A while back I found myself having an irritating problem. I was reverse engineering an IP camera and wanted to modify its filesystem. Easy - you just desolder the BGA NAND, read it out, patch and write it back - right?Well, not when there’s a difference in the ECC depending on whether a page has been written at all compared to if it has been written back with the same byte pattern. That is, the ECC for a page full of 0xff is 0xff if it has never been flashed before but 0x00 if it has. This is due to the on-chip ECC engine and not something the flashcat software is able to avoid.So, faced with the ability to either flash the data with ECC calulations off (“corrupt filesystem”) or with ECC calculations on (“corrupt filesystem”) I had to figure out a third solution.Calculate the ECC myself - because then I can make sure it’s only calculated on the sectors that should have it and not the “uninitialized” ones.The ECC algorithm for Winbond W25N01GV is not public. The only information that…
No comments yet. Log in to reply on the Fediverse. Comments will appear here.