On-line Firmware Updating and Fingerprint Generating for Solid State Disks.

Virus and Rootkit may modify hard disk’s firmware to hide itself, while the traditional security software is not able to detect the modification of hard disk’s firmware. This paper relies on a USB analyzer to collect the protocol communication data of the JMUtility tool for a Solid State Disk, then unveils its internal protocol interface to dump the RAM content via the USB-SATA interface, and the firmware code is located in the RAM. By reverse engineering the firmware code, the protocol of writing to the RAM is also inferred to enable the modification of firmware code to change the device identification data. Meanwhile, the tool Firmware Extractor is developed to dump the firmware code for a specific Solid State Disk, and the possibility of on-line updating firmware and generating fingerprint is validated.