How to secure NAND flash ?

pspZorba · Post by **pspZorba** » Wed Feb 27, 2008 2:48 pm

Hi all,

I am writting an homebrew, one of its functionality is to bakcup and restore the nand.
I would like to secure the flash part. I imagine I handled the code ;-/ , but I was wondering what kind of controls I could do on the file to flash to avoid as much as possible bricks and idstorage loss by flashing a wrong file.

The obvious one being the file size, but do you have any other ideas?

Art · Post by **Art** » Wed Feb 27, 2008 8:12 pm

You want to make it so your app knows if the backup file it produced has
been changed or corrupted? Calculate a checksum for it.

One method I've used is start with a byte value like 0x3F, XOR it with the
first byte of the file to get a new value in the checksum byte, XOR that
value with the second byte to get yet another value, then keep going till the
end of the file. The value you have in the checksum byte can be repeated
for reading, or reversed back to the value 0x3F that you began with if the
file wasn't changed. To be more secure you can do it with another checksum
variable, only do it a different way, or use a different start value.

You could append the NAND file with the values, or better still, write it in an accompanying file.
Art.

pspZorba · Post by **pspZorba** » Wed Feb 27, 2008 10:01 pm

Good idea, that way you can know if the file is corrupt or not, I will add it.

Do you think it's possible to do some checks to be sure the dump is the dump of the psp that is about to be flashed ?

Hellcat · Post by **Hellcat** » Wed Feb 27, 2008 10:20 pm

You can add some PSP specific details into the checksum calculation, or make a seperate checksum for that.

Like one of the IDS keys or such.

jean · Post by **jean** » Wed Feb 27, 2008 10:53 pm

Without entering too in detail in a tough argument, the canonical way to implement simple but effective hashes from scratch is :

Code: Select all

   unsigned int startHashCode&#40;&#41;&#123;
        return aSmallNumber;
    &#125;
    
    unsigned int addDataToHashCode&#40;unsigned int data, unsigned int hash&#41; &#123;
        return &#40;aBigNumber * hash + data&#41;;
    &#125;

    // usage example&#58;
    void main&#40;...&#41;&#123;
        unsigned int myHash = startHashCode&#40;&#41;; 
        while&#40;!endOfFile&#41;&#123;
           myData = readDataFromFile&#40;&#41;;
           myHash = addDataToHash&#40;myData, myHash&#41;; 
        &#125;

        // ...use myHash somehow...

    &#125;

being aSmallNumber something between 0 and 10, and aBigNumber something between 10 and 100 (both are fixed at compile-time, and both are better if odd or prime); hash is a number of bits of your choice (the higher, the lower collisions you'll obtain), while data can be of any number of bits supported by cpu...when an operation exceeds type ranges, the result re-raises from 0 following the well known pacman-rule :)
But things can change much... just experiment on a typical file of yours....or -obviously- you can use an already made hash function.

jean

Post by **TyRaNiD** » Thu Feb 28, 2008 4:02 am

The PSP has in built SHA1 hash functions, I recommend using something like that as some simple XOR or checksum is completely unreliable.

pspZorba · Post by **pspZorba** » Thu Feb 28, 2008 5:08 am

Thanks guys for your answers.

so if I have well understood.

1) I apply a first SHA-1 hash function when I dump the NAND (on the whole dump file), I keep this first message digest. when I want to restore the nand I apply the SHA1 fonction on the dump file and compare the two message disgest. if they are equal then the file is not corrupt.

2) I apply a second SHA-1 on some IDS keys, I keep this second message disgest. when I want to restore the NAND, I apply again the SHA-1 to the ID Keys (of the actual NAND), I compare the results if they are the same then this dump is a dump of this PSP.

right ?