Name that Ware December 2013

On Hacking MicroSD Cards

Today at the Chaos Computer Congress (30C3), xobs and I disclosed a finding that some SD cards contain
vulnerabilities that allow arbitrary code execution on the memory card itself. On the dark side, code
execution on the memory card enables a class of MITM (man-in-the-middle) attacks, where the card seems
to be behaving one way, but in fact it does something else. On the light side, it also enables the possibility for
hardware enthusiasts to gain access to a very cheap and ubiquitous source of microcontrollers.

In order to explain the hack, its necessary to understand the structure of an SD card. The information here
applies to the whole family of managed flash devices, including microSD, SD, MMC as well as the eMMC
and iNAND devices typically soldered onto the mainboards of smartphones and used to store the OS and
other private user data. We also note that similar classes of vulnerabilities exist in related devices, such as
USB flash drives and SSDs.

Flash memory is really cheap. So cheap, in fact, that its too good to be true. In reality, all flash memory is
riddled with defects without exception. The illusion of a contiguous, reliable storage media is crafted
through sophisticated error correction and bad block management functions. This is the result of a constant
arms race between the engineers and mother nature; with every fabrication process shrink, memory becomes
cheaper but more unreliable. Likewise, with every generation, the engineers come up with more sophisticated
and complicated algorithms to compensate for mother natures propensity for entropy and randomness at the
atomic scale.

These algorithms are too complicated and too device-specific to be run at the application or OS level, and so
it turns out that every flash memory disk ships with a reasonably powerful microcontroller to run a custom set
of disk abstraction algorithms. Even the diminutive microSD card contains not one, but at least two chips a
controller, and at least one flash chip (high density cards will stack multiple flash die). You can see some die
shots of the inside of microSD cards at a microSD teardown I did a couple years ago.
In our experience, the quality of the flash chip(s) integrated into memory cards varies widely. It can be
anything from high-grade factory-new silicon to material with over 80% bad sectors. Those concerned about
e-waste may (or may not) be pleased to know that its also common for vendors to use recycled flash chips
salvaged from discarded parts. Larger vendors will tend to offer more consistent quality, but even the largest
players staunchly reserve the right to mix and match flash chips with different controllers, yet sell the assembly
as the same part number a nightmare if youre dealing with implementation-specific bugs.

The embedded microcontroller is typically a heavily modified 8051 or ARM CPU. In modern
implementations, the microcontroller will approach 100 MHz performance levels, and also have several
hardware accelerators on-die. Amazingly, the cost of adding these controllers to the device is probably on the
order of $0.15-$0.30, particularly for companies that can fab both the flash memory and the controllers
within the same business unit. Its probably cheaper to add these microcontrollers than to thoroughly test and
characterize each flash memory chip, which explains why managed flash devices can be cheaper per bit than
raw flash chips, despite the inclusion of a microcontroller.

The downside of all this complexity is that there can be bugs in the hardware abstraction layer, especially
since every flash implementation has unique algorithmic requirements, leading to an explosion in the number of
hardware abstraction layers that a microcontroller has to potentially handle. The inevitable firmware bugs are
now a reality of the flash memory business, and as a result its not feasible, particularly for third party
controllers, to indelibly burn a static body of code into on-chip ROM.

The crux is that a firmware loading and update mechanism is virtually mandatory, especially for third-party
controllers. End users are rarely exposed to this process, since it all happens in the factory, but this doesnt
make the mechanism any less real. In my explorations of the electronics markets in China, Ive seen shop
keepers burning firmware on cards that expand the capacity of the card in other words, they load a
firmware that reports the capacity of a card is much larger than the actual available storage. The fact that this
is possible at the point of sale means that most likely, the update mechanism is not secured.

In our talk at 30C3, we report our findings exploring a particular microcontroller brand, namely, Appotech
and its AX211 and AX215 offerings. We discover a simple knock sequence transmitted over
manufacturer-reserved commands (namely, CMD63 followed by A,'P,'P,'O) that drop the controller into
a firmware loading mode. At this point, the card will accept the next 512 bytes and run it as code.

From this beachhead, we were able to reverse engineer (via a combination of code analysis and fuzzing) most
of the 8051s function specific registers, enabling us to develop novel applications for the controller, without
any access to the manufacturers proprietary documentation. Most of this work was done using our open
source hardware platform, Novena, and a set of custom flex circuit adapter cards (which, tangentially, lead
toward the development of flexible circuit stickers aka chibitronics).

Significantly, the SD command processing is done via a set of interrupt-driven call backs processed by the
microcontroller. These callbacks are an ideal location to implement an MITM attack.

Its as of yet unclear how many other manufacturers leave their firmware updating sequences unsecured.
Appotech is a relatively minor player in the SD controller world; theres a handful of companies that youve
probably never heard of that produce SD controllers, including Alcor Micro, Skymedi, Phison, SMI, and of
course Sandisk and Samsung. Each of them would have different mechanisms and methods for loading and
updating their firmwares. However, its been previously noted that at least one Samsung eMMC
implementation using an ARM instruction set had a bug which required a firmware updater to be pushed to
Android devices, indicating yet another potentially promising venue for further discovery.

From the security perspective, our findings indicate that even though memory cards look inert, they run a
body of code that can be modified to perform a class of MITM attacks that could be difficult to detect; there
is no standard protocol or method to inspect and attest to the contents of the code running on the memory
cards microcontroller. Those in high-risk, high-sensitivity situations should assume that a secure-erase of a
card is insufficient to guarantee the complete erasure of sensitive data. Therefore, its recommended to
dispose of memory cards through total physical destruction (e.g., grind it up with a mortar and pestle).

From the DIY and hacker perspective, our findings indicate a potentially interesting source of cheap and
powerful microcontrollers for use in simple projects. An Arduino, with its 8-bit 16 MHz microcontroller, will
set you back around $20. A microSD card with several gigabytes of memory and a microcontroller with
several times the performance could be purchased for a fraction of the price. While SD cards are admittedly
I/O-limited, some clever hacking of the microcontroller in an SD card could make for a very economical and
compact data logging solution for I2C or SPI-based sensors.

Slides from our talk at 30C3 can be downloaded here, or you can watch the talk on Youtube below.

Team Kosagi would like to extend a special thanks to .mudge for enabling this research through the
Cyber Fast Track program.

Tags: flash, hacking, microcontroller, microsd, mitm

This entry was posted on Sunday, December 29th, 2013 at 10:43 pm and is filed under Hacking, Made in China. You can
follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

46 Responses to On Hacking MicroSD Cards

1. Hacking MicroSD Cards #30c3 adafruit industries blog says:

December 29, 2013 at 11:00 pm

[...] On Hacking MicroSD Cards. Bunnie writes [...]

Reply
2. Hacking MicroSD Kort # 30c3 | Schneider vgguttag says:
 December 30, 2013 at 1:53 am

[...] P Hacking MicroSD kort . Bunnie skriver [...]

Reply

3. Menachem Begin says:

December 30, 2013 at 2:46 am

Oh. My. Gawd.

Reply

4. DanielG says:
December 30, 2013 at 2:53 am

Thank you for the talk, it was very interesting to hear about this. At the end you gave away 128MB
SD cards with the AX215. What would someone need to do to program this? I would guess open the
chip, solder some wires to the testpoints and hook it up to something like a Raspberry PI. Are you
interested in making a tutorial for this?

Reply
5. Disclosed Findings On Hacking MicroSD Cards by ZumoGeek Blog says:
December 30, 2013 at 3:48 am

[...] Findings On Hacking MicroSD Cards http://www.bunniestudios.com/blog/?p=3554 /via [...]

Reply

6. Thomas says:
December 30, 2013 at 4:48 am

DanielG: I suppose send the CMD63 reserved command, the 4 characters, and the code.

The 512 bytes should be sufficient lo load a bootstrap no soldering needed.

Reply
7. SD Cards Arent As Secure As We Think - nuhrdspace.com says:
December 30, 2013 at 5:24 am

[...] a detailed and readable post, Huang describes the exact problems with Flash memory. In order to
reduce the price and increase [...]

Reply

8. Sven says:
December 30, 2013 at 5:29 am

Hm would this allow for reprogramming the firmware and run ubifs instead of a block-based
filesystem?

Sven
 Reply

Funk says:
December 31, 2013 at 1:04 am

Yes, you could program the MCU with a simpler pass-thru commandset, and make an MTD
driver for it.
I imagine you could expand upon this commandset to make SD cards perform thousands of
times the normal speed for certain tasks.

Of course their reliability would be increased tremendously too.

Reply
9. Huang: On Hacking MicroSD Cards | Linux-Support.com says:
December 30, 2013 at 5:30 am

[...] a read: this posting by Andrew bunnie Huang on loading new firmware into a MicroSD card.
From the security perspective, our findings [...]

Reply
10. SD Cards Arent As Secure As We Think - Proactive IT Service | Proactive IT Service says:
December 30, 2013 at 6:24 am

[...] a detailed and readable post, Huang describes the exact problems with Flash memory. In order to
reduce the price and increase [...]

Reply
11. SD Cards Arent As Secure As We Think DevelopersArena.com says:
December 30, 2013 at 8:29 am

[...] a detailed and readable post, Huang describes the exact problems with Flash memory. In order to
reduce the price and increase [...]

Reply
12. SD Cards Arent As Secure As We Think | U.S. Industrial News says:
December 30, 2013 at 9:39 am

[...] a detailed and readable post, Huang describes the exact problems with Flash memory. In order to
reduce the price and increase [...]

Reply
13. SD Cards Arent As Secure As We Think | Tuto Drupal News says:
December 30, 2013 at 10:07 am

[...] a detailed and readable post, Huang describes the exact problems with Flash memory. In order to
reduce the price and increase [...]

Reply
14. [30C3]


SD

| Webtheboy.com


says:
December 30, 2013 at 12:58 pm
 [...]
Bunnies Studio [...]

Reply

15. asdf says:

December 30, 2013 at 1:05 pm

Video here: http://www.youtube.com/watch?v=r3GDPwIuRKI or http://30c3.ex23.de/saal1/30C3_-

_5294_-_en_-_saal_1_-_201312291400_-
_the_exploration_and_exploitation_of_an_sd_memory_card_-_bunnie_-_xobs-2013-12-
29T13:52:40.426540.mp4

More commentary @ Hacker News: https://news.ycombinator.com/item?id=6980058

Reply

16. Brad Gilbert says:

December 30, 2013 at 2:45 pm

I can imagine this being used for encryption. Send a specific code, followed by a key, which stays in
the microcontrollers RAM until the power is removed.

It could also be used for determining how much life is left for a given flash device.

Reply
17. SD Cards Arent As Secure As We Think - YO Status says:
December 30, 2013 at 3:46 pm

[...] a detailed and readable post, Huang describes the exact problems with Flash memory. In order to
reduce the price and increase [...]

Reply
18. 1081009 | [30C3]



SD

|
.com

1081009 says:
December 30, 2013 at 4:27 pm

[...]
Bunnies Studio [...]

Reply
19. On Hacking microSD cards: http://t.co/TGOHabi4nE | Ali's Li'l Place on the Net says:
December 30, 2013 at 4:54 pm

[...] On Hacking microSD cards: bunniestudios.com/blog/?p=3554 [...]

Reply
20. Veszlyesek a memriakrtyk | HirDemo says:
December 30, 2013 at 8:06 pm

[...] rszletes blogbejegyzsben trgyalja, mi a konkrt problma a memriakrtykkal. Hogy

cskkentsk az rakat s [...]

Reply
21. Shervin Emami says:
December 30, 2013 at 8:13 pm

It would be awesome if someone made a framework to use a MicroSD card as a general-purpose

high-speed microcontroller! We could make thumb-sized robots that are controlled by their onboard
Micro-SD card and even recording onboard video to flash storage!

Reply

22. JohnSmith says:

December 30, 2013 at 8:27 pm

As for cheap microcontrollers: today its possible to buy STM32 Cortex M3 for price barely above
$1 or so (STM32F104 can go really cheap for low-end model). And that would be 24MHz 32-bit
ARM core with load of cool peripheral stuff and so on. Then you can etch PCF using direct toner
transfer nearly free of charge, etc. So as for me, $20 for arduino means Atmel and Arduino guys are in
mood for really fat margins. In fact Arduino price/fratures and price/computation power ratio is really
bad and it only good for real newbies. Those who got idea what is microcontroller can get far better
deals

Reply

JohnSmith says:
December 30, 2013 at 8:29 pm

Err, excuse me, cheap uC is STM32F100C4*, not F104 :)

Reply

Adi Oltean says:

December 31, 2013 at 5:53 pm

Sure (PIC controllers are even cheaper). But an SD card also has a large NAND flash
(OK, not 8 GB but 512 MB at least)

Reply
23. SD Cards Are Tiny, Hackable Computers (For Good or Evil) | Kronosim says:
December 30, 2013 at 11:23 pm

[...] An SD card isnt just a dumb chunk of memory; its a dumb chunk of memory with a built-in
brain, a microcontroller. And at this years Chaos Computer Congress, enterprising hackers showed
off exactly what those brains can be used for: cheap hardware for makers or malware machines for
malcontents. [...]

Reply

24. Peter says:

December 31, 2013 at 1:33 am

You guys are heroes! Thank you!

 Reply

25. nudzo says:

December 31, 2013 at 1:49 am

Theres already a product, that use SD card microcontroller: http://icsl.at/solutions/comsec-for-

blackberry/secusmart/

Reply

megal0maniac says:
December 31, 2013 at 2:36 pm

Thats most likely just SDIO (which has been around for years, albeit unpopular)
Its an official standard. I have yet to hear of anyone hacking a regular SD / uSD card aside
from things like setting hardware write-protection bits. Until now, of course. Nice work :)
Cant wait for a followup.
Some might already know this, but flashdrives work in exactly the same way and seem to use
the same vendors for controllers. Specifically, Alcor Micro and Phison have utilities which allow
one to do some pretty cool things with most flashdrives, including changing vendor and product
IDs as well as strings, partitioning the drive into a normal part and a virtual CD ROM part (often
seen in promotional flash drives), or even a hardware encrypted portion (which most controllers
support but is off by default), changing LED configuration, the list goes on.
Due to the wide range of controllers, it can often be difficult to find the utility which works, but
theyre pretty easy to find. Good chance that the controllers in SD/uSD cards have similar
capabilities as only the interface to the host differs. Or maybe thats just wishful thinking :)

Reply
26. Hacking MicroSD Cards Geek Practitioners Blog says:
December 31, 2013 at 1:51 am

[...] More than you ever knew about MicroSD and other flash/storage cards, including the ease with
which they can be compromised, and the shocking quality issues. [...]

Reply
27. Do USB sticks pose a security threat ? says:
December 31, 2013 at 3:10 am

[...] running as firmware that a recent article suggests could be used for man-in-the-middle attacks:
http://www.bunniestudios.com/blog/?p=3554 Although the article mentions SD cards, all flash media
have microcontrollers embedded in them, and [...]

Reply
28. New malware roosting place: Inside your SD Card? | Tech Camp says:
December 31, 2013 at 8:35 am

[...] bunnie Huang and Sean xobs Cross disclosed the approach Sunday in a blog post and talk at
the Chaos Computer Congress (30C3). With the attack, a person could run malicious [...]

Reply
29. SD Cards Are Tiny, Hackable Computers (For Good Or Evil) | Gizmodo Australia says:
 December 31, 2013 at 9:45 am

[...] An SD card isnt just a dumb chunk of memory; its a dumb chunk of memory with a built-in
brain, a microcontroller. And at this years Chaos Computer Congress, enterprising hackers showed
off exactly what those brains can be used for: cheap hardware for makers or malware machines for
malcontents. [...]

Reply

30. Conundrum says:

December 31, 2013 at 12:13 pm

Ive theorised that uSD cards failing due to user error ie unwriteable could actually still have useful
data on them, so buying cards online as defective might be a way to obtain sensitive information.

A lot of 64GB cards are also failing due to apparent unwanted interaction between this chip and the
*am*ung *4 /*3 controller so this might be a way to get them working again and even increase
reliability.
Some owners of phones are getting through several cards before having to send the phones back as
faulty.
Even the *phones are getting the same problem as the 4S is rumoured to be experiencing Flash
corruption problems caused by temperature changes when writing which eventually leads to the greyed
out WiFi issue and its subsequent temporary fix via controller overheating.

Reply
31. New malware roosting place: Inside your SD Card? CNET | TodayJournals.Com says:
December 31, 2013 at 12:45 pm

[...] bunnie Huang and Sean xobs Cross disclosed the approach Sunday in a blog post and talk at
the Chaos Computer Congress (30C3). With the attack, a person could run malicious [...]

Reply
32. New malware roosting place: Inside your SD Card? latest news says:
December 31, 2013 at 1:48 pm

[...] bunnie Huang and Sean xobs Cross disclosed the approach Sunday in a blog post and talk at
the Chaos Computer Congress (30C3). With the attack, a person could run malicious [...]

Reply

33. TheOneLaw says:

December 31, 2013 at 4:46 pm

This is a very important loophole in the scheme of things.

You could have the power of a cluster in a simple stack of SD cards.
Or a USB chain, all programmed to nibble away at leisure.

quad-core was the new cool ?

not if it uses the same memory and same system bus.

These each have their own little system,

 unfettered by timeslicing

Reply
34. NFTF Even tiny microSD cards have chips that can be hacked says:
December 31, 2013 at 4:56 pm

[...] solutions, presenting their findings at the Chaos Computer Congress (30C3). In a detailed blog
post on bunnie:studios, Huang explained how the hack works, and why many flash cards are
susceptible to [...]

Reply
35. Las tarjetas SD pueden ser vulneradas por ataques MITM says:
December 31, 2013 at 5:00 pm

[...] Fuente: Bunnie Studios [...]

Reply
36. Desvelan las carencias de seguridad de las tarjetas SD says:
December 31, 2013 at 6:18 pm

[...] comunicacin entre dos partes sin dar pistas a los afectados. O, tal y como se explica en el blog
Bunnie: Studios, son ataques en los que la tarjeta parece estar comportndose de una manera, pero
en [...]

Reply
37. New malware roosting place: Inside your SD Card? CNET | Trending News | Latest News |
Online News | Reliable News| Fast News At Reliablenewsupdate.com says:
December 31, 2013 at 6:29 pm

[...] bunnie Huang and Sean xobs Cross disclosed the approach Sunday in a blog post and talk at
the Chaos Computer Congress (30C3). With the attack, a person could run malicious [...]

Reply
38. New malware roosting place: Inside your SD Card? CNET | Today Headlines says:
December 31, 2013 at 6:32 pm

[...] bunnie Huang and Sean xobs Cross disclosed the approach Sunday in a blog post and talk at
the Chaos Computer Congress (30C3). With the attack, a person could run malicious [...]

Reply
39. New malware roosting place: Inside your SD Card? CNET | Perfect News Update says:
December 31, 2013 at 6:52 pm

[...] bunnie Huang and Sean xobs Cross disclosed the approach Sunday in a blog post and talk at
the Chaos Computer Congress (30C3). With the attack, a person could run malicious [...]

Reply

40. Watcher says:

December 31, 2013 at 7:45 pm
 Is it a surprise that anything programmed can also be hacked?

Reply

Wang-Lo says:
January 1, 2014 at 12:58 am

No, the surprise for most of us is this:

Its not feasible to indelibly burn a static body of code into on-chip ROM. The crux is that a
firmware loading and update mechanism is virtually mandatory.

The big news is not that a MicroSD or Flash controller runs a software image we knew that
but that the image can be updated via an in-band command.

Reply

41. Ferene says:

December 31, 2013 at 10:53 pm

This is a wonderfully researched investigation. I dont know why youre the only one posting about
hardware in an accessible and yet in-depth way, Bunnie, but Thank You so much for doing so. Have a
happy New Year!

Reply

Leave a Reply

Name (required)

Mail (will not be published) (required)

Website

Submit Comment

bunnie's blog is proudly powered by WordPress

Entries (RSS) and Comments (RSS).
This work by Andrew (bunnie) Huang is licensed under a Creative Commons Attribution-ShareAlike 3.0
Unported.