- these are the compiled binaries of all the tools. Take note that the firmware patches have only been tested against PS2251-03 firmware version 1.03. (which is for an 8K eD3 NAND flash chip)

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 6

    Explore Features Enterprise Blog

    Psychson /
    latestcommit34d76ee
    Phison 2251-03 (2303) Custom Firmware & Existing Firmware Patches (BadUSB)
    Update README.md
    adamcaudill authored 8 hours ago
    DriveCom Add chip ID & num LBA retrieval commands 3 da
    EmbedPayload Adding all the stuffs 8 da
    Injector Adding all the stuffs 8 da
    docs Adding all the stuffs 8 da
    firmware Add chip ID & num LBA retrieval commands 3 da
    patch Adding all the stuffs 8 da
    templates Adding all the stuffs 8 da
    tools Force these tools added 8 da
    .gitignore Adding all the stuffs 8 da
    LICENSE Update LICENSE 3 da
    README.md Update README.md 8 hou
    adamcaudill / Psychson
    12 commits 1 branch 1 release 2 contributors
    master
    README.md
    This repository contains the following items:
    DriveCom -- PC C#application to communicate with Phison drives.
    EmbedPayload -- PC C#application to embed Rubber Ducky inject.bin key scripts into custom
    adamcaudill/Psychson GitHub https://github.com/adamcaudill/Psychson
    1 of 6
    firmware for execution on the drive.
    Injector -- PC C#application to extract addresses/equates from firmware as well as embed
    patching code into the firmware.
    firmware -- this is 8051 custom firmware written in C.
    patch -- this is a collection of 8051 patch code written in C.
    Releases have the following items:
    patch -- this is a collection of 8051 patch code written in C.
    tools -- these are the compiled binaries of all the tools.
    CFW.bin -- this is custom firmware set up to send an embedded HID payload.
    Take note that the firmware patches have only been tested against PS2251-03 firmware version
    1.03.53 (which is for an 8K eD3 NAND flash chip). They may work for others, but be careful.
    As long as you are using the correct firmware image for your controller version and NAND chip, there
    is no harm in downgrading to an earlier version (such as from 1.10.53).
    See Known Supported Devices for information on supported devices; use on an unsupported device
    may cause permanent damage to the device.
    To get started, you'll need to obtain a burner image, which is the 8051 executable responsible for
    flashing firmware to the drive.
    See Obtaining a Burner Image on the wiki for more information.
    To patch or modify existing firmware, you must first set up a build environment. See Setting Up the
    Environment on the wiki for more information.
    At a minimum, SDCC needs to be installed to C:\ProgramFiles\SDCC.
    Run DriveCom, passing in the drive letter representing the drive you want to flash, the path of the
    burner image you obtained, and the destination path for the firmware image:
    adamcaudill/Psychson GitHub https://github.com/adamcaudill/Psychson
    2 of 6
    tools\DriveCom.exe/drive=E/action=DumpFirmware/burner=BN03V104M.BIN/firmware=fw.bin
    where E is the drive letter, BN03V104M.BIN is the path to the burner image, and fw.binis the resulti
    firmware dump.
    Currently, only 200KB firmware images can be dumped (which is what the Patriot 8GB Supersonic
    Xpress drive uses).
    Run DriveCom, passing in the drive letter representing the drive you want to flash, the path of the
    burner image you obtained, and the path of the firmware image you want to flash:
    tools\DriveCom.exe/drive=E/action=SendFirmware/burner=BN03V104M.BIN/firmware=fw.bin
    where E is the drive letter, BN03V104M.BIN is the path to the burner image, and fw.binis the path to
    the firmware image.
    Create a key script in Rubber Ducky format, then use Duckencoder to create an inject.binversion
    it:
    javajarduckencoder.javaikeys.txtoinject.bin
    where keys.txt is the path to your key script.
    You may notice the delays are not quite the same between the Rubber Ducky and the drive -- you m
    need to adjust your scripts to compensate.
    (These tools are available from https://code.google.com/p/ducky-decode/.)
    Once you have an inject.bin file, embed it into the custom firmware with:
    copyCFW.binhid.bin
    tools\EmbedPayload.exeinject.binhid.bin
    where inject.bin is the path to your inject.bin file, and hid.bin is the path to the HID payload
    adamcaudill/Psychson GitHub https://github.com/adamcaudill/Psychson
    3 of 6
    custom firmware.
    (Notice that the firmware image is copied, and the payload is embedded into the copy -- this is
    because the payload can only be embedded once, so the original CFW.bin must remain intact.)
    You can now flash the firmware to your drive with:
    tools\DriveCom.exe/drive=E/action=SendFirmware/burner=BN03V104M.BIN/firmware=hid.bin
    where E is the drive letter representing your drive, BN03V104M.BIN is the path to your burner image,
    and hid.bin is the path to the HID payload custom firmware.
    Huge thanks to the Hak5 team for their work on the excellent USB Rubber Ducky!
    First, determine the number of logical blocks (sectors) your drive has with the following command:
    tools\DriveCom.exe/drive=E/action=GetNumLBAs
    Go into the patch directory and modify base.c to disable all other patches, and enable the hidden
    partition patch:
    //#defineFEATURE_CHANGE_PASSWORD
    #defineFEATURE_EXPOSE_HIDDEN_PARTITION
    Then modify the NUM_LBAS define to the number of logical blocks on your drive:
    #defineNUM_LBAS0xE6C980UL//thisneedstobeeven!(rounddown)
    Make sure you round down to an even number, and it couldn't hurt to subtract a few first, in case a fe
    blocks go bad over time. (For example, if the number of LBAs was 0xE6C981, you might reduce it to
    0xE6C940.)
    Place the firmware image you want to patch into the patch directory and name it fw.bin.
    Go to the patch directory and run build.bat. It will produce a file at patch\bin\fw.bin -- this is the
    modified firmware image.
    adamcaudill/Psychson GitHub https://github.com/adamcaudill/Psychson
    4 of 6
    You can now flash this file to your drive.
    After flashing, Windows may be confused, as it now only sees half of the partition it once did -- it may
    ask you to format the first time you view either the public or hidden halves of the drive. This is norma
    Go into the patch directory and modify base.cto disable all other patches, and enable the passwor
    patch:
    #defineFEATURE_CHANGE_PASSWORD
    //#defineFEATURE_EXPOSE_HIDDEN_PARTITION
    Place the firmware image you want to patch into the patch directory and name it fw.bin.
    Go to the patch directory and run build.bat. It will produce a file at patch\bin\fw.bin -- this is the
    modified firmware image.
    You can now flash this file to your drive.
    You can run the ModeConverterFF01.exe application (see Useful Links) to split the drive into public an
    secure partitions, or restore the original (mode 3) functionality.
    After converting to mode 7, you should be able to set, change, or disable the secure partition passwo
    with the USBDISKProLOCK utility.
    Modify the C files in the firmware directory for custom firmware, or the patch directory for the
    firmware patches, then run the build.bat file in the appropriate directory.
    Once it has built successfully, use DriveCom to flash the resulting file (bin\fw.bin) to your drive:
    tools\DriveCom.exe/drive=E/action=SendFirmware/burner=BN03V104M.BIN/firmware=firmware\bin
    ...or...
    Converting to Mode 7
    adamcaudill/Psychson GitHub https://github.com/adamcaudill/Psychson
    5 of 6
    tools\DriveCom.exe/drive=E/action=SendFirmware/burner=BN03V104M.BIN/firmware=patch\bin\fw
    Unfortunately this isn't the most straightforward process at the moment, so if you have questions, op
    an issue and we'll do our best to help (and update the readme/wiki).
    S 2014 GitHub, Inc. Terms Privacy Security Contact
    adamcaudill/Psychson GitHub https://github.com/adamcaudill/Psychson
    6 of 6

    You might also like