ProHoster > Блог > Nchịkwa > Na-atụgharị na mbanye Aigo draịva HDD mpụga na-ezo onwe ya. Nkebi 2: Wepụ ihe mkpofu site na Cypress PSoC
Na-atụgharị na mbanye Aigo draịva HDD mpụga na-ezo onwe ya. Nkebi 2: Wepụ ihe mkpofu site na Cypress PSoC
Nke a bụ akụkụ nke abụọ na nke ikpeazụ nke akụkọ gbasara hacking mpụta draịva nzuzo nzuzo. Ka m chetara gị na n'oge na-adịbeghị anya onye ọrụ ibe wetara m draịvụ ike Patriot (Aigo) SK8671, m kpebiri ịtụgharị ya, ma ugbu a, m na-ekerịta ihe si na ya pụta. Tupu ịgụkwuo ya, jide n'aka na ị gụọ ya akụkụ nke mbụ edemede.
4. Anyị na-amalite na-ekpofu si n'ime PSoC flash mbanye
Yabụ, ihe niile na-egosi (dị ka anyị guzobe na [akụkụ nke mbụ] ()) na echekwara koodu PIN na omimi omimi nke PSoC. Ya mere, anyị kwesịrị ịgụ ihe omimi ndị a. N'ihu ọrụ dị mkpa:
jikwaa "nkwukọrịta" na microcontroller;
chọta ụzọ ị ga-esi lelee ma "nkwukọrịta" a na-echebe site n'ịgụ ihe site n'èzí;
chọta ụzọ agabiga nchedo.
Enwere ebe abụọ ọ dabara na ịchọ koodu PIN ziri ezi:
ebe nchekwa flash ime;
SRAM, ebe enwere ike ịchekwa koodu ntụtụ iji tụnyere ya na koodu ntụtụ nke onye ọrụ tinyere.
N'ile anya n'ihu, a ga m achọpụta na m ka jisiri ike wepụ draịva PSoC dị n'ime - na-agafe usoro nchekwa ya site na iji ngwaike a na-akpọ "ịchọ akpụkpọ ụkwụ oyi" - mgbe m nwesịrị ike enweghị akwụkwọ nke usoro ISSP. Nke a nyere m ohere ịtụfu koodu PIN ozugbo.
$ ./psoc.py
syncing: KO OK
[...]
PIN: 1 2 3 4 5 6 7 8 9
"Mkparịta ụka" na microcontroller nwere ike ịpụta ihe dị iche iche: site na "onye na-ere ahịa na onye na-ere ahịa" gaa na mmekọrịta site na iji usoro usoro (dịka ọmụmaatụ, ICSP maka Microchip's PIC).
Cypress nwere protocol nke ya maka nke a, nke a na-akpọ ISSP (in-system serial programming protocol), nke akọwara n'akụkụ ya. nkọwa nka. Patent US7185162 na-enyekwa ụfọdụ ozi. Enwekwara otu OpenSource nke akpọrọ HSSP (anyị ga-eji ya obere oge). ISSP na-arụ ọrụ dị ka ndị a:
malitegharịa PSoC;
wepụta nọmba anwansi ahụ na ntụtụ data serial nke PSoC a; ịbanye na ọnọdụ mmemme nke mpụga;
zipu iwu, nke bụ eriri obere ogologo a na-akpọ "vectors".
Akwụkwọ ISSP na-akọwapụta vector ndị a maka naanị ntakịrị njuaka nke iwu:
Mmalite-1
Mmalite-2
Mmalite-3 (nhọrọ 3V na 5V)
Nhazi-NJ
Gụọ-ID-OKWU
SET-BLOCK-NUM: 10011111010dddddddd111, ebe dddddddd=mgbochi #
ỌKỤKWU KWESỊRỊ
Mmemme-Mgbochi
Nyochaa-Ntọala
GỤỌ-BYTE: 10110aaaaaaZDDDDDDDDZ1, ebe DDDDDDDD = data pụta, aaaaa = adreesị (bit 6)
WRITE-BYTE: 10010aaaaaaddddddd111, ebe dddddddd = data n'ime, aaaaa = adreesị (bit 6)
KWURU
Ntụle-Nhazi
GỤKWUO: 10111111001ZDDDDDDDDZ110111111000ZDDDDDDDDZ1, ebe DDDDDDDDDDDDDDDD = data pụta: checksum ngwaọrụ
Vector niile nwere otu ogologo: 22 bit. Akwụkwọ HSSP nwere ụfọdụ ozi agbakwunyere na ISSP: "Otu ISSP vector abụghị ihe karịrị ntakịrị usoro nke na-anọchi anya usoro ntuziaka."
5.2. Demystifying Vectors
Ka anyị chọpụta ihe na-eme ebe a. Na mbido, echere m na otu vectors ndị a bụ ụdị ntụzịaka nke M8C, mana ka m nyochachara echiche a, achọpụtara m na opcodes nke arụmọrụ adabaghị.
Mgbe ahụ, m googleed vector n'elu wee hụ lee ya ọmụmụ ebe onye edemede, n'agbanyeghị na ọ naghị akọwapụta nkọwa, na-enye ụfọdụ ndụmọdụ bara uru: "Ntụziaka nke ọ bụla na-amalite site na ibe n'ibe atọ nke kwekọrọ na otu n'ime mnemonics anọ (gụọ site na RAM, dee na RAM, gụọ ndekọ, dee ndekọ). Mgbe ahụ enwere ibe n'ibe adreesị 8, na-esote bit data 8 (gụọ ma ọ bụ dee) na n'ikpeazụ nkwụsịtụ atọ."
Mgbe ahụ enwere m ike ị nweta ozi bara uru na ngalaba Supervisory ROM (SROM). oru ntuziaka. SROM bụ ROM siri ike na PSoC nke na-enye ọrụ ịba uru (n'ụzọ yiri Syscall) maka koodu mmemme na-agba ọsọ na oghere onye ọrụ:
00h:SWBoot Tọgharia
01h: ReadBlock
02h: WriteBlock
03h: Nhichapụ
06h: Isiokwu
07h: CheckSum
08h: calibrate0
09h: calibrate1
Site n'ịtụle aha vector na ọrụ SROM, anyị nwere ike ịdepụta ọrụ dị iche iche nke protocol a kwadoro na nke SROM tụrụ anya ya. N'ihi nke a, anyị nwere ike decode atọ mbụ nke ISSP vectors:
100 => "wrem"
101 => "rdmem"
110 => "Ezigbo"
111 => "rdreg"
Agbanyeghị, enwere ike nweta nghọta zuru oke nke usoro on-chip naanị site na nkwurịta okwu na PSoC.
5.3. Mmekọrịta na PSoC
Ebe ọ bụ na Dirk Petrautsky nwere ugbua ported Koodu HSSP nke Cypress na Arduino, ejiri m Arduino Uno jikọọ na njikọ ISSP nke bọọdụ ahụigodo.
Biko mara na n'ime nyocha m, agbanwere m koodu Dirk ntakịrị. Ị nwere ike ịhụ mgbanwe m na GitHub: ebe a na edemede Python kwekọrọ maka imekọrịta ihe na Arduino, na ebe nchekwa m cypress_psoc_tools.
Yabụ, n'iji Arduino, ejiri m naanị vector "ọrụ" mee ihe maka "mmekọrịta". Agbalịrị m ịgụ ROM dị n'ime site na iji iwu VERIFY. Dị ka a tụrụ anya ya, enweghị m ike ime nke a. Eleghị anya n'ihi eziokwu ahụ na-arụ ọrụ nchebe bits n'ime flash mbanye.
Mgbe ahụ, m kere ole na ole nke m dị mfe vector maka ide na ịgụ ebe nchekwa / ndekọ. Biko mara na anyị nwere ike ịgụ SROM niile n'agbanyeghị na echekwara flash mbanye!
5.4. Nchọpụta ndebanye aha na mgbawa
Mgbe m lere anya vectors "gbasara", achọpụtara m na ngwaọrụ ahụ na-eji ndekọ na-enweghị akwụkwọ (0xF8-0xFA) iji kọwaa opcode M8C, nke a na-egbu ozugbo, na-agafe nchebe. Nke a nyere m ohere ịme opcode dị iche iche dịka "ADD", "MOV A, X", "PUSH" ma ọ bụ "JMP". Ekele dịrị ha (site na ilele mmetụta ndị ha nwere na ndekọ aha) enwere m ike ikpebi nke n'ime akwụkwọ ndekọ aha na-edeghị akwụkwọ bụ n'ezie akwụkwọ ndekọ aha (A, X, SP na PC).
N'ihi nke a, koodu "gbasasịrị" nke ngwá ọrụ HSSP_disas.rb mepụtara dị ka nke a (m gbakwunyere nkwupụta maka idoanya):
N'oge a, enwere m ike ịkparịta ụka na PSoC, mana enweghị m ozi a pụrụ ịdabere na ya gbasara ibe nchekwa nke draịva flash. Ọ tụrụ m n'anya nke ukwuu na Cypress anaghị enye onye ọrụ ngwaọrụ ahụ ụzọ ọ bụla iji lelee ma ọ gbanyere nchekwa ahụ. M gwuru miri n'ime Google ka m wee ghọta na koodu HSSP nke Cypress nyere ka emelitere ka Dirk tọhapụrụ mgbanwe ya. Ya mere! vector ọhụrụ a apụtala:
Iji vector a (lee read_security_data na psoc.py), anyị na-enweta ihe nchekwa niile na SRAM na 0x80, ebe enwere bits abụọ n'otu ngọngọ echekwara.
Ihe si na ya pụta na-akụda mmụọ: a na-echekwa ihe niile na ọnọdụ "gbanyụọ ọgụgụ na ide ihe n'èzí". Ya mere, ọ bụghị naanị na anyị enweghị ike ịgụ ihe ọ bụla site na draịva flash, ma anyị enweghị ike ide ihe ọ bụla (dịka ọmụmaatụ, iji wụnye ROM dumper n'ebe ahụ). Na nanị ụzọ iji gbanyụọ nchebe bụ kpamkpam ihichapụ dum mgbawa. 🙁
6. Mwakpo mbụ ( dara ada): ROMX
Agbanyeghị, anyị nwere ike ịnwale aghụghọ a: ebe anyị nwere ikike ịme opcodes aka ike, gịnị kpatara na ị gaghị eme ROMX, nke a na-eji agụ ebe nchekwa flash? Ụzọ a nwere ezigbo ohere ịga nke ọma. N'ihi na ọrụ ReadBlock nke na-agụ data sitere na SROM (nke vectors na-eji) na-enyocha ma akpọpụtara ya site na ISSP. Agbanyeghị, opcode ROMX nwere ike ọ gaghị enwe ụdị nlele ahụ. Yabụ nke a bụ koodu Python (mgbe gbakwunyere klaasị enyemaka ole na ole na koodu Arduino):
for i in range(0, 8192):
write_reg(0xF0, i>>8) # A = 0
write_reg(0xF3, i&0xFF) # X = 0
exec_opcodes("x28x30x40") # ROMX, HALT, NOP
byte = read_reg(0xF0) # ROMX reads ROM[A|X] into A
print "%02x" % ord(byte[0]) # print ROM byte
Ọ dị nwute na koodu a anaghị arụ ọrụ. 🙁 Ma ọ bụ kama ọ na-arụ ọrụ, mana na mmepụta anyị na-enweta opcodes nke anyị (0x28 0x30 0x40)! Echeghị m na ọrụ kwekọrọ na ngwaọrụ ahụ bụ ihe nchebe nke ịgụ akwụkwọ. Nke a dị ka aghụghọ injinia: mgbe ị na-eme opcodes mpụga, a na-atụgharị ụgbọ ala ROM gaa na nchekwa nwa oge.
Nke a na-akpọ ọrụ SROM 0x07, dị ka egosiri na akwụkwọ (italics mine):
Nyochaa checksum ọrụ a. Ọ na-agbakọ nlele nlele 16-bit nke ọnụọgụ nke blocks akọwapụtara onye ọrụ n'otu ụlọ akụ flash, malite na efu. A na-eji paramita BLOCKID agafe ọnụọgụ ngọngọ nke a ga-eji mgbe ị na-agbakọ checksum. Uru nke "1" ga-agbakọ naanị checksum maka ngọngọ efu; ebe "0" ga-eme ka a gbakọọ mkpokọta checksum nke blocks 256 nke ụlọ akụ flash. A na-eweghachite ego nlele 16-bit site na KEY1 na KEY2. Oke KEY1 na-echekwa ọnụọgụ 8 dị ala nke checksum, na oke KEY2 na-echekwa 8 bit dị elu. Maka ngwaọrụ nwere ọtụtụ ụlọ akụ flash, a na-akpọ ọrụ checksum maka nke ọ bụla iche. A na-edozi nọmba ụlọ akụ nke ọ ga-eji rụọ ọrụ site na ndebanye aha FLS_PR1 (site n'itinye ntakịrị n'ime ya kwekọrọ na ụlọ akụ flash ebumnuche).
Rịba ama na nke a bụ checksum dị mfe: a na-agbakwunye bytes n'otu n'otu; enweghị CRC dị egwu. Na mgbakwunye, n'ịmara na isi M8C nwere obere ndekọ ndekọ, echere m na mgbe ị na-agbakọ checksum, a ga-edekọ ụkpụrụ etiti n'otu mgbanwe ahụ ga-emecha gaa na mmepụta: KEY1 (0xF8) / KEY2 ( 0xF9).
Nke a koodu overwrite anyị dị oké ọnụ ahịa checksum site na-akpọ Calibrate1 (SROM ọrụ 9)...Ma eleghị anya, anyị nwere ike dị nnọọ zipu nọmba anwansi (site na mmalite nke koodu n'elu) ịbanye programming mode, wee gụọ SRAM? Ma ee, ọ na-arụ ọrụ! Koodu Arduino na-eme mwakpo a dị mfe:
for delay in range(0, 150000): # задержка в микросекундах
for i in range(0, 10): # количество считывания для каждойиз задержек
try:
reset_psoc(quiet=True) # перезагрузка и вход в режим программирования
send_vectors() # отправка инициализирующих векторов
ser.write("x85"+struct.pack(">I", delay)) # вычислить контрольную сумму + перезагрузиться после задержки
res = ser.read(1) # считать arduino ACK
except Exception as e:
print e
ser.close()
os.system("timeout -s KILL 1s picocom -b 115200 /dev/ttyACM0 2>&1 > /dev/null")
ser = serial.Serial('/dev/ttyACM0', 115200, timeout=0.5) # открыть последовательный порт
continue
print "%05d %02X %02X %02X" % (delay, # считать RAM-байты
read_regb(0xf1),
read_ramb(0xf8),
read_ramb(0xf9))
Na nkenke, ihe koodu a na-eme:
Reboot PSoC (ma zipu ya nọmba anwansi).
Na-eziga vector mmalite mmalite zuru ezu.
Ọ na-akpọ ọrụ Arduino Cmnd_STK_START_CSUM (0x85), ebe a na-agafe oge n'ime microseconds dị ka oke.
Na-agụ checksum (0xF8 na 0xF9) na ndekọ na-enweghị akwụkwọ 0xF1.
A na-eme koodu a ugboro 10 na 1 microns. 0xF1 gụnyere ebe a n'ihi na ọ bụ naanị ndekọ gbanwere mgbe ị na-agbakọ checksum. Ikekwe ọ bụ ụdị mgbanwe nwa oge nke ngalaba mgbako na-eji. Rịba ama mbanye anataghị ikike jọrọ njọ m na-eji tọgharịa Arduino site na iji picocom mgbe Arduino kwụsịrị igosi ihe ịrịba ama nke ndụ (enweghị echiche kpatara ya).
7.2. Na-agụ nsonaazụ
Nsonaazụ nke edemede Python dị ka nke a (dị mfe maka ịgụ):
DELAY F1 F8 F9 # F1 – вышеупомянутый неизвестный регистр
# F8 младший байт контрольной суммы
# F9 старший байт контрольной суммы
00000 03 E1 19
[...]
00016 F9 00 03
00016 F9 00 00
00016 F9 00 03
00016 F9 00 03
00016 F9 00 03
00016 F9 00 00 # контрольная сумма сбрасывается в 0
00017 FB 00 00
[...]
00023 F8 00 00
00024 80 80 00 # 1-й байт: 0x0080-0x0000 = 0x80
00024 80 80 00
00024 80 80 00
[...]
00057 CC E7 00 # 2-й байт: 0xE7-0x80: 0x67
00057 CC E7 00
00057 01 17 01 # понятия не имею, что здесь происходит
00057 01 17 01
00057 01 17 01
00058 D0 17 01
00058 D0 17 01
00058 D0 17 01
00058 D0 17 01
00058 F8 E7 00 # Снова E7?
00058 D0 17 01
[...]
00059 E7 E7 00
00060 17 17 00 # Хмммммм
[...]
00062 00 17 00
00062 00 17 00
00063 01 17 01 # А, дошло! Вот он же перенос в старший байт
00063 01 17 01
[...]
00075 CC 17 01 # Итак, 0x117-0xE7: 0x30
Nke a na-ekwu, anyị nwere nsogbu: ebe ọ bụ na anyị na-arụ ọrụ na checksum n'ezie, null byte anaghị agbanwe uru agụ. Otú ọ dị, ebe ọ bụ na usoro ngụkọta oge dum (8192 bytes) na-ewe 0,1478 sekọnd (na obere mgbanwe oge ọ bụla a na-agba ọsọ), nke na-adaba na 18,04 μs kwa byte, anyị nwere ike iji oge a lelee uru checksum n'oge kwesịrị ekwesị. Maka ịgba ọsọ mbụ, a na-agụ ihe niile n'ụzọ dị mfe, ebe ọ bụ na oge nke usoro mgbakọ na mwepụ bụ ihe fọrọ nke nta ka ọ bụrụ otu. Agbanyeghị, njedebe nke mkpofu a adịchaghị zie ezie n'ihi na “obere oge ndapụta” na ọsọ ọ bụla na-agbakwunye ka ọ dị ịrịba ama:
134023 D0 02 DD
134023 CC D2 DC
134023 CC D2 DC
134023 CC D2 DC
134023 FB D2 DC
134023 3F D2 DC
134023 CC D2 DC
134024 02 02 DC
134024 CC D2 DC
134024 F9 02 DC
134024 03 02 DD
134024 21 02 DD
134024 02 D2 DC
134024 02 02 DC
134024 02 02 DC
134024 F8 D2 DC
134024 F8 D2 DC
134025 CC D2 DC
134025 EF D2 DC
134025 21 02 DD
134025 F8 D2 DC
134025 21 02 DD
134025 CC D2 DC
134025 04 D2 DC
134025 FB D2 DC
134025 CC D2 DC
134025 FB 02 DD
134026 03 02 DD
134026 21 02 DD
Nke ahụ bụ mkpofu 10 maka igbu oge microsekọnd ọ bụla. Ngụkọta oge ọrụ maka ịkwatu ihe niile 8192 bytes nke flash mbanye bụ ihe dị ka awa 48.
7.3. Nrụgharị ọnụọgụ abụọ Flash
Emechabeghị m ide koodu nke ga-emegharị koodu mmemme nke draịva flash kpamkpam, na-eburu n'uche mgbanwe oge niile. Agbanyeghị, eweghachila m mmalite koodu a. Iji jide n'aka na m mere ya nke ọma, ejiri m m8cdis kwasa ya:
0000: 80 67 jmp 0068h ; Reset vector
[...]
0068: 71 10 or F,010h
006a: 62 e3 87 mov reg[VLT_CR],087h
006d: 70 ef and F,0efh
006f: 41 fe fb and reg[CPU_SCR1],0fbh
0072: 50 80 mov A,080h
0074: 4e swap A,SP
0075: 55 fa 01 mov [0fah],001h
0078: 4f mov X,SP
0079: 5b mov A,X
007a: 01 03 add A,003h
007c: 53 f9 mov [0f9h],A
007e: 55 f8 3a mov [0f8h],03ah
0081: 50 06 mov A,006h
0083: 00 ssc
[...]
0122: 18 pop A
0123: 71 10 or F,010h
0125: 43 e3 10 or reg[VLT_CR],010h
0128: 70 00 and F,000h ; Paging mode changed from 3 to 0
012a: ef 62 jacc 008dh
012c: e0 00 jacc 012dh
012e: 71 10 or F,010h
0130: 62 e0 02 mov reg[OSC_CR0],002h
0133: 70 ef and F,0efh
0135: 62 e2 00 mov reg[INT_VC],000h
0138: 7c 19 30 lcall 1930h
013b: 8f ff jmp 013bh
013d: 50 08 mov A,008h
013f: 7f ret
Ọ dị ka ihe ezi uche dị na ya!
7.4. Ịchọta adreesị nchekwa koodu PIN
Ugbu a anyị nwere ike ịgụ checksum n'oge anyị chọrọ, anyị nwere ike ịlele etu na ebe ọ na-agbanwe ngwa ngwa mgbe anyị:
tinye koodu PIN ezighi ezi;
gbanwee koodu ntụtụ.
Nke mbụ, iji chọta adreesị nchekwa dị nso, ewera m mkpofu checksum na ịrị elu 10 ms ka mweghachichara. M tinyezie PIN na-ezighi ezi wee mee otu ihe ahụ.
Ihe si na ya pụta adịghị nnọọ mma, ebe ọ bụ na e nwere ọtụtụ mgbanwe. Mana n'ikpeazụ enwere m ike ịchọpụta na checksum gbanwere ebe n'etiti 120000 µs na 140000 µs nke igbu oge. Mana “pincode” m gosipụtara ezighi ezi - n'ihi ihe arụrụ arụ nke usoro igbu ogeMicroseconds, nke na-eme ihe dị ịtụnanya mgbe 0 gafere ya.
Mgbe ahụ, mgbe m nọrọ ihe fọrọ nke nta ka ọ bụrụ awa 3, echetara m na SROM usoro oku CheckSum na-enweta arụmụka dị ka ntinye nke na-akọwa ọnụọgụ nke blocks maka checksum! Nke ahụ. anyị nwere ike wepụta adreesị nchekwa nke koodu PIN na ngwa “mgbalị ezighi ezi”, yana izi ezi ruru ngọngọ 64-byte.
Ọsọ mbụ m rụpụtara nsonaazụ a:
M gbanwere PIN site na "123456" gaa na "1234567" wee nweta:
Ya mere, koodu PIN na counter nke mgbalị ezighi ezi yiri ka echekwara na ngọngọ nke 126.
7.5. Ịna-ekpofu ihe mgbochi nke 126
Block #126 kwesịrị ịnọ n'ebe dị gburugburu 125x64x18 = 144000μs, site na mmalite nke ngụkọta ego checksum, na mkpofu m zuru oke, ọ na-adịkwa mma. Mgbe ahụ, mgbe ejiri aka wepụsịa ọtụtụ mkpofu na-adịghị mma (n'ihi nchịkọta nke "obere oge ngbanwe"), agwụchara m ịnweta bytes ndị a (na nkwụsị nke 145527 μs):
O doro anya na echekwara koodu PIN n'ụdị ezoro ezo! N'ezie, edeghị ụkpụrụ ndị a na koodu ASCII, mana dịka o siri pụta, ha na-egosipụta ọgụgụ ndị e nwetara na ahụigodo capacitive.
N'ikpeazụ, agbagara m ule ọzọ iji chọpụta ebe echekwara counter mgbalị ọjọọ. Nke a bụ nsonaazụ:
0xFF - pụtara "mgbalị 15" na ọ na-ebelata na mgbalị ọ bụla dara ada.
7.6. Koodu PIN mgbake
Nke a bụ koodu jọrọ njọ nke na-ejikọta ihe ndị dị n'elu ọnụ:
anyị nwere ike ịgụ SRAM ọ bụrụgodị na echekwabara ya;
Anyị nwere ike ịgafe mgbochi mgbochi swipe site na iji mgbanaka akpụkpọ ụkwụ oyi wee gụọ koodu PIN ozugbo.
Agbanyeghị, ọgụ anyị nwere ntụpọ ụfọdụ n'ihi nsogbu mmekọrịta. Enwere ike imeziwanye ya dịka ndị a:
dee akụrụngwa iji dekọọ data mmepụta nke enwetara n'ụzọ ziri ezi n'ihi mwakpo “akpụkpọ ụkwụ oyi”;
jiri ngwa FPGA mepụta oge igbu oge karịa (ma ọ bụ jiri oge ngwaike Arduino);
nwaa ọgụ ọzọ: tinye koodu PIN ezighi ezi, malitegharịa ma tụfuo RAM, na-atụ anya na a ga-echekwa koodu PIN ziri ezi na RAM maka ntụnyere. Otú ọ dị, nke a adịghị mfe ime na Arduino, ebe ọ bụ na akara ngosi Arduino bụ 5 volts, ebe bọọdụ anyị na-enyocha na-arụ ọrụ na akara 3,3 volt.
Otu ihe na-adọrọ mmasị nke enwere ike ịnwale bụ iji ọkwa voltaji gwuo egwu iji gafere nchebe ịgụ. Ọ bụrụ na usoro a na-arụ ọrụ, anyị ga-enwe ike ịnweta data ziri ezi site na draịva flash - kama ịdabere n'ịgụ checksum na-egbu oge na-ezighi ezi.
Ebe ọ bụ na SROM nwere ike na-agụ ihe nche site na oku usoro ReadBlock, anyị nwere ike ime otu ihe ahụ kọwara na blọọgụ Dmitry Nedospasov - mmejuputa mwakpo Chris Gerlinski, kwupụtara na ogbako ahụ. "REcon Brussels 2017".
Ihe ọzọ na-atọ ụtọ nwere ike ime bụ iwepụ ikpe ahụ na mgbawa: iji wepụ SRAM, chọpụta oku usoro na-enweghị akwụkwọ na adịghị ike.
9. Mmechi
Yabụ, nchekwa nke draịva a na-ahapụ ọtụtụ ihe achọrọ, n'ihi na ọ na-eji microcontroller mgbe niile (ọ bụghị “agbasiri ike”) iji chekwaa koodu PIN… Plus, ahụbeghị m (ma) ka ihe na-aga na data. izo ya ezo na ngwaọrụ a!
Kedu ihe ị nwere ike ịkwado maka Aigo? Mgbe nyochachara ụdị abụọ nke draịva HDD ezoro ezo, na 2015 emere m ngosi na SyScan, nke ọ nyochara nsogbu nchekwa nke ọtụtụ draịva HDD dị n'èzí, wee nye ndụmọdụ maka ihe enwere ike imeziwanye na ha. 🙂
Eji m izu ụka abụọ na ọtụtụ mgbede mee nyocha a. Ngụkọta ihe dị ka awa 40. Na-agụta site na mmalite (mgbe m meghere diski) ruo na njedebe (Ntupu koodu PIN). Otu awa 40 ahụ gụnyere oge m ji dee akụkọ a. Ọ bụ njem na-akpali akpali nke ukwuu.