[Cryptography] *** SPAM IP *** Re: You can't trust any of your hardware

[Philipp Gühring]

Hi,

It´s actually worse than that:
Most USB sticks (and similar storage devices, the same applies to
SD-cards, ...) contain at least 2 chips: A controller chip (usually a
reverse-engineerable ARM chip) and the actual flash/memory chip. 
There are often several companies involved, one that creates controller
chips, one that creates the flash/memory chips, and perhaps even other
companies that create the firmware for the ARM chip, and finally the
company that assembles all 3 and creates the final product. (The
flash/memory chips are usually quite standard/simple and don´t contain
firmware)
Now the thing is that you can attach any amount of memory to the
controller chip, so you have to program the controller chip with the
firmware and configure it for how much memory there actually is, since the
memory chips themselves can´t tell the controller how much they are.
To configure that and to upload the firmware, there are Windows based
Tools floating on the internet, which are usually in
chinese/mandarin/japanese/russian (or wherever those companies are from),
so most american/european users aren´t able to understand those tools, and
therefore don´t even know about their existance.

If you want to learn more:
http://www.bunniestudios.com/blog/?page_id=3592

I had some more links, if anyone is interested, ping me, then I will
search some more and post them here...

Best regards,
Philipp