Reverse Engineering Flash Memory for Fun and Benefit

Explore the intricacies of reverse engineering embedded devices through direct interaction with Flash memory in this 45-minute Black Hat conference talk. Delve into the process of reprogramming chips and reinstalling them on circuit boards, gaining access to out-of-band data containing crucial page and block information. Learn how to handle common issues like bad blocks and page data contamination while extracting and writing back data. Discover techniques for recalculating sums and setting correct flags in meta information areas. Examine the fascinating world of journaling file systems used in embedded systems, and understand how to mount these file systems or create parsers to analyze file operation history. Gain insights into Flash memory programming and usage through hands-on examples, including MCU Host Bus Emulation Mode, basic command sets for NAND Flash memory, ECC calculations, and JFFS2 file system mounting. Address challenges such as heat management, damaged pins, and tamper detection while mastering the art of reverse engineering Flash memory for both entertainment and practical benefits.

Intro
The targeted device
Equipment & Supplies
Too much heat?
FTDI FT2232H breakout board
MCU Host Bus Emulation Mode
Data control lines
Read operation example
Basic command sets for usual NAND Flash memory (small blocks)
Reading a small block page
Write operation pin states
ECC (Error Correction Code)
Example - P8 calculation
Example - P2 calculation
ECC calculation code
Example bad block check routine
An example of Flash memory layout
U-boot boot code
Custom boot code
Kernel image disassembly
Mounting JFFS2 file system using a MTD
Bridge & damaged pins
Tamper detection
Conclusion