Page structure (layout) analysis
The user’s data is written into NAND memory page by page. The page size is a physical constant parameter of particular memory chip that can’t be changed (usually ~0.5-16kb). The user’s data is sliced by small chunks (512;1024;2048 b) and followed by ECC code. There are multiple data and other areas in page. Internal structure of the page is variable and depends on controller’s model solely. There are 3 different areas in the page always presented – Data area, Spare area, ECC. The allocation of those areas could be very different depending on controller’s model.
512 bytes – used in old chips where controllers didn’t use scrambling (XOR), old phones and old smartphones (Android 2.x and lower, others).
1024 bytes – used in all modern flash devices with scrambling. Statistically, 8 out of 10 devices use this data area size.
2048 bytes – used in all Sandisk devices.
The most important structures of Spare area that must be found and assigned are:
LBN – takes 2 bytes, the value changes from block to block.
Header (Block header) – takes 1 byte, the constant value in almost all blocks.
The ECC area may have any size in a range of 10-240 bytes per chunk. Every data area chunk is followed by its unique ECC code.
The typical patterns of these areas are described in the this article.