EMMC BGA Secrets, hack bga memory, no reballing necessary: Learn how to safely remove EMMC memory modules, hack them and then reinstall, without the difficult process of trying to reball the BGA.

EMMC BGA Secrets, hack bga memory, no reballing necessary: Learn how to safely remove EMMC memory modules, hack them and then reinstall, without the difficult process of trying to reball the BGA.

Level of Instruction: Intermediate

Instructed by: Patrick "Gigstorm" Kiley

Abstract:

EMMC is a common flash memory format for more complex embedded devices and the Ball Grid Array (BGA) is a popular format for EMMC modules. BGA modules can be intimidating to hardware hackers since the pins are not exposed and are instead underneath the chip. This workshop will demonstrate and allow you to practice removing EMMC modules from an inexpensive circuit board using flux and a hot air station. The module will contain a Linux operating system and a Raspberry Pi. Workshop participants will learn how to image the removed EMMC. Mount and change the Linux filesystem in order to backdoor the image and gain access, and then learn how to copy the image to a new EMMC. Participants will then learn how to attach the module to a BGA carrier board with hot air.

A basic understanding of soldering is all that is required to be successful in this workshop. An understanding of the Linux filesystem is also helpful, but not required. We will have step by step instructions and will also have a small prize for the participant who comes up with and demonstrates the most clever Linux backdoor on their Raspberry Pi.

At the end of this workshop, participants will have an understanding of:

How to remove, clean and image BGA modules

Basics of offline Linux filesystem hacking

How to image and reattach BGA EMMC modules