The Need for Free and Open HardDrive firmware

9 risposte [Ultimo contenuto]
G4JC
Offline
Iscritto: 03/11/2012

As you may have heard in the news recently, Western Digital, Seagate, and Toshiba are all vulnerable to firmware exploitation and low-level malware hosting. News source: http://www.stuff.co.nz/technology/digital-living/66279485/nsa-hiding-equation-spy-program-on-hard-drives

The problem with infecting this layer is that no free or open source firmware exists, and very little effort has been done about it.

There are very few attempts to reverse engineer it as well...
https://www.reddit.com/r/ReverseEngineering/comments/1g8kzc/hdd_firmware_where_to_start/

I think now is a good time to start looking into this for the FSF community.

Legimet
Offline
Iscritto: 12/10/2013

I just saw this a few minutes ago. I think I saw an effort before to reverse engineer hdd or ssd firmware somewhere, but I don't remember.

G4JC
Offline
Iscritto: 03/11/2012

Cool, it would be nice to find any projects like this and post them here for anyone who might be interested in helping on the effort.

Edit: Just found this! http://www.openssd-project.org/wiki/The_OpenSSD_Project

Legimet
Offline
Iscritto: 12/10/2013

Yes, that's the one. I think they're developing their own SSD platform though, not reverse engineering existing ones. Firmware license is GPLv3+.

G4JC
Offline
Iscritto: 03/11/2012

Nice.

I also found some successful attempts at firmware modification, doesn't make much sense to me but probably is a wealth of knowledge to those who do...
http://malthus.mooo.com/viewtopic.php?p=1841#p1841

Jabjabs
Offline
Iscritto: 07/05/2014

Here is a great example of Hard drive controller hacking.

http://spritesmods.com/?art=hddhack

Scary to think what can be done with this stuff.

Casey Parker
Offline
Iscritto: 02/05/2015

Well ... that .. that was intensely interesting and I thank you for that
link.

On Tue Feb 17 2015 at 9:34:50 PM <name at domain> wrote:

> Here is a great example of Hard drive controller hacking.
>
> http://spritesmods.com/?art=hddhack
>
> Scary to think what can be done with this stuff.
>

Jabjabs
Offline
Iscritto: 07/05/2014

Yeah I mentioned it at a local Free software meet up about a month back, your reaction is normal. It is so easy to forget just how pervasive programmable processors are in even what we consider to be innocent devices.

Jodiendo
Offline
Iscritto: 01/09/2013

It is good reading, but in my opinion knowing this vulnerability, is hitting everyone at lighting speed.
What I was looking for was the specific manufacture model number and year. but that is not disclose yet. To hack it to be compatible for a game console is one thing, but to be hack and use it as a backdoor for malicious purpose is another monster from hell. This event makes any spy movie feel like a cavemans toilet.