{"id":102,"date":"2026-02-16T13:29:26","date_gmt":"2026-02-16T12:29:26","guid":{"rendered":"https:\/\/kleinessinchen.feralnetworks.com\/?p=102"},"modified":"2026-03-26T11:38:47","modified_gmt":"2026-03-26T10:38:47","slug":"sd-password-functionality-and-transcend-rdf5","status":"publish","type":"post","link":"https:\/\/kleinessinchen.feralnetworks.com\/?p=102","title":{"rendered":"SD Password Functionality and Transcend RDF5"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\"><br>Did you ever find an Symbian based Nokia phone containing an SD in your drawer after many years? Now you want to see if there are any worthwhile photos on there. Where is the charger with the tiny coaxial power connector again? Do you still have it? Nevermind. You will just take the SD card out and put it into a laptop. What\u2019s that? No new drive shows up! Nothing happens. Just like \u201cMagikarp used Splash!\u201d in a Pok\u00e9mon game. Did the old SD give up the ghost? Not necessarily. It might just be locked with a password by CMD-42<\/p>\n\n\n\n<!--more-->\n\n\n\n<h2 class=\"wp-block-heading\">1. What is the SD Password Functionality?<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Even searching for this topic online is hard. A lot of articles or pseudo-blog entries, possibly created automatically, will pop up when searching for things like \u201cpassword protect SD card\u201d. These results often push encryption software made by the website owner\/company who published the article. Or \u2013 the better case \u2013 they describe how to use well-known encryption tools for protecting the contents of an SD card. Thanks, I already know how to use VeraCrypt, BitLocker and LUKS. Can we now talk about the raw command CMD-42? This is a low-level SD\/MMC command that tells the card to lock\/unlock access to the media.<\/p>\n\n\n\n<div class=\"wp-block-group has-background has-global-padding is-layout-constrained wp-container-core-group-is-layout-27be8982 wp-block-group-is-layout-constrained\" style=\"border-width:2px;background-color:#fbf9cc;padding-top:var(--wp--preset--spacing--20);padding-right:var(--wp--preset--spacing--30);padding-bottom:var(--wp--preset--spacing--20);padding-left:var(--wp--preset--spacing--30)\">\n<details class=\"wp-block-details has-large-font-size\"><summary><strong><mark style=\"background-color:rgba(0, 0, 0, 0);color:#ff0000\" class=\"has-inline-color is-layout-flow wp-block-details-is-layout-flow\">\u26a0\ufe0f Safety and Security Warnings\u26a0\ufe0f<\/mark><\/strong><\/summary>\n<ul class=\"wp-block-list\">\n<li><strong>A) Never <\/strong>use this command on the internal eMMC of a device! Double check you\u2019re applying any raw MMC commands on an SD reader, not an internal eMMC chip, to prevent permanently bricking a device.<\/li>\n\n\n\n<li><strong>B)<\/strong> Such experiments can backfire. If some SD card doesn\u2019t adhere to the standard it might fail to correctly execute commands. <strong>Backup your data<\/strong> before tinkering or even better use an empty and old SD for testing.<\/li>\n\n\n\n<li><strong>C)<\/strong> Do <strong>not<\/strong> rely on CMD-42 LOCK_UNLOCK in case you must absolutely rule out that an attacker, even an advanced one, can access your data! Use well-known and tested encryption software like those mentioned above instead!<\/li>\n<\/ul>\n<\/details>\n<\/div>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p class=\"has-large-font-size wp-block-paragraph\"><strong><mark style=\"background-color:#fbecfa\" class=\"has-inline-color\">1.1 Access Control, but no Encryption<\/mark><\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The SD password is just an access control mechanism. The little micro-controller inside an SD will ignore almost all commands until the correct password is provided after each power cycle. That does not mean the data is fundamentally inaccessible. At least for old SDs there are ways of attacking them in order to guess the password. A very advanced, or even state level, attacker could ignore the controller and directly read out the flash chip.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Search for: <em>\u201cPoking the S in SD cards\u201d <\/em>(by Nicolas Oberli)<\/p>\n\n\n\n<details class=\"wp-block-details is-layout-flow wp-block-details-is-layout-flow\"><summary>Unless the SD is specifically marked as self-encrypting device (SED) you have to assume it can be read without knowing the correct password.<\/summary>\n<p class=\"wp-block-paragraph\">Common SSDs for PCs are SEDs. For NVMe type look up Opal Storage specification for more information. Even older SATA SSDs encrypt all data by default without having to activate this function. By default the needed master key is available without password. Both OPAL, and the older ATA-security feature can be used to protect data with hardware encryption. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">This is, however, not without problems. At least for older SSDs there are known vulnerabilities.  \u2192 Look up <em>&#8220;Self-encrypting deception \u2013 weaknesses in the encryption of solid state drives (SSDs)&#8221;<\/em><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Positive side effect of SEDs is their ability for crypto-shredding: Securely erase the complete SSD takes only seconds (throw away current key, generate new random key)<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">In doubt activate software based encryption with VeraCrypt, BitLocker or LUKS .<\/p>\n<\/details>\n\n\n\n<p class=\"wp-block-paragraph\"><strong><mark style=\"background-color:#fbecfa\" class=\"has-inline-color\">1.3 Usage  Examples in the Wild<\/mark><\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">You might want to assume that the password function isn\u2019t used at all. But it is. Unfortunately in most cases it is used <em>against<\/em>  the user. Under the cloak of copyright protection (or company secrets) the function gets (ab)used as DRM to keep the customer out. A quick search for \u201cPioneer Firmware AVH GitHub\u201d will give you an example. In this case somebody figured out Pioneer&#8217;s passwords.<br><br>As mentioned in the introduction old Nokia phones supported the function working for the user\u2019s benefit. Still interested in seeing what photos might be on there? Better find the coaxial charger. Your phone should still remember the password.<\/p>\n\n\n\n<details class=\"wp-block-details is-layout-flow wp-block-details-is-layout-flow\"><summary>In front of me is a Huawei Y7 smartphone running Android 7. Since the phone has an unlocked bootloader and Magisk it is an excellent device for testing. I activated the password function. Unlocking by the main OS is transparent. Seemingly nothing changed. But when putting the SD in a PC or rebooting the phone into TWRP the SD plays dead.<\/summary>\n<figure class=\"wp-block-image size-full is-resized\"><img decoding=\"async\" width=\"720\" height=\"643\" fetchpriority=\"low\" src=\"https:\/\/kleinessinchen.feralnetworks.com\/wp-content\/uploads\/2026\/02\/Screenshot-Huawei-Y7_cropped.png\" alt=\"\" class=\"wp-image-106\" style=\"width:400px\" srcset=\"https:\/\/kleinessinchen.feralnetworks.com\/wp-content\/uploads\/2026\/02\/Screenshot-Huawei-Y7_cropped.png 720w, https:\/\/kleinessinchen.feralnetworks.com\/wp-content\/uploads\/2026\/02\/Screenshot-Huawei-Y7_cropped-300x268.png 300w\" sizes=\"(max-width: 720px) 100vw, 720px\" \/><\/figure>\n<\/details>\n\n\n\n<h2 class=\"wp-block-heading\"><br>2. Usage on Linux PC<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Having to rely on old phone for extracting data from an SD isn\u2019t satisfactory. I\u2019m not getting any younger. I want a big screen, a proper keyboard and possibly a mouse and not a touchscreen or just a few tiny buttons (Symbian phone). It can be done on Linux PCs.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong><mark style=\"background-color:#fbecfa\" class=\"has-inline-color\">2.1 Kernel Patch!?<\/mark><\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The first option I found is so complicated that I did not (yet?) even try. An internal SD reader in a laptop which exposes a <code>\/dev\/mmcblk<\/code> device instead of  <code>\/dev\/sdX<\/code> can do it. Theoretically at least. Unlike the read-only topic I found no readily available app supporting the feature. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Furthermore there are reports of laptops being unable to detect protected cards. Going down the rabbit hole of applying some kind of old kernel patch to enable detection\u2026 that is too much for now. Long story short: it goes over my head. No idea if this patch has ever become part of mainline kernel. At some point I will have to look deeper into mmc-utils.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">But there is an easier option:<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><mark style=\"background-color:#fbecfa\" class=\"has-inline-color\">2.2 USB Device<\/mark><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The inexpensive Transcend RDF5 officially supports it with GPLv3 licensed code found on GitHub.<\/p>\n\n\n\n<figure class=\"wp-block-gallery has-nested-images columns-2 wp-block-gallery-1 is-layout-flex wp-block-gallery-is-layout-flex\">\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"378\" data-id=\"108\" src=\"https:\/\/kleinessinchen.feralnetworks.com\/wp-content\/uploads\/2026\/02\/Transcend-RDF5-side-view-1024x378.jpg\" alt=\"Transcend RDF5 in pink. side view. Two slots, for full-sized SDs and for micro-SD\" class=\"wp-image-108\" srcset=\"https:\/\/kleinessinchen.feralnetworks.com\/wp-content\/uploads\/2026\/02\/Transcend-RDF5-side-view-1024x378.jpg 1024w, https:\/\/kleinessinchen.feralnetworks.com\/wp-content\/uploads\/2026\/02\/Transcend-RDF5-side-view-300x111.jpg 300w, https:\/\/kleinessinchen.feralnetworks.com\/wp-content\/uploads\/2026\/02\/Transcend-RDF5-side-view-768x284.jpg 768w, https:\/\/kleinessinchen.feralnetworks.com\/wp-content\/uploads\/2026\/02\/Transcend-RDF5-side-view.jpg 1292w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"354\" data-id=\"109\" src=\"https:\/\/kleinessinchen.feralnetworks.com\/wp-content\/uploads\/2026\/02\/Transcend-RDF5-top-view-1024x354.jpg\" alt=\"Transcend RDF5 in pink. top view. Why pink? Because I tend to mislay my stuff and spent way too much time searching.\" class=\"wp-image-109\" srcset=\"https:\/\/kleinessinchen.feralnetworks.com\/wp-content\/uploads\/2026\/02\/Transcend-RDF5-top-view-1024x354.jpg 1024w, https:\/\/kleinessinchen.feralnetworks.com\/wp-content\/uploads\/2026\/02\/Transcend-RDF5-top-view-300x104.jpg 300w, https:\/\/kleinessinchen.feralnetworks.com\/wp-content\/uploads\/2026\/02\/Transcend-RDF5-top-view-768x266.jpg 768w, https:\/\/kleinessinchen.feralnetworks.com\/wp-content\/uploads\/2026\/02\/Transcend-RDF5-top-view.jpg 1361w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n<\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">Despite USB SD card readers typically only expose the possibilities of standard USB mass storage devices, this one is different. It might or might not work on other devices, maybe with secret vendor specific commands. In case of Transcend RDF5 there is official support for pass-through of raw MMC commands. What they&#8217;ve delivered looks a little rushed and minimalist. You have to compile it yourself, but the good news is: <strong>it works perfectly!<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># set password\nsudo .\/sdsecure --set-pwd &lt;Password&gt; &lt;device&gt;\n\n# unlock a protected SD\nsudo .\/sdsecure --unlock &lt;Password&gt; &lt;device&gt;\n\n# Command line options are self-explanatory\n# Just use\n.\/sdsecure --help <\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">Here comes a point where I\u2019d need the help of a skilled developer: How about trying to expand the little console app Transcend published with an option to toggle read-only? No idea if it works, or if the RDF5 is only willing to pass through the few certain commands given, but it would be worth a try.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><mark style=\"background-color:#fbecfa\" class=\"has-inline-color\">2.3 Factory Reset an SD?<\/mark><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Factory reset an SD card? Sounds strange. I found the question how to do a factory reset on an SD on GBAtemp. In the end the question this forum question was about correcting a wrong partition size. But an SD can be factory reset. Same caveat as in the Warning  <strong>C) <\/strong>\u2013 Physically the data will still exist after resetting. Resetting takes just a moment. Not remotely enough time to overwrite everything.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">3. What is still missing?<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">While Android phones\/tablets have their internal memory encrypted, inserted SDs are (normally) not. To add at least a basic security against casual attackers this feature feels like a must-have for Android phones\/tablets. Sadly the vast majority of devices doesn\u2019t support it out of the box. At least for rooted Android I see a theoretical possibility of adding SD password support.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Did you ever find an Symbian based Nokia phone containing an SD in your drawer after many years? Now you want to see if there are any worthwhile photos on there. Where is the charger with the tiny coaxial power connector again? Do you still have it? Nevermind. You will just take the SD card [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8],"tags":[18,11,14],"class_list":["post-102","post","type-post","status-publish","format-standard","hentry","category-hardware","tag-rdf5","tag-sd","tag-security"],"_links":{"self":[{"href":"https:\/\/kleinessinchen.feralnetworks.com\/index.php?rest_route=\/wp\/v2\/posts\/102","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kleinessinchen.feralnetworks.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kleinessinchen.feralnetworks.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kleinessinchen.feralnetworks.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kleinessinchen.feralnetworks.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=102"}],"version-history":[{"count":13,"href":"https:\/\/kleinessinchen.feralnetworks.com\/index.php?rest_route=\/wp\/v2\/posts\/102\/revisions"}],"predecessor-version":[{"id":208,"href":"https:\/\/kleinessinchen.feralnetworks.com\/index.php?rest_route=\/wp\/v2\/posts\/102\/revisions\/208"}],"wp:attachment":[{"href":"https:\/\/kleinessinchen.feralnetworks.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=102"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kleinessinchen.feralnetworks.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=102"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kleinessinchen.feralnetworks.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=102"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}