Monolithic Flash Drive Recovery – Solving Difficult Cases

Newer monolithic flash drives are proving more difficult to recover than ever. One reason is due to multiple duplicate copper traces used to fish

signals from the controller down to the NAND flash memory chip. I’ve found the best way to tackle these duplicate signals is to group them by diode voltage and then do a continuity test to locate duplicates. Once the duplicates are removed isolate the signals with a logic analyzer and read the data with a NAND reader.

Different groups of NAND signals will have different values, typically split into data, control and ready busy. The values in each group will be similar, for example data signals will all be 0.46 – 0.47 which makes it easier to probe all the data signals looking for duplicate traces in continuity mode.

After identifying each unique trace, we need to identify each signal from a trace to its corresponding NAND signal. This process is done by looking for recognizable patterns such as the ID command 0x90 which uses all NAND signals, (CE, RE, WE, ALE, CLE, and Data).

After the trace / signal mapping is complete we can attach the flash drive to a NAND reader and retrieve the data as if it’s a traditional flash drive.