Hi,
My device is mmc not use mtd. So how to dump mmc devices?
As I understand dd won't dump OOB. Is there a way to dump mmc with all artifacts?
Many thanks
indi
Hi,
Do any body have an idea about how to dump mmc devices?.
Further does using dd on non mtd devices - which are mmc, extract OOB data. If not how can I do this?
Do any body have an idea about how to dump mmc devices?.
I think your question might be too broad, and that you need to narrow it down.
Not sure I understand MMC completely, but my impression is that they could be just anything, including non-storage devices. And 'dumping' something like a UART or a modem card or some other I/O card does not seem to make sense.
But perhaps you're thinking of only a particular card class?
Further does using dd on non mtd devices - which are mmc, extract OOB data. If not how can I do this?
Only thing I can suggest is to read the documentation of the device driver you are or will be using, particularly what a 'read()' will translate to in MMC terms. I would expect you'd need various ioctls to access everything, in which case dd is not the right tool to use … but I'm no expert.
I'm fairly certain MMC support passwords, so … I don't think there are any guarantees for access.
Thank you for your reply.
Here is the detail for mmc what I mean.
In adb shell I execute cat/proc/mtd. This prints nothing on the console.
Then I tried cat /proc/mmc. This had a output on console like
dev size erasesize name
mmcblk0p17 00040000 00000200 "misc"
mmcblk0p21 0087f400 00000200 "recovery"
mmcblk0p22 00400000 00000200 "boot"
mmcblk0p25 22dffe00 00000200 "system"
mmcblk0p27 12bffe00 00000200 "cache"
mmcblk0p26 496ffe00 00000200 "userdata"
mmcblk0p28 014bfe00 00000200 "devlog"
So that's what I say mmc device not using mtd.
I would like to drag your attention to following extract.
"• Android devices use a raw flash device, and therefore need a Flash Transition Layer (FTL)
– FTL provides basic block interface to developers
– Handles wear leveling, bad block management, metadata, etc.
• FTL is provided by Memory Technology Device (MTD)
– MTD is open source
– Newer Android devices are moving to eMMC where FTL controller is embedded with the memory (similar to thumb drives and SSD)
• MTD divides memory into blocks, each of which is 128K with a 64 byte Out-of-Band (OOB) area
– OOB houses YAFFS2 tags, meta data, bad blocks and ECC"
Now I want to perform full physiscal acquisition of my device, not only user data but also with deleted and unallocated space.
With dd I can pull specific partition. But this does not copy OOB data.
For this with MTD devices I can use nanddump utility.
But my device in discuss is eMMC.
I would clarify
1. How YAFFS2 tags, meta data, bad blocks stored in eMMC devices, is there OOB area etc.
2. At physiscal acquisition eMMC do I need to pay attention to this
3. Will dd copy this all data or dd behave as same as with MTD devices.
An explanation would be very help full, as I am a newbie.
Hope my question areas are clear.
Many thanks
Hello,
i'm not a guru here but, as far as i know, when dealing with eMMC devices, you will be able to talk to the NAND only through the FTL, so you won't see what happens at the NAND level, in a similar way to SSD devices, unless you are willing to desolder the chip and dump it directly.
Also, newer android devices (afaik) don't use YAFFS anymore, but are more likely to use ext filesystem.
the only way (i know) for dumping the OOB data is via JTAG or chip-off, when working on the host operating system (recovery or whatever) you won't be able to bypass the FTL, and all you can see is what the FTL presents you, so.. no nand dump, and therefore, no OOB.
Hi,
Thank you for the reply. Does this mean there is a limitation of recovering deleted data in new android devices using eMMC?
Any idea on how other forensic tools work with this would help me.
Thank you