Extracting Equation Group's malware from hard drives

[cypherpunks@cheiraminhavirilha.com (Virilha)]

 From page 18 of paper  
(https://securelist.com/files/2015/02/Equation_group_questions_and_answers.pdf)

...
'The disk is targeted by a specific serial number and reprogrammed by  
a series of ATA commands.
For example, in the case of Seagate drives, we see a chain of  
commands: â??FLUSH CACHEâ?? (E7) â??
â??DOWNLOAD MICROCODEâ?? (92) â?? â??IDENTIFY DEVICEâ?? (EC) â?? WRITE â??LOG EXTâ??  
(3F). Depending on the reflashing request, there might be some unclear  
data manipulations written to the drive using â??WRITE LOG EXTâ?? (3F)'
...

This 3-letters-agency did it with software, mostly using undocumented  
ATA commands.

A software approach would reach a larger audience, assuming not  
everyone knows eletronics and/or can pull his/her HDD off.

Assuming no one knows the specifications for the ATA commands, or has  
the time/knowledge/samples to analyze and reverse engineer it, a  
request of such a tool for the Kaspersky guys seems the best approach.

-Virilha

----- Message from grarpamp <grarpamp@gmail.com> ---------
    Date: Tue, 17 Feb 2015 21:03:48 -0500
    From: grarpamp <grarpamp@gmail.com>
Subject: Re: Extracting Equation Group's malware from hard drives
      To: cpunks <cypherpunks@cpunks.org>
      Cc: Cryptography Mailing List <cryptography@metzdowd.com>


>> Does anyone know of any tools to extract the Equation Group's malware
>> from hard drive firmware?
>
> You can pull firmware and even get a shell on most
> drives with jtag and other pin headers. Search for it.


----- End message from grarpamp <grarpamp@gmail.com> -----