SD cards are really versatile and powerful storage media. Unfortunately much of their interesting functionality is more or less unused. You will have quite some fun reading the easily available PDF file “SD Specifications Part 1 Physical Layer Simplified Specification” (currently version 9.10 with >400 pages).
Two features are of great interest for me: write lock and password protection. This entry will be (again) about setting SDs to read-only.
For the sake of completeness I have to mention that this is *not* about the flimsy slider found on full-sized SD cards. That is merely a polite request for the SD reader/writer to not write. The SD card itself is unable to evaluate the position of the slider. It just pushes a mechanical switch inside the reader. Think of music cassettes, VHS and floppy disks. In all cases the drive is responsible for enforcing write protection.
Dedicated SD Locker
I’ve talked about the actual write protection before on GBAtemp. I even had success building a provisional arrangement with an Arduino Uno clone.
Powering my strange contraption by connecting the Arduino to some USB allows toggling the temporary read-only flag on the inserted SD card by pushing the single button. I’ve been using this regularly.
→Works. Nothing is more durable than a temporary solution…
You can find the software for this online with the search term “SD Locker Tiny”
(Un)locking SD Cards with a Linux PC?
Now then, some new stuff. New for me. I found out that a normal Linux PC can be able to toggle the RO-flag under certain circumstances. This is both good and bad. Bad, because the write lock is supposed to prevent malware from persisting after a power cycle. Good, because my strange contraption shown above isn’t the only thing in the house having access to that function.
This is not a big problem for the goal of thwarting permanent malware infections: Common USB card readers provide access to SDs only via standard USB mass storage. They are unable to set/clear the flag. Only some internal card readers in (probably older) laptops are connected to PCI rather than USB and provide access to a real mmcblk device. USB readers will just show your SDs as some /dev/sdX
The little program “sdtool” did the trick on my year 2013 laptop.
I verified with my provisional Arduino device that this little program indeed does the very same thing.
Search term “sdtool SD Card Write protection”
My Nemesis – “Mobile” Platforms
But why stop the fun here? Vaguely remembering that Android devices also show mmcblk devices for SD cards, I thought it should be possible to use an old phone or tablet for (un)locking MicroSD cards. Can Android devices do this? A Clear case of jein (ja+nein → yes+no).
First of all, don’t even think of just loading some APK file on your unmodded phone and expect this cool SD card feature being at your fingertips. Sending RAW commands to a block device on Android is blocked for the normal user (seriously, what did you expect?). Root access is required and even then there is no guarantee for this to work.
Yes, I know, bla, rooting insecure, blabla, no verified boot, blablabla, *NEVER* root any phone. Go and f… yourself with the nonsensical warnings! Who cares for the security of some old Android device dedicated to tinkering?
Here is what I did on two device running unofficial LineageOS versions rooted with Magisk. Firstly I tried Ulefone Armor X5 Pro (fail) and then Samsung Galaxy Tab A, model SM-T550 (success):
- Install the App Termux
- Open Termux
- pkg update && pkg upgrade -y
- pkg install clang -y
- pkg install build-essential -y
- pkg install make -y
- pkg install binutils -y
Then I could run make, copy the compiled program to an appropriate location and run it as root.
Verified the success of the operation independently with the Arduino.
Still Missing the Password Functionality
There is another cool, rarely used SD function: Password protection. Even finding information about this online is difficult since the search term “SD password protection” leads to countless encryption programs unrelated to the actual protection on hardware level.
Now, I have no idea if SDs are self-encrypting devices like full-fledged SSDs in PCs. Yes, *your* SSD is encrypted even in case you never activated this (If you are interested: “Opal Storage Specification”). It might come in handy if you quickly want to sanitize some SSD via crypto-shredding… but this goes off-topic here. Again, I don’t know if (some?) SDs are self-encrypting devices, but they do feature a protection feature that makes them ignore almost all commands if a password is set. After each power cycle the password has to be provided in order to access the data. Alternatively an unknown/forgotton password can be cleared in conjunction with losing all data.
For the case there is no self-encryption a dedicated and advanced attacker could directly read out the memory chip to get access to the data. But a casual attacker will most likely rather consider such an SD defective since there is no reaction whatsoever when putting them into common readers.
Generally Android lacks encryption for external storage by default (Samsung proprietary system supports it). Using external memory as adoptable storage is considered a legacy feature. It doesn’t work properly and more often than not leads to crashes and data loss → Not an option either. Hence I would love to see the SD password protection as rudimentary security feature. In fact I know this is possible since my Huawei Y7 (2017, model TRT-LX1) offers it out of the box – much like old Nokia phones (Symbian?)
Maybe I’ll find a way to add this to my tablet at some point…