Go Down

Topic: Some success with writeCID (Read 41431 times) previous topic - next topic

legno75

Can you explain how to? Please?

DavidLE

Can you explain how to? Please?
As i mentioned on my post, I did a lot of experiment and reverse engineering on manufacturers firmwares
It's not just sending CMD26 on SPI mode. You need to knock SD or MicroSD Card into firmware mode. Once done, They do accept CMD26 and Permanently accept new CID Values.

Arduinux

#17
Nov 13, 2015, 10:55 pm Last Edit: Dec 08, 2015, 11:58 am by Arduinux
Hi DavidLE,
glad to read that you succeeded!
Please, could you tell exactly with which cards you were able to do that successfully?
You wrote 2 major manufacturers out of 4, but what exactly?
Were MMC or SD? (I guess SD and uSD)
What model exactly?
An interesting thing would be if you could provide original CID and CSD of the cards that you have been able to change, is it possible?
Knowing it would be possible to understand their manufacturer date and other useful parameters.
I know I asked for a lot of informations and I hope you will answer.
(Even if I'm pretty sure that your statements are based on something like this old document here
 
http://tinyurl.com/lncst9c
 
so actually your answer has to be interpreted academically rather than like a possible solution to the problem, being in the facts that in real life the things are far from being as you have described them.
Hence there will be no any reply.)
Anyway, you wrote that each controller needs different methods, I guess you mean working on different cards produced by different manufacturer's brands.
Once you can reach the target with a certain type of cards produced by a specific manufacturer, then surely you can repeat the job on others cards which are the same as model, brand and manufacturer.
You wrote that it is possible but very time consuming do the job since you will need to come up with different ways for different controllers and also creating something (Universal) that will work with every controller is almost impossible.
I partially agree.
I don't know what do you mean about the different ways for different controllers you wrote, but in my opinion I think with the right cards isn't too hard to achieve the goal.
I'm pretty sure I'd be able to do the job but unluckily I can't find the right SD/MMC.
So please, explain exactly with what kind of cards you were able to do the job possibly specifying their manufacturer, brand, type CSD and original CID (in order to know their manufacturer date).
Thanks in advance.

You also wrote that it's not just sending CMD26 on SPI mode and it's need to knock SD or MicroSD card into firmware mode, then once done, they do accept CMD26 and permanently accept new CID values.
That would not be a problem always working on the same type of cards.
Anyway I think it isn't so complex, the real trick is to have the right cards, IMHO

AR

Alexel

Somebody has news about change of CID?
I found that CMD60 on SiliconMotion controlers transfers SD to the mode when the card doesn't respond to CMD26 to Error.

Arduinux

Hi Alexel,
sadly no new news for now.
Anyway, what do you mean by writing that you have found that CMD60 on SiliconMotion controlers transfers SD to the mode when the card doesn't respond to CMD26 to Error?
Thanks.
 
AR

DavidLE

Seems like you guys are on right path :)
I can share limited info thru PM

Thanks

Arduinux

Hi DavidLE,
thank you for your kind support.
Honestly though, I can't see why for you it's not possible to provide informations here while instead it is possible thrugh PM.
Anyway meanwhile, if you want, you could start by answering the questions that I have made about the manufacturer, model, original CID and CSD of the cards you've modified successfully or at least confirm or deny that your statements are based on something like this old document here:
 
http://tinyurl.com/lncst9c
 
Thanks in advance!
 
AR

yyzyyz

Hi guys, just wondering if any progress has been made on this... It looks like we have a lot of information to work with, but unfortunately, don't know which cards to target :(

Somebody has news about change of CID?
I found that CMD60 on SiliconMotion controlers transfers SD to the mode when the card doesn't respond to CMD26 to Error.
Can you please elaborate on what argument did you use for the first command? Also, what brand of SDHC cards use this controller?

Thanks.

Arduinux

Hi yyzyyz,

Hi guys, just wondering if any progress has been made on this... It looks like we have a lot of information to work with, but unfortunately, don't know which cards to target :(
That would be telling.
It's a secret!
Ok, I'm just kidding, apologize me.
I agree, you are right.
Actually it doesn't need anything else than to know what are the right cards because only those make the difference doing the trick.
Meanwhile I have purchased some cards from China, we'll see if those are the right ones or no.

Can you please elaborate on what argument did you use for the first command? Also, what brand of SDHC cards use this controller?
Not just talking about SiliconMotion controllers, not only CMD60 has that behaviour, even other have it.
Some cards have it,  some don't.
In my opinion it isn't much a matter of controller type but rather of the kind of card.
Alexel didn't respond to my request for clarification, though.
So honestly I don't know exactly what he meant, sorry.

However for any doubt you can try with a PM, maybe you'll get the solution.

AR

yyzyyz

I think it totally depends on the controller and the firmware running on it and as DavidLE has also mentioned, it's unique to each controller type. So what works on an SMI controller might not work on a Micron controller, for example. Although Alexel provided a good lead on the Silicon Motion controllers, he did not care to mention which card he was testing with. Similarly, DavidLE hasn't mentioned which brand of cards and specific controllers did he succeed with. I've sent them both a PM for more details but they haven't responded yet. Unfortunately, there's no easy way (that I know of) to determine which cards employ which controller by just interacting with the card firmware. I hope you have better luck with the Chinese cards; please do let us know how it goes.

Arduinux

Hi yyzyyz,
I think it totally depends on the controller and the firmware running on it and as DavidLE has also mentioned, it's unique to each controller type. So what works on an SMI controller might not work on a Micron controller, for example.
I don't think so.
Surely controller do its part but it acts based on what it is programmed for.
OK, the firmware is unique among the controllers so it isn't simple to put it on different ones, but even talking about a single type of cards it's possible find them able to do things that on other with the same controller are programmed different so them don't work the same way.
In my experience I handled some card which had the same controller for sure having I ripped them for looking inside, but totally them didn't behave in the same manner.
You need to keep in mind that cards, even with the same controller, can be purposely programmed different for specific purposes.
The controller may be unique, the firmware inside it no.
There are too many different types and kind of cards.
 
Although Alexel provided a good lead on the Silicon Motion controllers, he did not care to mention which card he was testing with. Similarly, DavidLE hasn't mentioned which brand of cards and specific controllers did he succeed with. I've sent them both a PM for more details but they haven't responded yet.
For me, based on what I just wrote above, the content of CID and CSD and possibly a few other registers, is sufficient to identify the right cards.
I saw many cards, even industrial version, which were the same type and model with the same brand and from the same manufacturer but parts inside were different although the cards were fully interchangeable among them.
Anyone can easily verify by self simply buying a little amount of cards and quering or even ripping them.
This is why I don't trust only on the controller.
DavidLE and Alexel approach is good, exactly like that in the document I provided.
Anyway my purposes may be different from those of others and this could influence the kind of the approach.
For instance I don't need to find a way so that I'm in the position to change the CID in all card over the whole world.
For my purpose it's enough find even one single piece where I can do the job.
No matter even the type of card, if MMC or SD or fake or counterfeit or unreliable to keep data, or so, it doesn't important for me.
That is.
However I hope that David and Alexiel sooner or later reply at you.
 
Unfortunately, there's no easy way (that I know of) to determine which cards employ which controller by just interacting with the card firmware. I hope you have better luck with the Chinese cards; please do let us know how it goes.
In the past I've contacted some manufacturer by asking for that kind of cards and they answered at me that they can provide them for sure.
The fact is that they always ask for a bunch of cards to be purchased and never they provide exactly specifications or the content of CID and CSD neither the opportunity to evaluate their products simply by purchasing few piece.
I'm talking of Chinese manufacturer/dealer/retailers.
Please pay attention that I am not blaming or accusing anyone, simply that is their way to run the business and customers must to accept it.
I think that people who live in Asia have an advantage in this type of search.
 
AR

Arduinux

#26
Feb 18, 2016, 08:54 pm Last Edit: Feb 18, 2016, 10:02 pm by Arduinux
I found that CMD60 on SiliconMotion controlers transfers SD to the mode when the card doesn't respond to CMD26 to Error.
Hi Alexel,
ok that's valid for Siliconmotion but exacly what type?
As I have already written there are a bunch of Siliconmotion's controllers.
For instance here you go the SM261A's behavior.

Siliconmotion SM261A (card=MMC, MDT=July 2004 / MultiMediaCard Protocol Version=6.00):

CMD60 = card is locked [R2]
CMD61 = illegal command [R1]
CMD62 = illegal command [R1]
CMD63 = illegal command [R1]

Then that it isn't only a matter of brand of the controller.
Here it follows the behavior of two other types of controllers.

ITE IT-1232A-53E (card=SD, MDT=April 2015 / Physical Layer Specification Version Number=2.00):

CMD60 = illegal command [R1]
CMD61 = illegal command [R1]
CMD62 = illegal command [R1]
CMD63 = illegal command [R1]

Unknow controller (card=SD, MDT=September 2013 / Physical Layer Specification Version Number=3.0X):

CMD60 = accepted [R2]
CMD61 = accepted [R1]
CMD62 = illegal command [R1]
CMD63 = illegal command [R1]

AR

Mangraviti

I am going to be honest.

I broke my leg badly on a motorbike accident back in August 2015 and I am still recovering from the fracture.

There is a device called Exogen Bone Healing System, made by Bioventis.

This device is a ultrasound device that emmits ultrasound waves into the bones, making the recovery consideraly faster.

One problem, though: this thing costs 5 thousand US Dollars. It's beyound my financial possibilities. And it's getting even more distant as I haven't worked since August 2015 and I have literally no income at the moment.

This Exogen system has a mainboard with a Microchip PIC16C926. There's also a 32kx8 EEPROM and a diagnostic jack socket. According to my reading out there, the micro doesn't have non-volatile storage.

This device works 150 times, then it stops working. I have purchased a second hand device on eBay, which was a rip off as the seller sent it without an SD card, which apparently holds some information that allows the device to work. I have managed to get a second device for free with Bioventis, which came with the SD card and is working but I still have the second hand one, which doesn't work. The story with Bioventis was a nightmare and I had to threaten them a lot (legally speaking) in order to get a replacement. They said they were going to send me just the SD card but they ended up sending the whole thing.

Unsoldering the battery and soldering it back on makes the device reset and work again but as I have two devices and one SD card (and I have two fractures) I can't get it to work. I tried many cloning tools, even Linux's dd comand, HDD raw copy and a million other softwares without luck.

So I was hoping someone could help. It is already known that the device can be reset by simply removing the battery and soldering it back on and I really, really need this to work. I can't afford 5K being out of work without any income.

Would anyone be interested in helping? I plan to reset this machine and donate it to someone else who needs it when I'm back to normal... This Pharmaceutical industry really makes me sick. How can they charge so much for something that would get people to walk again?

If anyone is interested, this is a guy who posted a little "overview" of the Exogen:

http://jschneider.net/Exogen4000.html

legno75

Someone managed to change the CID ?

DavidLE

I Successfully did. Took me few months of hard work.

Someone managed to change the CID ?

Go Up