WO2017097168A1 - 闪存芯片物理镜像后的数据解密方法 - Google Patents
闪存芯片物理镜像后的数据解密方法 Download PDFInfo
- Publication number
- WO2017097168A1 WO2017097168A1 PCT/CN2016/108501 CN2016108501W WO2017097168A1 WO 2017097168 A1 WO2017097168 A1 WO 2017097168A1 CN 2016108501 W CN2016108501 W CN 2016108501W WO 2017097168 A1 WO2017097168 A1 WO 2017097168A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- data
- key
- page
- chip
- physical
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
- G06F12/1416—Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights
- G06F12/1425—Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights the protection being physical, e.g. cell, word, block
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/02—Addressing or allocation; Relocation
- G06F12/0223—User address space allocation, e.g. contiguous or non contiguous base addressing
- G06F12/023—Free address space management
- G06F12/0238—Memory management in non-volatile memory, e.g. resistive RAM or ferroelectric memory
- G06F12/0246—Memory management in non-volatile memory, e.g. resistive RAM or ferroelectric memory in block erasable memory, e.g. flash memory
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
- G06F12/1408—Protection against unauthorised use of memory or access to memory by using cryptography
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/16—Protection against loss of memory contents
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/572—Secure firmware programming, e.g. of basic input output system [BIOS]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
- G06F21/80—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in storage media based on magnetic or optical technology, e.g. disks with sectors
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/30—Arrangements for executing machine instructions, e.g. instruction decode
- G06F9/30003—Arrangements for executing specific machine instructions
- G06F9/30007—Arrangements for executing specific machine instructions to perform operations on data operands
- G06F9/30029—Logical and Boolean instructions, e.g. XOR, NOT
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
- H04L9/0897—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
Definitions
- the invention belongs to the technical field of data recovery, and particularly relates to a data decryption method after physical mirroring of a flash memory chip.
- Flash memory chips are a new class of storage carriers that are widely used. However, due to the speciality and life limit of its storage principle, the probability of flash failure is doubled compared to the hard disk. Once a failure occurs, the data stored in it cannot be read.
- the reasons for the unreadable user data can be divided into two categories: First, the flash device logically damaged, generally the flash device can be recognized by the operating system when it is normally connected, but the user data cannot be accessed through the standard way of the operating system. In this case, some simple logic layer data recovery tools can be used to recover the data. Second, the flash device is physically damaged. This may be due to damage to the components of the flash device, such as the main control, crystal oscillator, interface, and PCB board. The data in the flash chip can be solved by replacing the same accessory. Another serious fault is that the firmware in the master chip or flash chip is lost, which makes it impossible to read the data in the flash chip. Logical damage is more common. In order to recover the inability to read data caused by such failures, the flash chip needs to be removed from the PCB for data reading and recovery.
- the data of the U disk is the data (logical data) mapped by the master control algorithm, and the data (physical data) of the chip is encrypted and has no order. Therefore, the data cannot be directly read after the physical image is extracted. To take its content, we need to decrypt the algorithm first. However, with the development of the times, the capacity of the U disk is getting larger and larger, and the encryption method is more and more complicated. The common encryption methods (reverse bit, exchange, etc.) have been It rarely appears, which brings a lot of inconvenience to the recovery of data and the forensic work of the public security law.
- the present invention provides a data decryption method after physical mirroring of a flash memory chip according to the deficiencies of the prior art, and can effectively solve the problem that data extracted from the flash memory chip cannot be directly read when the USB disk is damaged.
- a data decryption method after physical mirroring of a flash memory chip includes the following steps:
- 001 comprises the following steps:
- 103 comprises the following steps:
- 002 comprises the following steps:
- the master model of the USB flash drive is SSS6691
- the flash memory model is TC58NVG5D2FTAIO
- the page size is 8832 bytes
- the 256-block 4G chip is included.
- the page structure of the chip is (1024+46)*8+272, which means that there are 46 bytes of management bytes after every 1024 bytes of user data in one page, and 272 bytes of management at the end of the page. byte.
- the algorithm for parsing the master key is as follows:
- the basic key of each page is 1 byte shifted to the left of the previous basic key, and then a byte is added at the end;
- the 203-blocks are encrypted in the same way, that is, the keys in each block are the same.
- the beneficial effects of the present invention are as follows:
- the present invention finds a way of data storage through multiple experiments: the data stored on the chip is the data after the logical data is XORed with the key generated by the encryption algorithm; In the zero way, all the keys generated by the master are obtained, and a simple analysis of all the keys can be used to obtain the encryption method. Furthermore, it is possible to read data extracted from the flash memory chip when the USB flash drive is damaged, which brings convenience for the data recovery and the forensic work of the public security law.
- Figure 1 is a schematic diagram of the main flow chart
- Figure 2 shows a detailed flow chart of the chip data
- Figure 3 shows a detailed flow chart of reading physical data
- Figure 4 shows a detailed flow chart of the key
- Figure 5 is a flow chart of algorithm analysis.
- Data is read in units of pages, erased in units of blocks (one block consists of multiple pages), and writes are divided into new cases of writing and rewriting.
- the new write can be directly written by assigning a free block; for the case of overwriting, the first step is to erase and write, and the following steps are required: (1) marking the old data block as an invalid block; (2) allocating the free block. , write new data, re-address mapping; (3) initiate erase operation to erase data if the number of free blocks is below a certain threshold; (4) valid data to be merged in the erase algorithm, start equalization write Manage to erase and free up free blocks.
- the flash device uses balanced write technology (also known as average write technology) to manage the number of erases and writes of the block, that is, each guarantee The number of writes of the blocks is as uniform as possible, so that the service life of the block reaches the limit, so there will be a random write situation when writing, so the corresponding management byte is written when the data (page) is written.
- balanced write technology also known as average write technology
- Embodiment A data decryption method after physical mirroring of a flash memory chip.
- the main control model of the U disk used in this embodiment is SSS6691
- the flash memory model is TC58NVG5D2FTAIO
- the page size is 8832 bytes
- the 256 pieces of 4G Toshiba chips are included. .
- the key is obtained by removing the management byte in the physical data.
- the I/O port sends a read operation instruction (0x00 or 0x01), telling the chip that it is going to perform a read operation;
- the chip enable signal CE is valid
- the address enable signal ALE is valid
- the write signal WE remains valid
- four address cycles are continuously transmitted.
- the R/B signal will remain "busy” for a period of time. Thereafter R/B becomes ready;
- the page structure of the chip is (1024+46)*8+272, which means that there are 46 bytes of management words after every 1024 bytes of user data in one page. Section, there are 272 bytes of management bytes at the end of the page;
- the keys of the first section of the first page are: 0x80, 0x9e, 0x9c, 0x3c (for example, the first 4 bytes are intercepted), and the secret of the second section is
- the keys are 0x01, 0x3d, 0x39, 0x78
- the basic key of each page is 0x80, 0x9e, 0x9c, 0x3c; the basic key of the second page is 0x9e, 0x9c, 0x3c, 0x25, In the future, the basic key of each page is shifted to the left by 1 byte from the previous basic key, and then a byte is added at the end;
- the 203-blocks are encrypted in the same way, that is, the keys in each block are the same.
- the key is a 1024-byte master key and a 255-byte supplemental key.
- the encryption method is: the basic key of the nth page is the data generated by the left key (n-1) byte of the main key, and the key of the nth section of the page is the left key of the current page (n-1). ) The key generated after the bit.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
一种闪存芯片物理镜像后的数据解密方法,属于数据恢复领域,包括如下步骤:001-将U盘的逻辑数据填零后得到物理数据,去掉物理数据中的管理字节即得到密钥;002-按照闪存芯片的结构对密钥进行区域划分,解析出主控密钥的算法。有益效果如下:通过多次的实验发现了数据存储的方式:存储在芯片上的数据是逻辑数据与通过加密算法产生的密钥进行异或操作后的数据;通过逻辑数据填零的方式得到主控产生的所有密钥,对所有的密钥进行简单的分析即可得出其加密方式。进而能够读取U盘损坏时从闪存芯片提取出的数据,为数据恢复与公检法的取证工作开展带来了便利之处。
Description
本发明属于数据恢复技术领域,具体涉及一种闪存芯片物理镜像后的数据解密方法。
高度信息化时代的今天,数据的重要性在人们的生活中越来越多的得到了体现。数据安全已经成为人们在生活和工作中不得不面对的一个现实问题,随着科学技术的飞速发展,存储介质也逐渐从以前主要的硬盘磁性介质存储转变为多样化存储。闪存芯片就是其中应用比较广泛的一类新生存储载体。但由于其存储原理的特殊性和寿命限制,相比硬盘来说,闪存产生故障的几率也成倍的增加,一旦发生故障,保存在其中的数据将无法读出。
造成用户数据不可读取的原因可以分为两类:一是闪存设备逻辑损坏,一般是闪存设备在正常连接时,可以被操作系统识别,但是通过操作系统的标准方式不可以访问用户数据。这种情况下可以使用一些简单的逻辑层数据恢复工具来恢复数据;二是闪存设备物理损坏,这可能是由于闪存设备的主控、晶振、接口、PCB板等组成部件损坏,导致无法读取闪存芯片中的数据,这时可以通过更换相同的配件来解决;还有一类比较严重的故障是主控芯片或闪存芯片中的固件丢失,导致无法读取闪存芯片中的数据,这类损坏比逻辑损坏更普遍,为了恢复这类故障导致的无法读出数据的情况,需要将闪存芯片从PCB板上取下进行数据读取和恢复。
U盘的数据是通过主控算法映射的数据(逻辑数据),而芯片上的数据(物理数据)是加密的、没有顺序的。因此对于物理镜像后的数据提取后不能直接读
取其内容,需要先进行算法的解密,然而随着时代的发展,U盘的容量越来越大,加密的方式也就越来越复杂,常见的加密方式(反转位、交换等)已经很少出现,这为数据的恢复与公检法的取证工作带来了诸多不便之处。
发明发明内容
本发明针对现有技术的不足,提供了一种闪存芯片物理镜像后的数据解密方法,能够有效解决U盘损坏时从闪存芯片提取出的数据无法直接读取的问题。
为解决以上问题,本发明采用的技术方案如下:一种闪存芯片物理镜像后的数据解密方法,包括以下步骤:
001-将U盘的逻辑数据填零后得到物理数据,去掉物理数据中的管理字节即得到密钥;
002-按照闪存芯片的结构对密钥进行区域划分,解析出主控密钥的算法。
作为优选,001包括以下步骤:
101-将U盘的逻辑数据全盘清零;
102-将闪存芯片从电路板分离,读取闪存芯片的物理数据;
103-去掉物理数据中的管理字节,此数据即为密钥。
作为优选,103包括以下步骤:
1031-查找芯片的数据表datasheet,解析芯片的页结构;
1032-根据页结构,删除页内管理字节的winhex脚本。
作为优选,002包括以下步骤:
201-判断页内的加密方式;
202-判断块内的加密方式;
203-判断块间的加密方式。
作为优选,U盘的主控型号为SSS6691,闪存型号为TC58NVG5D2FTAIO,页大小为8832字节,包含256个块的4G的芯片。
作为优选,所述芯片的页结构为(1024+46)*8+272,表示在一页中每1024字节用户数据后面有46字节的管理字节,在页尾有272字节的管理字节。
作为优选,解析出主控密钥的算法如下:
201-判断页内每个节区间密钥的关系:以页的第一节区的密钥为基本密钥,那么第n节区的密钥为基本密钥的每个字节循环左移n-1位的结果,其中0<n<=8的整数;
202-判断每页基本密钥间的关系,即块内加密方式;每一页的基本密钥为前一页基本密钥左移1个字节,再在末端补上一个字节;
203-块间的加密方式相同,即每个块内的密钥都相同。
本发明的有益效果如下:本发明通过多次的实验发现了数据存储的方式:存储在芯片上的数据是逻辑数据与通过加密算法产生的密钥进行异或操作后的数据;通过逻辑数据填零的方式得到主控产生的所有密钥,对所有的密钥进行简单的分析即可得出其加密方式。进而能够读取U盘损坏时从闪存芯片提取出的数据,为数据恢复与公检法的取证工作开展带来了便利之处。
图1主流程图示意图;
图2获取芯片数据的详细流程图;
图3读取物理数据的详细流程图;
图4得到密钥详细流程图;
图5为算法分析流程图。
为使本发明的目的、技术方案及优点更加清楚明白,以下参照附图并举实施例,对本发明做进一步详细说明。
原理说明:数据以页为单位进行读,以块为单位进行擦除(一个块由多个页组成),写入分为全新写入和复写两种情况。全新写入直接分配一个空闲块就可以写入;而对于复写的情况要先擦除再写入,需要经过以下几个步骤:(1)标记旧数据块为无效块;(2)分配空闲块,写入新的数据,重新地址映射;(3)如果空闲块数量低于某一阀值时启动擦除操作擦除数据;(4)擦除算法中要合并的有效数据,启动均衡写入管理进行擦除并释放空闲块。因为闪存器件中每个块的擦写次数是有限的,为了延长其使用时间,闪存器件采用了均衡写入技术(也称为平均写入技术)对块的擦写次数进行管理,即保证每个块的写入次数尽量一致,使块的使用寿命达到极限,所以在写入时会呈现出随机写入的情况,因此在写入数据(页)的时候会写入相应的管理字节,包含当前数据的ID和ECC校验码以及用于区分管理区和数据区的标志。
实施例:一种闪存芯片物理镜像后的数据解密方法,本实施例中使用的U盘的主控型号为SSS6691,闪存型号为TC58NVG5D2FTAIO,页大小为8832字节,包含256块的4G的东芝芯片。
001-将U盘的数据填零,由于物理数据是加密后的结果,而物理数据是将逻辑数据与主控产生的密钥进行异或而产生的结果,逻辑数据填零后得到物理数据,去掉物理数据中的管理字节即得到密钥。
002-按照闪存芯片的结构对密钥进行区域划分,解析出主控密钥的算法。
101-将U盘的逻辑数据全盘清零;
102-将闪存芯片从电路板分离,读取闪存芯片的物理数据;
103-去掉物理数据中的管理字节,此数据即为密钥。
1021-在芯片启用信号CE有效的情况下,首先指令启用指令锁存信号CLE,此时写入信号WE有效,芯片处于就绪状态,且R/B信号置高电平,表示准备就绪;同时向I/O端口发送读取操作指令(0x00或0x01),告诉芯片现在要进行的是读操作;
1022-此时芯片启用信号CE有效,地址启用信号ALE有效,写入信号WE保持有效,连续发送4个地址周期,地址寄存器接收到地址值后,R/B信号将维持“忙”一段时间,此后R/B变为就绪状态;
1023-每次读有效信号RE置低有效时,将会输出一组数据,如此往复直到所有数据输出完毕。
1031-查找芯片的数据表datasheet,解析芯片的页结构,该芯片的页结构为(1024+46)*8+272,表示在一页中每1024字节用户数据后面有46字节的管理字节,在页尾有272字节的管理字节;
1032-根据页结构,删除页内管理字节的winhex脚本;
201-判断页内每个节区间密钥的关系:第一页第一节区的密钥为:0x80,0x9e,0x9c,0x3c(截取前4个字节为例),第二节区的密钥为0x01,0x3d,0x39,0x78,第三节区的密钥为0x02,0x7a,0x72,0xf0。发现每一节区的密钥为上一节区的密钥的每个字节循环左移1位的结果,后面的页也是如此。如果以页的第一节区的密钥为基本密钥,那么第n(0<n<=8)节区的密钥为基本密钥的每个字节循环左移n-1位的结果;
202-判断每页基本密钥间的关系,即块内加密方式;第一页的基本密钥为0x80,0x9e,0x9c,0x3c;第二页的基本密钥为0x9e,0x9c,0x3c,0x25,以后每一页的基本密钥为前一页基本密钥左移1个字节,再在末端补上一个字节;
203-块间的加密方式相同,即每个块内的密钥都相同。密钥为1024字节的主密钥和255字节的补充密钥。加密方式为:第n页的基本密钥为主密钥左移(n-1)字节产生的数据,页内第n节区的密钥为当前页的基本密钥左移(n-1)位后产生的密钥。
本领域的普通技术人员将会意识到,这里所述的实施例是为了帮助读者理
解本发明的实施方法,应被理解为本发明的保护范围并不局限于这样的特别陈述和实施例。本领域的普通技术人员可以根据本发明公开的这些技术启示做出各种不脱离本发明实质的其它各种具体变形和组合,这些变形和组合仍然在本发明的保护范围内。
Claims (7)
- 一种闪存芯片物理镜像后的数据解密方法,其特征在于,包括:001-将U盘的逻辑数据填零后得到物理数据,去掉物理数据中的管理字节即得到密钥;002-按照闪存芯片的结构对密钥进行区域划分,解析出主控密钥的算法。
- 根据权利要求1所述的一种闪存芯片物理镜像后的数据解密方法,其特征在于,001包括以下步骤:101-将U盘的逻辑数据全盘清零;102-将闪存芯片从电路板分离,读取闪存芯片的物理数据;103-去掉物理数据中的管理字节,此数据即为密钥。
- 根据权利要求2所述的一种闪存芯片物理镜像后的数据解密方法,其特征在于,103包括以下步骤:1031-查找芯片的数据表datasheet,解析芯片的页结构;1032-根据页结构,删除页内管理字节的winhex脚本。
- 根据权利要求2或3所述的一种闪存芯片物理镜像后的数据解密方法,其特征在于,002包括以下步骤:201-判断页内的加密方式;202-判断块内的加密方式;203-判断块间的加密方式。
- 根据权利要求1所述的一闪存芯片物理镜像后的数据解密方法,其特征在于,U盘的主控型号为SSS6691,闪存型号为TC58NVG5D2FTAIO,页大小为8832字节,包含256个块的4G的芯片。
- 根据权利要求5所述的一闪存芯片物理镜像后的数据解密方法,其特征在于,所述芯片的页结构为(1024+46)*8+272,表示在一页中每1024字节用户 数据后面有46字节的管理字节,在页尾有272字节的管理字节。
- 根据权利要求6所述的一闪存芯片物理镜像后的数据解密方法,其特征在于,解析出主控密钥的算法如下:201-判断页内每个节区间密钥的关系:以页的第一节区的密钥为基本密钥,那么第n节区的密钥为基本密钥的每个字节循环左移n-1位的结果,其中0<n<=8的整数;202-判断每页基本密钥间的关系,即块内加密方式;每一页的基本密钥为前一页基本密钥左移1个字节,再在末端补上一个字节;203-块间的加密方式相同,即每个块内的密钥都相同。
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US15/759,569 US20190155755A1 (en) | 2015-12-07 | 2016-12-05 | A method of data decryption for the physical image of a flash memory chip |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510894347.XA CN106845251A (zh) | 2015-12-07 | 2015-12-07 | 闪存芯片物理镜像后的数据解密方法 |
CN201510894347.X | 2015-12-07 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2017097168A1 true WO2017097168A1 (zh) | 2017-06-15 |
Family
ID=59012573
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2016/108501 WO2017097168A1 (zh) | 2015-12-07 | 2016-12-05 | 闪存芯片物理镜像后的数据解密方法 |
Country Status (3)
Country | Link |
---|---|
US (1) | US20190155755A1 (zh) |
CN (1) | CN106845251A (zh) |
WO (1) | WO2017097168A1 (zh) |
Families Citing this family (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108170382B (zh) * | 2018-02-05 | 2023-12-12 | 力瑞信(深圳)科技有限公司 | 一种固态硬盘及数据读取系统 |
US11288007B2 (en) * | 2019-05-16 | 2022-03-29 | Western Digital Technologies, Inc. | Virtual physical erase of a memory of a data storage device |
CN110457239B (zh) * | 2019-07-31 | 2023-05-02 | 四川效率源信息安全技术股份有限公司 | 一种提取固态硬盘基本密钥的方法 |
CN110443053B (zh) * | 2019-07-31 | 2023-03-14 | 四川效率源信息安全技术股份有限公司 | 一种基于密钥循环表及映射表的密钥生成方法 |
CN110427765B (zh) * | 2019-07-31 | 2023-02-03 | 四川效率源信息安全技术股份有限公司 | 一种生成固态硬盘中用户数据密钥的方法 |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101231622A (zh) * | 2007-12-27 | 2008-07-30 | 深圳华为通信技术有限公司 | 基于闪存的数据存储方法和设备、及数据读取方法和设备 |
CN102254119A (zh) * | 2011-07-15 | 2011-11-23 | 华南理工大学 | 一种基于指纹u盘和虚拟机的安全可移动数据存储方法 |
CN102609368A (zh) * | 2012-01-11 | 2012-07-25 | 记忆科技(深圳)有限公司 | 固态硬盘数据加解密的方法及其固态硬盘 |
CN103544082A (zh) * | 2013-10-28 | 2014-01-29 | 公安部第三研究所 | 基于闪存芯片实现存储设备数据恢复的方法 |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20110029716A1 (en) * | 2009-07-29 | 2011-02-03 | Stec, Inc. | System and method of recovering data in a flash storage system |
-
2015
- 2015-12-07 CN CN201510894347.XA patent/CN106845251A/zh active Pending
-
2016
- 2016-12-05 US US15/759,569 patent/US20190155755A1/en not_active Abandoned
- 2016-12-05 WO PCT/CN2016/108501 patent/WO2017097168A1/zh active Application Filing
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101231622A (zh) * | 2007-12-27 | 2008-07-30 | 深圳华为通信技术有限公司 | 基于闪存的数据存储方法和设备、及数据读取方法和设备 |
CN102254119A (zh) * | 2011-07-15 | 2011-11-23 | 华南理工大学 | 一种基于指纹u盘和虚拟机的安全可移动数据存储方法 |
CN102609368A (zh) * | 2012-01-11 | 2012-07-25 | 记忆科技(深圳)有限公司 | 固态硬盘数据加解密的方法及其固态硬盘 |
CN103544082A (zh) * | 2013-10-28 | 2014-01-29 | 公安部第三研究所 | 基于闪存芯片实现存储设备数据恢复的方法 |
Also Published As
Publication number | Publication date |
---|---|
CN106845251A (zh) | 2017-06-13 |
US20190155755A1 (en) | 2019-05-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2017097168A1 (zh) | 闪存芯片物理镜像后的数据解密方法 | |
US20210271757A1 (en) | Systems and methods for protecting ssds against threats | |
TWI479359B (zh) | 指令執行方法、記憶體控制器與記憶體儲存裝置 | |
US11416417B2 (en) | Method and apparatus to generate zero content over garbage data when encryption parameters are changed | |
CN102073808B (zh) | 一种通过sata接口加密存储的方法和加密卡 | |
US8996933B2 (en) | Memory management method, controller, and storage system | |
JP2010231778A (ja) | 不揮発性メモリに対してデータの読み出しおよび書き込みを行うためのデータホワイトニング | |
DE102012110692A1 (de) | Datenspeichervorrichtung, die eine unterteilte Datei in verschiedenen Speichermedien speichert, sowie Datenverwaltungsverfahren | |
WO2018192488A1 (zh) | 一种nand闪存设备的数据处理方法及装置 | |
TW201337554A (zh) | 程式化記憶胞與資料讀取方法、記憶體控制器與儲存裝置 | |
US10146782B1 (en) | Secure erasure of files by a filesystem | |
CN104160407A (zh) | 利用存储控制器总线接口以确保存储设备和主机之间的数据传输安全 | |
US20180096143A1 (en) | Secure change log for drive analysis | |
TWI479358B (zh) | 資料保護方法、行動通訊裝置與記憶體儲存裝置 | |
Chen et al. | Sanitizing data is not enough! Towards sanitizing structural artifacts in flash media | |
TWI722496B (zh) | 使用者資料的加解密方法及裝置 | |
Ahn et al. | Forensics and anti-forensics of a NAND flash memory: From a copy-back program perspective | |
Kumar | Solid state drive forensics analysis—Challenges and recommendations | |
CN116547664A (zh) | 从存储器装置清除数据 | |
CN203720848U (zh) | 一种基于aes算法的硬盘加密设备 | |
Li et al. | Tasecure: Temperature-aware secure deletion scheme for solid state drives | |
CN104573537A (zh) | 数据处理方法、存储器存储装置与存储器控制电路单元 | |
CN107861892B (zh) | 一种实现数据处理的方法及终端 | |
Suthar et al. | An Approach to Data Recovery from Solid State Drive: Cyber Forensics | |
WO2019007315A1 (zh) | 闪存设备中数据写入的方法及设备 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 16872359 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 16872359 Country of ref document: EP Kind code of ref document: A1 |