Arduino Forum

Using Arduino => Networking, Protocols, and Devices => Topic started by: hranmuthu on Jul 15, 2011, 08:05 am

Title: Some success with writeCID
Post by: hranmuthu on Jul 15, 2011, 08:05 am
Hi all,

I need to program the CID of SD cards. I found couple of cheap SD cards that accepts CMD26. I use Arduino Uno to communicate with the SD card. I can also see my CMD26 changes the CID time to time with garbage values (not always). I need to know the way to set the CID reliably. I'm using SD2Card library (with modifications) to do this. Can someone let me know the byte sequences that I need to send to the SD card in order to write the CID?

Thanks in advance,
Harshana
Title: Re: Some success with writeCID
Post by: robtillaart on Jul 15, 2011, 11:29 am
Why do you want to write the CID?

normally the CID is used for identification & protection of apps on SDcard  IIRC?
Title: Re: Some success with writeCID
Post by: hranmuthu on Jul 15, 2011, 02:22 pm
I need to copy protect my application + impress my friends. I don't think its a difficult task. Unfortunately information is not readily available for a DIYer like me.
Title: Re: Some success with writeCID
Post by: fat16lib on Jul 15, 2011, 02:51 pm
CMD26 is reserved.  If your card allows CMD26, it may not work properly.

CMD26 should not be supported in SPI mode.

From the SD association:
Quote

CMD26 PROGRAM_CID

Programming of the card
identification register. This
command shall be issued only
once. The card contains
hardware to prevent this
operation after the first
programming. Normally this
command is reserved for the
manufacturer.
Title: Re: Some success with writeCID
Post by: hranmuthu on Jul 18, 2011, 06:31 am
Hi,

I know the docs say CMD26 is reserved and it will not work on SPI mode etc... Obviously some SD manufacturers are not bothered. I don't think it is illegal to write to CID or to exploit the cheaper SD card features provided against the spec.

If no one has used CMD26, then anyone know how to use CMD27? I think CMD26 will  also work the same way with required data size.

Thanks,
Harshana
Title: Re: Some success with writeCID
Post by: hranmuthu on Jul 19, 2011, 05:02 pm
Guys...,

Can someone help me on this ?

Thanks,
Harshana
Title: Re: Some success with writeCID
Post by: fat16lib on Jul 20, 2011, 03:32 pm
When you use CMD27 you must only change the writable part of the CSD.  The other data must match the read only part in the CSD. 

You must use the correct value for the CRC field in the register.

These are the three bits you can change but only TMP_WRITE_PROTECT can changed back.

Quote
• COPY
Defines whether the contents is original (=0) or has been copied (=1). Setting this bit to 1 indicates that
the card content is a copy. The COPY bit is a one time programmable bit except ROM card.
• PERM_WRITE_PROTECT
Permanently protects the entire card content against overwriting or erasing (all write and erase
commands for this card are permanently disabled). The default value is 0, i.e. not permanently write
protected.
• TMP_WRITE_PROTECT
Temporarily protects the entire card content from being overwritten or erased (all write and erase
commands for this card are temporarily disabled). This bit can be set and reset. The default value is 0,
i.e. not write protected.
Title: Re: Some success with writeCID
Post by: hranmuthu on Jul 25, 2011, 10:00 am
Thanks fat16lib for the reply.

OK I understand that I need to be careful when writing to CSD as PERM_WRITE_PROTECT will make my SD unusable (unless I have anything useful for reading). My query is how do I use CMD27.

I can use SD2Card cardCommand(27, 0) and get the response. How do I write the data that goes into the register?

if (ret = cardCommand(27, 0))
  {
   Serial.print("CMD27 failed :");
   Serial.println(ret, HEX);
    return false;
  }
  else
   Serial.println("CMD27 worked");

spiSend(data1); // send 1st byte
spiSend(data2); // send 2nd byte
spiSend(data3);
...
spiSend(datan);

Will this work ? Doesn't want to try this and ruin the card.

Thanks again
Harshana



Title: Re: Some success with writeCID
Post by: hranmuthu on Jul 28, 2011, 04:22 pm
Hi fat16lib, looks like you are my only hope.
Title: Re: Some success with writeCID
Post by: txomin on Feb 10, 2014, 02:56 pm
Any improvement on modyfing SD CID registers?
Title: Re: Some success with writeCID
Post by: hranmuthu on Mar 10, 2014, 05:10 am
Hi all,

There's been inquiries on what happened on this project. This is to update all of you who are still searching for a solution.

I was not able to continue on this project after the roadblock I came across. I would love to hear  from anyone who got it working. As per SD cards, go for cheap / unbranded SD cards, they will most probably support CID to be written.

Thanks,
Harshana
Title: Re: Some success with writeCID
Post by: Arduinux on Mar 29, 2014, 12:06 am
Hi all.
Ok, I want to take a chance.
I need some informations, though.
Somebody wrote about cheap MMC or SD cards.
I guess they could even be counterfeit or fake cards but which they allow CMD26.
So, someone could tell what cards (brand and model or manufacturer) surely accept CMD26?
Honestly I tried to find them but no joy.
Where have you found them?
That said it would be possible go ahead otherwise we are stuck no way out and without any possibility, hence it's game over.
Another thing which could be important and useful to know is the way you need to send CMD26.
I wonder if you need to send it in SPI mode or MMC mode.
I guess the correct way is through SPI mode.
This is because I know Arduino generally manages SD/MMC in that way and here in the beginning of the thread someone wrote about modified SD2Card library in order to change/rewrite CID.
Though I could be wrong on this.
Any answers based on your experience will be welcome.
Thanks in advance!

AR
Title: Re: Some success with writeCID
Post by: Bucky101 on Sep 25, 2014, 02:49 am
Hey you had any further progress changing the CID?
Title: Re: Some success with writeCID
Post by: Arduinux on Oct 11, 2014, 10:41 pm
Hi Bucky101,
sadly no, no progress.
I'm pretty sure I'd be able to do the job but unluckily I can't find the right SD/MMC.
I have contacted many manufacturer but nobody gave me even only one single piece.
They ask to buy a lot of pieces, only few pieces are out of business on their point of view so they don't sold few pieces.
All this stuck me.
That is.
But I don't give up!

AR
Title: Re: Some success with writeCID
Post by: DavidLE on Nov 05, 2015, 02:01 am
After few months of research and development I finally figured out how get this working.
hranmuthu, I was able to send CMD26 via SPI and got permanent result (New CID)
But it's more complex then just sending the command
I was able to succeed with 2 major manufacturers out of 4 and each controller needs different methods.
It is possible but very time consuming since you will need to come up with different ways for different controllers. Also Creating something (Universal) that will work with every controller is almost impossible.
Title: Re: Some success with writeCID
Post by: legno75 on Nov 10, 2015, 05:01 pm
Can you explain how to? Please?
Title: Re: Some success with writeCID
Post by: DavidLE on Nov 11, 2015, 02:06 am
Can you explain how to? Please?
As i mentioned on my post, I did a lot of experiment and reverse engineering on manufacturers firmwares
It's not just sending CMD26 on SPI mode. You need to knock SD or MicroSD Card into firmware mode. Once done, They do accept CMD26 and Permanently accept new CID Values.
Title: Re: Some success with writeCID
Post by: Arduinux on Nov 13, 2015, 10:55 pm
Hi DavidLE,
glad to read that you succeeded!
Please, could you tell exactly with which cards you were able to do that successfully?
You wrote 2 major manufacturers out of 4, but what exactly?
Were MMC or SD? (I guess SD and uSD)
What model exactly?
An interesting thing would be if you could provide original CID and CSD of the cards that you have been able to change, is it possible?
Knowing it would be possible to understand their manufacturer date and other useful parameters.
I know I asked for a lot of informations and I hope you will answer.
(Even if I'm pretty sure that your statements are based on something like this old document here
 
http://tinyurl.com/lncst9c
 
so actually your answer has to be interpreted academically rather than like a possible solution to the problem, being in the facts that in real life the things are far from being as you have described them.
Hence there will be no any reply.)
Anyway, you wrote that each controller needs different methods, I guess you mean working on different cards produced by different manufacturer's brands.
Once you can reach the target with a certain type of cards produced by a specific manufacturer, then surely you can repeat the job on others cards which are the same as model, brand and manufacturer.
You wrote that it is possible but very time consuming do the job since you will need to come up with different ways for different controllers and also creating something (Universal) that will work with every controller is almost impossible.
I partially agree.
I don't know what do you mean about the different ways for different controllers you wrote, but in my opinion I think with the right cards isn't too hard to achieve the goal.
I'm pretty sure I'd be able to do the job but unluckily I can't find the right SD/MMC.
So please, explain exactly with what kind of cards you were able to do the job possibly specifying their manufacturer, brand, type CSD and original CID (in order to know their manufacturer date).
Thanks in advance.

You also wrote that it's not just sending CMD26 on SPI mode and it's need to knock SD or MicroSD card into firmware mode, then once done, they do accept CMD26 and permanently accept new CID values.
That would not be a problem always working on the same type of cards.
Anyway I think it isn't so complex, the real trick is to have the right cards, IMHO

AR
Title: Re: Some success with writeCID
Post by: Alexel on Jan 10, 2016, 03:43 am
Somebody has news about change of CID?
I found that CMD60 on SiliconMotion controlers transfers SD to the mode when the card doesn't respond to CMD26 to Error.
Title: Re: Some success with writeCID
Post by: Arduinux on Jan 11, 2016, 11:46 pm
Hi Alexel,
sadly no new news for now.
Anyway, what do you mean by writing that you have found that CMD60 on SiliconMotion controlers transfers SD to the mode when the card doesn't respond to CMD26 to Error?
Thanks.
 
AR
Title: Re: Some success with writeCID
Post by: DavidLE on Jan 12, 2016, 09:14 am
Seems like you guys are on right path :)
I can share limited info thru PM

Thanks
Title: Re: Some success with writeCID
Post by: Arduinux on Jan 12, 2016, 10:56 pm
Hi DavidLE,
thank you for your kind support.
Honestly though, I can't see why for you it's not possible to provide informations here while instead it is possible thrugh PM.
Anyway meanwhile, if you want, you could start by answering the questions that I have made about the manufacturer, model, original CID and CSD of the cards you've modified successfully or at least confirm or deny that your statements are based on something like this old document here:
 
http://tinyurl.com/lncst9c
 
Thanks in advance!
 
AR
Title: Re: Some success with writeCID
Post by: yyzyyz on Feb 09, 2016, 06:38 pm
Hi guys, just wondering if any progress has been made on this... It looks like we have a lot of information to work with, but unfortunately, don't know which cards to target :(

Somebody has news about change of CID?
I found that CMD60 on SiliconMotion controlers transfers SD to the mode when the card doesn't respond to CMD26 to Error.
Can you please elaborate on what argument did you use for the first command? Also, what brand of SDHC cards use this controller?

Thanks.
Title: Re: Some success with writeCID
Post by: Arduinux on Feb 11, 2016, 09:27 pm
Hi yyzyyz,

Hi guys, just wondering if any progress has been made on this... It looks like we have a lot of information to work with, but unfortunately, don't know which cards to target :(
That would be telling.
It's a secret!
Ok, I'm just kidding, apologize me.
I agree, you are right.
Actually it doesn't need anything else than to know what are the right cards because only those make the difference doing the trick.
Meanwhile I have purchased some cards from China, we'll see if those are the right ones or no.

Can you please elaborate on what argument did you use for the first command? Also, what brand of SDHC cards use this controller?
Not just talking about SiliconMotion controllers, not only CMD60 has that behaviour, even other have it.
Some cards have it,  some don't.
In my opinion it isn't much a matter of controller type but rather of the kind of card.
Alexel didn't respond to my request for clarification, though.
So honestly I don't know exactly what he meant, sorry.

However for any doubt you can try with a PM, maybe you'll get the solution.

AR
Title: Re: Some success with writeCID
Post by: yyzyyz on Feb 13, 2016, 08:05 pm
I think it totally depends on the controller and the firmware running on it and as DavidLE has also mentioned, it's unique to each controller type. So what works on an SMI controller might not work on a Micron controller, for example. Although Alexel provided a good lead on the Silicon Motion controllers, he did not care to mention which card he was testing with. Similarly, DavidLE hasn't mentioned which brand of cards and specific controllers did he succeed with. I've sent them both a PM for more details but they haven't responded yet. Unfortunately, there's no easy way (that I know of) to determine which cards employ which controller by just interacting with the card firmware. I hope you have better luck with the Chinese cards; please do let us know how it goes.
Title: Re: Some success with writeCID
Post by: Arduinux on Feb 14, 2016, 06:31 pm
Hi yyzyyz,
I think it totally depends on the controller and the firmware running on it and as DavidLE has also mentioned, it's unique to each controller type. So what works on an SMI controller might not work on a Micron controller, for example.
I don't think so.
Surely controller do its part but it acts based on what it is programmed for.
OK, the firmware is unique among the controllers so it isn't simple to put it on different ones, but even talking about a single type of cards it's possible find them able to do things that on other with the same controller are programmed different so them don't work the same way.
In my experience I handled some card which had the same controller for sure having I ripped them for looking inside, but totally them didn't behave in the same manner.
You need to keep in mind that cards, even with the same controller, can be purposely programmed different for specific purposes.
The controller may be unique, the firmware inside it no.
There are too many different types and kind of cards.
 
Although Alexel provided a good lead on the Silicon Motion controllers, he did not care to mention which card he was testing with. Similarly, DavidLE hasn't mentioned which brand of cards and specific controllers did he succeed with. I've sent them both a PM for more details but they haven't responded yet.
For me, based on what I just wrote above, the content of CID and CSD and possibly a few other registers, is sufficient to identify the right cards.
I saw many cards, even industrial version, which were the same type and model with the same brand and from the same manufacturer but parts inside were different although the cards were fully interchangeable among them.
Anyone can easily verify by self simply buying a little amount of cards and quering or even ripping them.
This is why I don't trust only on the controller.
DavidLE and Alexel approach is good, exactly like that in the document I provided.
Anyway my purposes may be different from those of others and this could influence the kind of the approach.
For instance I don't need to find a way so that I'm in the position to change the CID in all card over the whole world.
For my purpose it's enough find even one single piece where I can do the job.
No matter even the type of card, if MMC or SD or fake or counterfeit or unreliable to keep data, or so, it doesn't important for me.
That is.
However I hope that David and Alexiel sooner or later reply at you.
 
Unfortunately, there's no easy way (that I know of) to determine which cards employ which controller by just interacting with the card firmware. I hope you have better luck with the Chinese cards; please do let us know how it goes.
In the past I've contacted some manufacturer by asking for that kind of cards and they answered at me that they can provide them for sure.
The fact is that they always ask for a bunch of cards to be purchased and never they provide exactly specifications or the content of CID and CSD neither the opportunity to evaluate their products simply by purchasing few piece.
I'm talking of Chinese manufacturer/dealer/retailers.
Please pay attention that I am not blaming or accusing anyone, simply that is their way to run the business and customers must to accept it.
I think that people who live in Asia have an advantage in this type of search.
 
AR
Title: Re: Some success with writeCID
Post by: Arduinux on Feb 18, 2016, 08:54 pm
I found that CMD60 on SiliconMotion controlers transfers SD to the mode when the card doesn't respond to CMD26 to Error.
Hi Alexel,
ok that's valid for Siliconmotion but exacly what type?
As I have already written there are a bunch of Siliconmotion's controllers.
For instance here you go the SM261A's behavior.

Siliconmotion SM261A (card=MMC, MDT=July 2004 / MultiMediaCard Protocol Version=6.00):

CMD60 = card is locked [R2]
CMD61 = illegal command [R1]
CMD62 = illegal command [R1]
CMD63 = illegal command [R1]

Then that it isn't only a matter of brand of the controller.
Here it follows the behavior of two other types of controllers.

ITE IT-1232A-53E (card=SD, MDT=April 2015 / Physical Layer Specification Version Number=2.00):

CMD60 = illegal command [R1]
CMD61 = illegal command [R1]
CMD62 = illegal command [R1]
CMD63 = illegal command [R1]

Unknow controller (card=SD, MDT=September 2013 / Physical Layer Specification Version Number=3.0X):

CMD60 = accepted [R2]
CMD61 = accepted [R1]
CMD62 = illegal command [R1]
CMD63 = illegal command [R1]

AR
Title: Re: Some success with writeCID
Post by: Mangraviti on Mar 02, 2016, 10:48 pm
I am going to be honest.

I broke my leg badly on a motorbike accident back in August 2015 and I am still recovering from the fracture.

There is a device called Exogen Bone Healing System, made by Bioventis.

This device is a ultrasound device that emmits ultrasound waves into the bones, making the recovery consideraly faster.

One problem, though: this thing costs 5 thousand US Dollars. It's beyound my financial possibilities. And it's getting even more distant as I haven't worked since August 2015 and I have literally no income at the moment.

This Exogen system has a mainboard with a Microchip PIC16C926. There's also a 32kx8 EEPROM and a diagnostic jack socket. According to my reading out there, the micro doesn't have non-volatile storage.

This device works 150 times, then it stops working. I have purchased a second hand device on eBay, which was a rip off as the seller sent it without an SD card, which apparently holds some information that allows the device to work. I have managed to get a second device for free with Bioventis, which came with the SD card and is working but I still have the second hand one, which doesn't work. The story with Bioventis was a nightmare and I had to threaten them a lot (legally speaking) in order to get a replacement. They said they were going to send me just the SD card but they ended up sending the whole thing.

Unsoldering the battery and soldering it back on makes the device reset and work again but as I have two devices and one SD card (and I have two fractures) I can't get it to work. I tried many cloning tools, even Linux's dd comand, HDD raw copy and a million other softwares without luck.

So I was hoping someone could help. It is already known that the device can be reset by simply removing the battery and soldering it back on and I really, really need this to work. I can't afford 5K being out of work without any income.

Would anyone be interested in helping? I plan to reset this machine and donate it to someone else who needs it when I'm back to normal... This Pharmaceutical industry really makes me sick. How can they charge so much for something that would get people to walk again?

If anyone is interested, this is a guy who posted a little "overview" of the Exogen:

http://jschneider.net/Exogen4000.html
Title: Re: Some success with writeCID
Post by: legno75 on Jul 18, 2016, 02:39 pm
Someone managed to change the CID ?
Title: Re: Some success with writeCID
Post by: DavidLE on Aug 11, 2016, 03:32 am
I Successfully did. Took me few months of hard work.

Someone managed to change the CID ?
Title: Re: Some success with writeCID
Post by: orsothebear on Aug 19, 2016, 09:33 pm
Please people, don't buy it!
Despite claims of someone here in the forum, arduino can't do the thing otherwise those same users would have already explained how.
Until now they didn't that push me to guess that people who claim to be able to do it having taken few months of hard work or things like that, they are hiding business intentions.
No way.
People who know wouldn't stay silent as for all other matters discussed here in the forum or elsewhere.
All them only claim to have succeeded but never they provide a single clue they are in the position to do the thing really.
Now me too I claim I can do it, anyone can and I'll prove it.
Simply over all the world are sellers who provide personalized cards, you don't need neither to do it yourself or rely on someone in the forum who runs his own business, just buy cards there from them.
Easy!
Why are you in the need to do the thing by yourself with an arduino or let do it someone else that you don't even know who he is and if he can really succeed?
Why are you in the need to send your cards at strangers and maybe even your money so that the same unknown can carry out the thing with don't know what results?
Those who claim to have succeeded on their own words they wrote that they couldn't do the thing on all cards on the market, so be careful!
Special kind of cards or not, don't waste your time and money, simply contact any seller you want and buy the cards you need from them who can for sure provide what you are looking for.
They can do the thing really, they don't use arduino in order to try it but more sofisticated devices, it's their business and at least you know in advance who they are, where they live and how much it is as cost.
Someone of them even provide samples in the need, so you can verify if they can or can't do the thing.
Please trust me, this is the better way.
Maybe even who claim to be able to do the thing actually let do the job at the sellers that I wrote putting as gain some additional expenses as for his own personal profit.
Educational purpose, arduino and all you want are important and good so no problem if someone want to reach the thing by himself, but please don't waste your time and money.
If even a single person who can do the thing really exist, be sure that he would have already explained how to do or at least clarified the issue, doesn't staying silent or even worse going turn around the thing in order to provide more doubts!
Title: Re: Some success with writeCID
Post by: legno75 on Aug 30, 2016, 09:00 am
I changed the cid by PC (not arduino). I found source code from https://github.com/raburton/evoplus_cid and I compiled on Linux Ubuntu. This code is only for sd Samsung evolve plus 32Gb.
My pc have a sd-reader not usb.
On this video you can see how to do.
https://youtu.be/mRSprQBsQ6w

With some modifications maybe you can modify to Arduino.
Title: Re: Some success with writeCID
Post by: mikrotron on Jun 05, 2017, 01:19 pm
After many hours of reading and testing i managed to wire an SD-Reader with an Nano and was able to read CID information from SD-Cards using default Arduino SD lib. Calling the "readCID()" sub of the lib did the trick. The struct given as paramter is filled with all necessary information. Iterating through the struct with a byte-casted pointer will give me raw data of CID. I've crawled through the lib sources and found that CMD10 is issued therefore, which seems correct.

Now, at this point i'd like to write CID to an other SD. How is it done in general? As menetioned here, the SD must be put into firmware-mode, which means that the manufacturer is able to firstly program and to lately update the firmware of the containing microcontroller of the card.

I'm pretty shure that this task is different for every manufacturer. Somebody had managed to get this information for Samsung Evo cards (looked through the sources, this is heavy stuff, no something to guess or bruteforce), so this seems the only chance for now?

But when i had this type of card, what should i do to programm it? Could i simply send CMD26 with the structdata read from the other card? So maybe through a second SD-Slot with different CS?
Title: Re: Some success with writeCID
Post by: modimo on Nov 18, 2017, 04:57 pm
Since recently there is a method of spoofing CID on the fly. There is this uSD to SD adapter that replaces the CID on the fly. It is available at spoofcid.co
Title: Re: Some success with writeCID
Post by: JeezyWonder on Feb 14, 2018, 08:48 am
I have a chinease cards that allows me to send cmd26, i send it , then get respond then send 16 byte cid thourgh data pin, card answers success, but  cid didnt change.  I doing it by CD MODE. So i think im missing some commands.  According to the guys who changed cid in SAMSUNG EVOS cards, they do:
cmd62 0xEFAC62EC (enter vendor mode)
cmd62 0xEF50 (unlock the backdoor)
cmd17 0x00 (confirm Smart Report after reading Sector 1 at Address 0)
cmd26 0x00 0xFE [16bytes NEW CID] (WRITE_CID+single block write start TOKEN+16byte NEW CID)
cmd62 0x00DECCEE (exit vendor mode)

But i dont know, my card doesnt answer on cmd62 also the message seems strange, all cmds in SD card should be 6 bytes, and here its 5 or 2 bytes send.
Title: Re: Some success with writeCID
Post by: nm79 on Mar 10, 2018, 08:36 pm
I have a chinease cards that allows me to send cmd26, i send it , then get respond then send 16 byte cid thourgh data pin, card answers success, but  cid didnt change.  I doing it by CD MODE. So i think im missing some commands.  According to the guys who changed cid in SAMSUNG EVOS cards, they do:
cmd62 0xEFAC62EC (enter vendor mode)
cmd62 0xEF50 (unlock the backdoor)
cmd17 0x00 (confirm Smart Report after reading Sector 1 at Address 0)
cmd26 0x00 0xFE [16bytes NEW CID] (WRITE_CID+single block write start TOKEN+16byte NEW CID)
cmd62 0x00DECCEE (exit vendor mode)

But i dont know, my card doesnt answer on cmd62 also the message seems strange, all cmds in SD card should be 6 bytes, and here its 5 or 2 bytes send.
Hi,

Can you tell me what type of chinese card are you using?
Where did you bought them?
I would like to buy some card to test them too....

Title: Re: Some success with writeCID
Post by: JeezyWonder on May 03, 2018, 06:50 am
FInally guys after few month, i found a company that selling writeble cid sd cards, but their are sellling them only with the device which can write cid. , if you wants some contact me on pm here or mail me -  jeezywoods@gmail.com
Title: Re: Some success with writeCID
Post by: J_3 on May 25, 2018, 12:47 pm
Hello folks, I'm working hard to make this work:

cmd62 0xEFAC62EC (enter vendor mode)
cmd62 0xEF50 (unlock the backdoor)
cmd17 0x00 (confirm Smart Report after reading Sector 1 at Address 0)
cmd26 0x00 0xFE [16bytes NEW CID] (WRITE_CID+single block write start TOKEN+16byte NEW CID)
cmd62 0x00DECCEE (exit vendor mode)

but no joy, it doesn't work for me.  :(
I have the right cards, I'm sure because with this https://github.com/raburton/evoplus_cid I'm able to change the cid on them all, where am I wrong?
Maybe there is a some sort of typo somewhere in the commands' sequence written by JeezyWonder.
Is there anyone who tried those commands with Arduino, mine is a MEGA 2560, and can confirm that it works?
Cards I own allows answer on cmd62 but then the thing abort with error 04hex (illegal command) while performing cmd26.   >:( 
Title: Re: Some success with writeCID
Post by: JeezyWonder on Jun 14, 2018, 09:53 am
Hello folks, I'm working hard to make this work:

cmd62 0xEFAC62EC (enter vendor mode)
cmd62 0xEF50 (unlock the backdoor)
cmd17 0x00 (confirm Smart Report after reading Sector 1 at Address 0)
cmd26 0x00 0xFE [16bytes NEW CID] (WRITE_CID+single block write start TOKEN+16byte NEW CID)
cmd62 0x00DECCEE (exit vendor mode)

but no joy, it doesn't work for me.  :(
I have the right cards, I'm sure because with this https://github.com/raburton/evoplus_cid I'm able to change the cid on them all, where am I wrong?
Maybe there is a some sort of typo somewhere in the commands' sequence written by JeezyWonder.
Is there anyone who tried those commands with Arduino, mine is a MEGA 2560, and can confirm that it works?
Cards I own allows answer on cmd62 but then the thing abort with error 04hex (illegal command) while performing cmd26.   >:( 
Contact me through PM, bro
Title: Re: Some success with writeCID
Post by: orsothebear on Sep 21, 2018, 11:45 am
I doubt that arduino can do the job, but this would seem to partially succeed on it: https://www.youtube.com/watch?v=ZAe61GZ-52Y (https://www.youtube.com/watch?v=ZAe61GZ-52Y)
If it's not a joke and it really works, the whole thing can check if the card under test allows the back door or not.
This is interesting because it means that with small changes it would be possible to automate the modification of the cid.
I don't want to be a devil's advocate, but I think it's actually a hoax and it will not work.
Ok this is an arm cortex m3 @72MHz, not a uno or mega, but in my opinion the back door is only usable via sd mode, not spi, and the sd mode protocol in addition to not being documented requires the payment of royalties for its use, it isn't free and documented as the well-known protocol spi.
It's not just a matter of hardware capability, if it supports the sd mode protocol or not, it's that even if the target could be reached then the code couldn't be freely distributed.
For this reason I believe that in reality the thing will not work as shown in the video, but even if it weren't so, the code could not be easily distributed due to the issue of royalties.
I repeat, educational purpose, arduino and all you want are important and good so no problem if someone want to reach the thing by himself, but please don't waste your time and money.
If even a single person who can do the thing really exist, be sure that he would have already explained how to do or at least clarified the issue, doesn't staying silent or even worse going turn around the thing in order to provide more doubts!
Title: Re: Some success with writeCID
Post by: zoomx on Sep 21, 2018, 05:06 pm
but in my opinion the back door is only usable via sd mode, not spi, and the sd mode protocol in addition to not being documented requires the payment of royalties for its use, it isn't free and documented as the well-known protocol spi.
If you're talking about sdio mode, it is supported by the sdfat library and it works on Teensy.
Title: Re: Some success with writeCID
Post by: orsothebear on Sep 21, 2018, 09:39 pm
If you're talking about sdio mode, it is supported by the sdfat library and it works on Teensy.
I'm not talking about sdio, I'm talking about sd mode.
sdio isn't sd mode at all, sdio requires special cards: https://tinyurl.com/ybh9vqv6 (https://tinyurl.com/ybh9vqv6)
Moreover the sd mode protocol requires the payment of royalties to be used, it isn't free.
Title: Re: Some success with writeCID
Post by: zoomx on Sep 22, 2018, 11:54 am
I'm not talking about sdio, I'm talking about sd mode.
sdio isn't sd mode at all, sdio requires special cards: https://tinyurl.com/ybh9vqv6 (https://tinyurl.com/ybh9vqv6)
Moreover the sd mode protocol requires the payment of royalties to be used, it isn't free.
According to this
https://electronics.stackexchange.com/questions/124234/difference-between-1-bit-4-bit-and-8-bit-sdio (https://electronics.stackexchange.com/questions/124234/difference-between-1-bit-4-bit-and-8-bit-sdio)
they are the same.

Have you a web page or document that explain this sd mode?
Title: Re: Some success with writeCID
Post by: orsothebear on Sep 22, 2018, 02:14 pm
According to this
https://electronics.stackexchange.com/questions/124234/difference-between-1-bit-4-bit-and-8-bit-sdio (https://electronics.stackexchange.com/questions/124234/difference-between-1-bit-4-bit-and-8-bit-sdio)
they are the same.
From the link you wrote: "...SD mode (sometimes incorrectly called SDIO)..."
Please read the free documentation I linked, there it's clearly indicated that sd mode and sdio are not the same thing.
All the specifications related to that type of products are decided by the sd association (sdca), nobody else, you can trust their documents: sd mode and sdio are two totally different things.



Have you a web page or document that explain this sd mode?
As I already wrote the documentation about sd mode isn't widespread because it's available only to members of the sdca (https://www.sdcard.org (https://www.sdcard.org)).
You must be a member of them to use all the information you want, obviously paying, it's implied.
Only a very small amount of documents in circulation are in the public domain, the remaining part (the most important ones) is paid service for members of the sdca, not free for everyone.
Once one person pays for the information it will be difficult that him want to divulge the content for any reason (free or paid), also because this would entail violation of the terms of the contract signed for the membership and among other things, to use that confidential information it's necessary to pay royalties.
Talking about mmc cards, that it's in topic here since already someone mentions it in this thread, it all depends on jedec-mmca (https://www.jedec.org (https://www.jedec.org)) and even there you have to pay and be a member to access the information whose use will be restricted by the stipulated contractual conditions exactly as in the case of the sdca.

Title: Re: Some success with writeCID
Post by: xArt on Feb 01, 2019, 01:25 pm
To read the CID register of any SD card with any microcontroller, you only need to duplicate the function that reads the CSD register, and receives it's reply (just change the command that is sent).
Every SD card library must read the CSD register to use a card at all.

I have rewritten the CID register of many of the older Samsung card with the Evoplus_cid program already mentioned.
This requires the computer has an SD card reader built in (not a USB reader that filters some commands).

The same process over an SPI interface does not work. The card never enters vendor mode.
Title: Re: Some success with writeCID
Post by: J_3 on Feb 03, 2019, 05:11 pm
Hello xArt, what you wrote is very interesting.
Reading the cid is a trivial thing that doesn't involve any problem at all, the really hard thing is to rewrite it.
Me too I was able to change the cid of some samsung card using evoplus_cid and I have read that someone has succeeded with a Blue Pill-ATM32 that I don't think is very different from an Arduino.
You wrote that the same process over an spi interface doesn't work so the card never enters vendor mode, ok, but can you say exactly which commands are sent for everything to work?
If you know the commands to be used I would ask you to state them.
Regardless of whether commands should be issued in sd-mode or spi, I thought they were these:

cmd62 0xEFAC62EC (enter vendor mode)
cmd62 0xEF50 (unlock the backdoor)
cmd17 0x00 (confirm Smart Report after reading Sector 1 at Address 0)
cmd26 0x00 0xFE [16bytes NEW CID] (WRITE_CID+single block write start TOKEN+16byte NEW CID)
cmd62 0x00DECCEE (exit vendor mode)

In my opinion it would be important to know the exact sequence of commands issued by evoplus_cid, so it would be useful to extract it from the source code and post it here.
That should clarify things enough.
Unfortunately I'm not able to unpack the code from myself, It's obfuscate to me.
I asked to the author of evoplus_cid but he didn't answer me.
Title: Re: Some success with writeCID
Post by: xArt on Feb 05, 2019, 04:13 pm
Hi, I can hardly believe you could get a compiled version for Linux.
It's posted on Github here: https://github.com/raburton/evoplus_cid

I just duplicated that source using Microchip's MDDFS library (for USB keys & SD Cards).
I used the same SD card for both platforms, so can verify evoplus_cid for Linux worked ok.

I don't expect any problem with any platform ->reading<- the CID.

Evoplus_cid bails for any command leading up to CMD26 that doesn't give an expected reply.
Just like that program, I didn't push it any further.
CMD26 is never sent if the card doesn't reply properly to the vendor mode command.
Over an SPI interface, it doesn't.
Title: Re: Some success with writeCID
Post by: J_3 on Feb 05, 2019, 08:08 pm
Hello xArt.

Hi, I can hardly believe you could get a compiled version for Linux.
It's posted on Github here: https://github.com/raburton/evoplus_cid

I just duplicated that source using Microchip's MDDFS library (for USB keys & SD Cards).
I used the same SD card for both platforms, so can verify evoplus_cid for Linux worked ok.

I don't expect any problem with any platform ->reading<- the CID.

Really I don't understand exactly what you have just written above.
I have evoplus_cid working on linux and android and I'm pretty sure I'm not the only one.
What do you mean?
And surely there can be no problem reading the cid with linux, android or anything else.

Evoplus_cid bails for any command leading up to CMD26 that doesn't give an expected reply.
Just like that program, I didn't push it any further.
CMD26 is never sent if the card doesn't reply properly to the vendor mode command.
Over an SPI interface, it doesn't.

Being a backdoor it works just like you wrote, of course, but it isn't true that in SPI it doesn't work.
Executing a cmd26 directly on the card while in SPI mode, then error 0x04 (illegal command) is issued, while always in SPI mode executing cmd62 0xEFAC62EC cmd62 0xEF50 cmd26 there is no error at all.
So it works.
The sequence cmd62 0xEFAC62EC cmd62 0xEF50 cmd26 can be used to check if the card supports the back door or not.
No errors it does, some error, generally 0x04 (illegal command), it doesn't, rather easy.
Title: Re: Some success with writeCID
Post by: xArt on Feb 06, 2019, 04:40 pm
Quote
In my opinion it would be important to know the exact sequence of commands issued by evoplus_cid, so it would be useful to extract it from the source code and post it here.
I was replying to this.
It's easy to know what evoplus_cid does because source is available,
and I don't know of any distributions available that don't include source.

If you say the card replies to the vendor command properly, I'll have to try again.
I at least know the SPI and card library work well because I've implemented other commands
and used the library for a couple of years now.