CID change on SD card update (evoplus_cid)

IMG_20160731_172654

My recent post on how to change the CID on a Samsung Evo Plus SD card has generated some interest, but also a number of people who are having problems with it. I thought it was worth posting an update with some extra information. First off, I suspect some people who are struggling have fake cards – there are a lot out there and some of them look pretty convincing. Others have suggested different hardware / firmware revisions might be an issue – quite possible but I have no way of knowing (all my Evo Plus cards work, so I can’t can’t compare against ones that don’t). I can see no reason why different phones etc. would give different results – as long as it’s a proper SD controller (not a USB mass storage adapter) then sending the command should work just fine.

Fake cards
These are very common and if you google for fake Samsung cards you’ll find lots of info on how to spot them. A few tip I’ve picked up along the way:

  • Packaging quality – the image should be well printed, in high resolution and good bit depth on the colours (some fakes looks like they’ve been converted down to 256 colours). The gloss overlay over the printed areas should align with the printing below them, if it’s offset that’s a bad sign.
  • Packaging info – the product information should be correct and match the card. I had one fake that incorrectly stated a 32gb card was SDXC on the pack instead of SDHC, the card itself had SDHC printed on it. The correct size should also be printed on the packet. Look up the UPC from the barcode on the back and make sure that matches the product and size of your card.
  • Hologram, with scratch-to-reveal verification code. The real ones have them (recent ones at least), fakes might but probably don’t. All of mine have, but oddly enough when I tried to check one on the Samsung China website I didn’t get anywhere with the verification code, the site was in Chinese though so I might have been doing something wrong.
  • The card – lots of subtle details to check. Smooth back, not lumpy showing circuit parts beneath the surface. Black on the back, white on the edges. Slight bevel on the contact side, to help insertion. Correct info printed on the card. Correct font, especially for the capacity digits, some fakes don’t use the correct slim font. Text on the back is printed so it is read with the card contacts end pointing upward. Mine are made in the Philippines but this is probably not the only place so don’t get hung up on this.
  • Card CID – check it and compare to working ones. See below…

Card CID
An example of the CID on one of my cards: 1b 534d 3030303030 10 98625deb 0102 a1. Your card CID should be very similar. The manufacturer ID should be 1b, followed by an application/OEM ID of 534d. The product name is 3030303030 (5 x ASCII ‘0’). The product revision is 10 (1.0). The next 8 hex characters (98625deb) are the SD card serial number, yours will be different! The manufacturing date is next (0102, or 0 10 2), where the first digit is ignored, the next pair is the year in hex since 2000 and the last digit is the month in hex. So this is February (2) 2016 (2000 + 0x10). I also have March 2016 (0103) cards that work fine. Last is the checksum (a1) which will be different on your card. I doubt many of the fakes have properly set Samsung CIDs so hopefully this is an easy way to tell.

My cards / System
Samsung Evo Plus 32gb. UPC: 8806086928410. Model: MB-MC32D. Model code: MB-MC32D/CN. Purchased from this listing on AliExpress. I am not affiliated with the seller and get no referral commission from this link. I also cannot guarantee that you’ll get working or even genuine cards, but I have purchased on two occasions from this seller and the cards have been genuine and worked with evoplus_cid.

I have used evoplus_cid on a Samsung Galaxy Tab 2 (10 inch, wifi model, p5110). The tablet is running CyanogenMod 13 unofficial from here.

evoplus_cid
I’ve made a couple of updates to evoplus_cid. If you supply a full 32 digit CID (and don’t apply a serial number modifier) it will be written as is without recalculation of the checksum. This was requested by a user for cards that apparently always had a checksum of 00. Although, I’ve got a laptop that always displays 00 for the checksum when showing the CID, so I wonder now if his cards really did need that! I’ve fixed a bug when compiling on 64bit Linux that could prevent the CID being written. I’ve also fixed a bug causing the displayed CID to include some extra ‘FF’s.

Pictures

119 thoughts on “CID change on SD card update (evoplus_cid)”

  1. I have problem with changing CID. In my case the last two digit (checksum) always change. I put 32 digit. I trying on linux and rooted android. Always the same result: checksum was different from original CID. Is it possible that the card recalculates checksum?

          1. Original checksum is 00. Is there any way to set the checksum to 00?
            The CID number is: 09415041462053440219cf1612015100

          2. That cid checksum is invalid, and will just be a display bug on the system where you read it from. It is common for some systems, including some versions of Linux (or certain sd card drivers on Linux) to incorrectly report the cid checksum as 00. The correct checksum is f9.

  2. Hi guys.
    I have a uSD of which with evoplus_cid I can rewrite its CID.
    Now I would like to try to do the same thing by sending the necessary commands to the uSD instead of using evoplus_cid.
    After initializing the uSD successfully, I am trying sending these commands that I found somewhere here in between the messages:

    cmd62 0xEFAC62EC (enter vendor mode)
    cmd62 0xEF50 (unlock the backdoor)
    cmd17 0x00 (confirm Smart Report after reading Sector 1 at Address 0)
    cmd26 0x00 0xFE [16bytes NEW CID] (WRITE_CID+single block write start TOKEN+16byte NEW CID)
    cmd62 0x00DECCEE (exit vendor mode)

    but I can not get anything.
    Please, could anyone write here what exactly are the right ones?
    I know that the sources are provided with evoplus_cid, but I am not a software guy and so I can not decrypt them by retrieving the necessary from there.
    For my experiment I am using a linux program which send the commands and parameters I enter.
    Can someone please point me out these commands and parameters to me?
    And last but not least, is evoplus_cid working by SPI or SD mode?
    Anyone who can provide information would be of great help to me.
    Thanks!

    B.S.

    1. The exit vendor mode command should come after the unlock command, not at the very end. I’m not sure what your cmd17 is for, I don’t do that in the Linux version. As for the cmd26, I don’t know what that would look like at your lower level, only how it looks in the ioctl linux call, but it is a write with argument of 0 and 1 block containing the new CID.

  3. Hi Richard, I changed the SD card CID number with your information. Thank you. However, I cannot find a CID changeable samsung card. What are CD switchable sd or md card serial numbers? Can the CID of 2019 or 2020 generation samsung evo cards be changed?

    1. I’m afraid I don’t have a list of compatible cards, and it’s not simple to tell except by trying, as the cards may look the same on the outside but have different flash controllers. There are reports and details of cards that have worked in these two posts (and their comments), and also on other forums. I don’t imagine anything made in the last couple of years will work so it’s probably difficult to get hold of a new one now.

  4. I managed to sucessfully change the CID on an old Transcend 4GB Class 6 SDHC manufactured 10/2013, so it could be that other Transcend cards manufactured around that time might also work.
    Thanks for your efforts Richard!

      1. Hello Richard,

        I got Samsung EVO MB-MP16DA/EU card produced in 2015.
        I need help how to change CID, I need this for R-Link maps for Renault, I have CID which should be input as new on the card.
        But the problem is I don`t know what I should type in Terminal in Ubuntu.

        Can you help me?

        Thank you in advance.

    1. Hi I want to copy navigation map from card or if I can change the cid of that navigation card I don’t know what to do so please if you can help me I’ll be thankful

  5. Hi Richard,
    In your article, you wrote that 0x1b is the Manufacturer ID for Samsung SD cards.
    I am trying to identify the manufacturer of a couple of suspected fake SD cards I own.
    I have not been successful in finding such a list on the Internet.
    Maybe you can lead me to such a list.
    Thanks.

  6. With original Samsung EVO SD Cards, is the + sign in contrast to a written Plus on the card an indication if the CID Change procedure works or not?

    I found a dealer who is selling EVO Plus cards with a Product code: MB-MC32D / MB-MC32DA/EU
    EAN code: 8806086928656, which is I think a good indication for a working card.
    The only thing that bothers me is that on the card itself the Plus is in writing and not the + sign.

    Any ideas?

    1. rotter99, did you have success changing the cid with that card? ( MB-MC32D / MB-MC32DA/EU EAN code: 8806086928656).
      I’m trying to get one similar (128 GB, year 2016) thank you

  7. Who wants to find a writebale cid sd cards, i found a company that selling those, but their are sellling them only with the device which can write cid. I dont want to advertize here, but if you need their contacts, contact me jeezywoods@gmail.com

  8. Dear Richard, some great work here.

    I’ve tried help everywhere but not getting none for now. To me is happening this:
    In raspberry PI : desktop:/usr/local/src/evoplus_cid/jni# ./evoplus_cid /dev/mmcblk0 5d5342303030384712750a9e2f0117bf Writing new CID: 5d5342303030384712750a9e2f0117bf Success! Remove and reinsert SD card to check new CID .
    However cid keeps always the initial one.

    In SM-T561, Galaxy Tab E, when try to execute ./evoplus_cid.c get ./evoplus_cid.c[11]: syntax error: ‘(‘ unexpected. And when try to gcc evoplus_cid.c -o evoplus_cid android says already compiled.

    Also read about some mmc32 and mmc64 that I believe is another code to do the job. But can’t find it.

    I’m using a EVO card MB-MP64D

    Any thoughts?

    1. Trying to run ./evoplus_cid.c is trying to execute the source code, so that won’t work. Github already contains the compiled binary, so you can just run that from the libs/armabi folder on Android. I expect that will just work on a Tab E, though not really familiar with the model, but works fine on a Tab 2. Don’t forget to run it as root.

      1. Thanks Richard. I’m noob but I suspected that, so was trying to compile evoplus_cid.c in android with CppDroid 🙂 without success. But no one explain that simple thing anywhere “the compiled binary file to android is libs/armabi folder. So now everybody who reads this will Know. My card is mmc1:59b4. So I believe it wont works anyway. Read this somewhere “if you have an entry with eg. “mmc0: 59b4″, you can stop or test another microSD card” . However I will keep trying just because. In tabE, when mount, or df only see dev/block/vold/179:129 not “/ dev / mmcblk * . Do you believe TabE is incompatible? Sorry poor English. Thanks again for trying to teach us.

        1. Everything working now in Tab E also. However get the same results that in raspberry Pi III. Writing new CID: 5d5342303030384712750a9e2f0117bf Success! Remove and reinsert SD card to check new CID .
          However cid keeps always the initial one. Guess is a card problem. Thanks a lot Richard for your help and work. Maybe one of these days a get a working one. 🙂

          1. Yes, its a card problem, it has backdoor bits writen, you need a working card, also CHeck my post above brother, i found a 100% cid changeble cards. 🙂

  9. Dear Richard,

    I bought a 100 % genuine EVO Plus 64gb from Korea. ( I made the necessary write/ read speed tests, and the test that detemines the real capacity. Everything seems to be fine with the card). I know that your trick works mostly with the earlier made cards (earlier than ~2017), and my card was manufactured in Nov 2017, but I want to make sure, that I didn’t make anything wrong during the porcess.

    I did everything as you described, but after I had given the command
    “find /sys -name cid -print,

    there was nothing shown on the console! I use an older laptop with an integrated SD card reader, but after the “mount” command is given, my result is different from the expected one. It looks like “/dev/sdbk1” or something like that, and not “/dev/ mmcblk0…..”
    Although I couldn’t get the CID Number, I tried the ” ./evoplus_cid …… ” command, and got the following result:
    Failed to enter vendor mode. Genuine Samsung Evo Plus?

    May it be that there is something wrong with the SD card reader, or it’s more likely that the card is not suitable for the action?

    Is there any other way to try it on a smartphone, or can you recommend me a place where I can find a card, that probably wil work?
    I promised my firend to help him in this issue, because he is 38% disabled, but he has to travel a lot with his parents!
    Many thanks for your help!

    1. My best guess from what you’ve said about the different device name is that your linux distro/kernel is quite old, in which case it may or may not be expected to work. Or, the sd card reader might not be a connected by the right bus, it might be a usb one instead (I’m not sure how these show up). I’d try another device, ideally an android phone/tablet – they will almost certainly have the right type of sd card reader.

        1. It will need to be rooted. Procedure is basically the same. More details on the original post, linked at the top. You’ll need to copy the executable to /data or similar, you can’t run it from /sdcard (internal or external) because it’s mounted with noexec permission.

          1. someone tried with termux ??? and with android dmontato du virtualbox it could work ???? I would try with termux but my device xiaomi redmi4 pro has architecture aarch64 not yet fully supported,. but according to me the biggest problem and the compatibility of the card. someoneo has a secure seller’s link with compatible cards ?? on aliexpress there sono migliaia, but how do you make sure that they will send the right product?
            sorry for my bad englisch

  10. Hello Richard, Can you say please, if i have a chinease card where cid didnt writen yet, i mean they dont have cid yet, all i need to write cid on it, its init the card then turn to transfer mode then cmd26 in SD MODE? then 16byte to data pin? WIll it do th thing?

    1. Hi JeezyWonder,
      no, probably in that way it will not work.
      That could also depend if the CID field is completely empty or if there are numbers inside, something like 00000000000000000000000000000000h.

  11. Hello,

    as no current Samsung SD card is found to have CID change enabled, what about Swissbit industrial SD cards?

    I found one seller of navi maps using this products, with ability to update to every future maps change.

    But no more info, nor I found a way the Swissbit enable users to change CID numbers – their web pages are offering to download tools or apps to work with their cards.

    1. It’s against the specification for the cid to be writeable. There is a command in the specification for writing it, but this is obviously intended to be single use only, during manufacturing.

      While there may well be a backdoor in many sd cards, allowing them the cid to be rewritten by some method, this must be undocumented or the card doesn’t meet the spec (technically having the capability at all, even if it is hidden, means it doesn’t meet the spec, but no one would know).

      Anyway, my point is it’s unlikely that any branded cards are known to be exploitable (Samsung is the only one I know that has been and they fixed that pretty quickly) and certainly they aren’t going to put the tools to do it on their public website. If there are tools available the easiest way to get one might be to buy the card you mentioned. On the other hand they might just have a key gen for the nav system and send you a key file/code for your card for an update, not actually modify the cid at all. Let me know if you find any more out.

      I think the best bet is cheap cards from China. You can buy them from ali with any cid set from lots of sellers. I assume that these can be easily set with some dodgy Chinese software if you can find it (a bit like all the tools you can get for fiddling with the controllers on usb memory sticks).

  12. Hi Richard

    I hope you can help me Where can i find the complete description to change cid in android There was a guy in the Netherlands that write it on a forum but i don’t understand en even stock on a point gcc evoplus_cid.c -o evoplus_cid Can you help me please ??

    Love to hear from you 🙂

  13. Wenth through all of internet because my navigation sd card started “dying” – throws card errors and sometimes did not even show up in pc.
    I managet to get an image of the card and also, got card info on my linux laptop, since this image did not work in my car.
    The strange part starts now:
    On Linux laptop I get different last bit of CID than i see in TomTom home software.
    Tomtom:01504154503034477495AB997100C405
    LinuxPC:01504154503034477495ab997100c401
    Since I cannot change CID (did not find any Samsung card that would work the way I need) I decided to order 3 cards from China (seller was king enough to accept compromise of MOQ) and give seller CID to program to these cards. I will have 3 spare cards and no stress of loosing a card or dying card.
    The problem ir – which CID I should give the seller?
    I am not a good programmer – just a sysadmin with a cheap french car and I did not wish to purchase new card from Renault for 260€.
    Anyone has experience with correctness of laptop card readers and CID?

    1. The last two hex digits are the checksum. The correct checksum for your card is 05 (as displayed by Tomtom). I have seen some old Linux kernels always report a checksum of 00, but not seen it report 01 before.

      1. I wrote a full CID (with a checksum 00), but read two different CIDs on different kernels/HW.

        Android, ARM32, kernel 3.10.49: Checksum 00.
        PC, AMD64, kernel 4.10.0: Checksum 01.

        It doesn’t actually affect anything, and the result is the same whether I write from my PC or Android. This is purely a read issue.

        1. It’s no possible to force a specific CRC since it depend on the whole previous 15 bytes being it the CRC7 polynomial of them.
          By writing/rewriting the CID on the card the sixteenth byte, the CRC, doesn’t matter, since the result only depend on the previous 15 bytes, them are that do the CID.
          The microprocessor contained in the controller inside the card is the only responsible for calculating the CRC7 based on the 15 bytes which precede, nothing and no one can force that value unless the controller firmware has been specially rewritten.
          Some have it, some don’t, so in order to read the actual whole CID, CRC included, it’s better acces the card via SPI using appropriate devices, not Android nor Linux.

  14. Hi,
    A charitable soul could sell me or just lend me a working SD card ? I try 10 more SD cards from differents vendors on amazon but thay are too recent. I think that the backdoor is locked ! Maybe you could help me with a link to buy a good one ?

    Richard thank you so much this is my new obsession 😉

  15. Ordered a memory card of 32 gigabytes on aliexpress here https://ru.aliexpress.com/item/SAMSUNG-EVO-Memory-Card-32G-64G-128G-SDHC-SDXC-TF80M-Grade-Micro-SD-Class-10-Micro/32634349789.html. Come! MMS it 0001, but the CID fails to change. Another 3 people have the same problem. So there is no longer order.
    Can’t run evoplus at the phone – point /dev/block/mmcblk1 is, but evoplus writes that cannot open the device. All rights of this. What could be the problem?

  16. just for info:
    Yesterday i bought a 32GB Samsung EVO+ (12/2016) and it doesn´t work on my Android-Phone(HTC M8 rooted). Then I remembered that i own a Raspberry with an older Samsung 16GB SDHC Pro (MB-MGAGB) and i tried this Card – voila it worked perfectly. Maybe older Class 10 Samsung Cards will work too and we do not have to look for the EVO+ Cards only.
    Thanks for the great work Richard and greetings from Germany !!!!

  17. Hi, i try to change cid but i have little problem…
    1. it say ‘s to me> ioctl: Connection timed out
    Unlock command failed.
    2. If i repeat command then unlock command failed.
    3. repeat again then Failed to enter vendor mode. Genuine Samsung Evo Plus?

    So what is wrong? All information about card is here>
    Samsung evoplus 32gb
    oot@ubuntu:~/Desktop/evoplus_cid/jni# ./evoplus_cid /dev/mmcblk0 744a454e2f412020106c6d77470104c3
    Unlock command failed.
    root@ubuntu:~/Desktop/evoplus_cid/jni# ./evoplus_cid /dev/mmcblk0 744a454e2f412020106c6d77470104c3
    Failed to enter vendor mode. Genuine Samsung Evo Plus?

    root@ubuntu:~/Desktop/evoplus_cid/jni# ./evoplus_cid
    /dev/mmcblk0 744a454e2f412020106c6d77470104c3
    Failed to enter vendor mode. Genuine Samsung Evo Plus?
    root@ubuntu:~/Desktop/evoplus_cid/jni# cat /sys/block/mmcblk0/device/cid
    1b534d303030303010829b5d02010b01

    root@ubuntu:~/Desktop/evoplus_cid/jni# ls -l /sys/block |grep mmc
    lrwxrwxrwx 1 root root 0 Dec 17 20:43 mmcblk0 -> ../devices/pci0000:00/0000:00:1c.3/0000:04:00.0/rtsx_pci_sdmmc.0/mmc_host/mmc0/mmc0:0001/block/mmcblk0
    root@ubuntu:~/Desktop/evoplus_cid/jni#

    1. Hi sercspro,
      despite your card is for sure a genuine one manufactured in November 2016 by Samsung, it doesn’t mean it does accepts the backdoor.
      As also Richard wrote seems that newer cards don’t work, Samsung has probably changed (or removed) the code that allow them to be unlocked.
      You have to try another one, better if not so recent.
      As your reference I have 32GB Samsung EVO+ 04/2016, 32GB Samsung EVO+ 09/2016 and 16GB Samsung uSDHC 04/2013, on all of them evoplus_cid works correctly.

    1. Yes, in theory, but it will require a “real” SD card reader rather than USB attached one. I’ve only ever seen USB ones in desktop computers, so chances are for the majority of desktops (i.e. almost certainly the one you have) there won’t be any way to do it.

      1. I see… Well, I’ll try to resurrect my old laptop and will hope it will run long enought 😀 Btw card reades connected via PCIe won’t work also? What do you think?

      2. My old laptop seems to be realy dead, so I tried to google little bit. I found some sort of solution by using arduino with card reader shield, but there is no implementation yet. So I decided to give it a try and code something. Now i can obtain CID from the card (just not sure if it is correct – hex to int conversion etc). Now the hard part… Can you help me with it? I need to know witch CMDs (+param) I should use. If I succeed, I’ll post the code for everyone of course.

        1. Hi snoopy,
          from what I can understand by reading the code evoplus_cid works by issuing the follow commands:

          cmd62 0xEFAC62EC (enter vendor mode)
          cmd62 0xEF50 (unlock the backdoor)
          cmd17 0x00 (confirm Smart Report after reading Sector 1 at Address 0)
          cmd26 0x00 0xFE [16bytes NEW CID] (WRITE_CID+single block write start TOKEN+16byte NEW CID)
          cmd62 0x00DECCEE (exit vendor mode)

          Despite Richard surely knows the code he wrote it’s weird that he has failed using the Arduino.
          The only reason I can think of is that the operation should be carried out in SD mode, don’t in normal 2-wires/4-wires SPI protocol.
          For what I know the SD protocol is not released to the public, you have to pay royalties to use it legally, so even if you could get some working code for Arduino you may not publish or share it easily.
          In my opinion a simple way to settle the issue it could be to analyze the data bus with a logic analyzer.
          Simply you need the right Samsung card and a computer where evoplus_cid works properly, clip the logic analyzer and acquire the data bus meanwhile it is running.
          May be that you need a pretty fast logic analyzer and anyway it’s not said that you can easily replicate the acquired sequence using the Arduino.
          Good luck!

  18. I m trying to change the CID on my evo + 64gb version. It says that it is changed but when I checked it after unmount im getting my old CID back. Is there someting that I did wrong?

  19. Hi!
    I am trying yo change cid in a Samsung Evo + 64gb, I am a neubi in Linux and Android, could anyone describe the process in Android?, how to run evoplus_cid in a rooted phone. If I use a terminal emulator over miui or the terminal of cyanogen the SD is showed as /dev/sdd1 if I use TWRPs terminal the SD is correct /dev/block/mmcblk1 but evoplus_cid does not run, always the same error evoplus_cid:not found.
    Which app do I need?

    Thanks.

  20. Just because I found the tie to android interesting I thought I would try this on a 64G EVO+ card i got for xmas for a gopro. Anyway, it comes up as a 59b4 and you can not change the CID. Its manufacture date is Nov 2016 and for what its worth its a model MB-MC64D Model Code: MB-MC64DA/APC.

    Some one above said 64GB cards always work. Guess this is not the case. Cheers.

  21. Compiling evoplus_cid.c under Ubuntu 16.0.4 gives me this messages:
    evoplus_cid.c: In function ‘parse_serial’:
    evoplus_cid.c:107:7: warning: implicit declaration of function ‘strlen’ [-Wimplicit-function-declaration]
    if ((strlen(str) > 2) && (str[0] == ‘0’) &&
    ^
    evoplus_cid.c:107:7: warning: incompatible implicit declaration of built-in function ‘strlen’
    evoplus_cid.c:107:7: note: include ‘’ or provide a declaration of ‘strlen’
    evoplus_cid.c:109:9: warning: implicit declaration of function ‘strtol’ [-Wimplicit-function-declaration]
    val = strtol(str, NULL, 16);
    ^
    evoplus_cid.c: In function ‘main’:
    evoplus_cid.c:135:8: warning: incompatible implicit declaration of built-in function ‘strlen’
    len = strlen(argv[2]);
    ^
    evoplus_cid.c:135:8: note: include ‘’ or provide a declaration of ‘strlen’
    evoplus_cid.c:179:2: warning: implicit declaration of function ‘close’ [-Wimplicit-function-declaration]
    close(fd);
    ^
    when I run the script on a Samsung Evoplus 32 GB the last two digits are always “01”, no matter what CID I want to write

  22. I’m quite sure I have the right SD card, cid starts with 1b 534d 3030303030 10
    After running the program I get a Segmentation fault, and tablet hangs. After reboot, cid is not changed. How can I fix this problem?

  23. Hi Guys…

    I’m having trouble with the CID Change…

    When I compile evoplus_cid in Ubuntu, I get the following errors:

    root@ubuntu:/usr/local/src/evoplus_cid/jni# gcc evoplus_cid.c -o evoplus_cid
    evoplus_cid.c: In function ‘program_cid’:
    evoplus_cid.c:58:19: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
    idata.data_ptr = (__u64)cid;
    ^
    evoplus_cid.c: In function ‘parse_serial’:
    evoplus_cid.c:107:7: warning: implicit declaration of function ‘strlen’ [-Wimplicit-function-declaration]
    if ((strlen(str) > 2) && (str[0] == ‘0’) &&
    ^
    evoplus_cid.c:107:7: warning: incompatible implicit declaration of built-in function ‘strlen’
    evoplus_cid.c:107:7: note: include ‘’ or provide a declaration of ‘strlen’
    evoplus_cid.c:109:9: warning: implicit declaration of function ‘strtol’ [-Wimplicit-function-declaration]
    val = strtol(str, NULL, 16);
    ^
    evoplus_cid.c: In function ‘main’:
    evoplus_cid.c:135:8: warning: incompatible implicit declaration of built-in function ‘strlen’
    len = strlen(argv[2]);
    ^
    evoplus_cid.c:135:8: note: include ‘’ or provide a declaration of ‘strlen’
    evoplus_cid.c:179:2: warning: implicit declaration of function ‘close’ [-Wimplicit-function-declaration]
    close(fd);
    ^

    This does not prevent the utility from working… But maybe this causes the problem??

    I’m trying to write the following CID: 5d53424c32424d31013917ca53010459

    But it does not want to write the last 2 bits correctly…

    root@ubuntu:/usr/local/src/evoplus_cid/jni# ./evoplus_cid /dev/mmcblk0 5d53424c32424d31013917ca53010459
    Writing new CID: 5d53424c32424d31013917ca53010459
    Success! Remove and reinsert SD card to check new CID.

    And then when I check the CID, the last two bits are “00”

    root@ubuntu:/usr/local/src/evoplus_cid/jni# more /sys/devices/pci0000:00/0000:00:1c.7/0000:0e:00.0/mmc_host/mmc0/mmc0:0001/cid
    5d53424c32424d31013917ca53010400

    In this demo video, the guy used the CID: 5d53424c32424d31013917ca53010459… And it worked correctly, even the last 2 bits…

    https://www.youtube.com/watch?v=tbWXsSaAb2M

    Any advice ??

    Thank you
    Regardt

    1. It’s probably writing it fine. Some kernel version never display the correct checksum, they just display 00. Try the card in something else and see what it shows, like an android phone (they almost always do display the checksum correctly).

        1. Hi SinWolf,
          in my opinion what Richard wrote it’s correct.
          I have some Android devices as well some Linux computers which fail to read CRC even considernig that it’s composed by 8bit of which the last one have to be always 1.
          As already stated the last bit in CRC byte wrote MSB first is always “1”, “00” is due some misreading of the real one.
          In fact at least one bit, the LSB, is always “1” so the CRC can’t be “00”!
          As Richard said by changing the card’s cid using evoplus_cid what will be written is exactly what you input regardless, so doesn’t matter if then the device read it wrong.
          In order to be sure of the true cid it’s better to directly access the card via SPI rather than use Android or Linux, unless the device you are using for sure can retrieve the cid of the card in the right way.
          The cid you wrote like input for evoplus_cid is exactly the same you have in the card, unless there has been some mistake, but in that case the program itself would have warned the user.
          For the 15 bytes 5d53424c32424d31013917ca530104h cid you wrote the correct CRC is 59h, it can’t be 00h!
          I’ve verified by re-calculating and ultimately it is 59h undoubtedly, in no way it can be wrong!
          So totally it can’t be “00”, it’s 59h for sure!

  24. Hi Richard,

    I’m always getting readed checksum minus 1 compared to recalculated checksum. Lets say I’m entering cid without checksum, evoplus_cid says it’s writing new cid and I can see that program recalculated checksum is right (same as I can see in SD card duplicator, lets say it is “A1”), but after reading back new cid I’m getting “A0” … Where is the problem ?

    Thanks,
    R.

    1. Hi rolf2,
      the CRC calculated by evoplus_cid is definitely right, no way.
      In my opinion the problem you have is only due the way hardware retrieve the CRC.
      In order to be sure to get the right one it’s better acces the card directly via SPI, not via computer’s hardware, not even if PCI bus based.
      Richard’s software surely does the job in the correct way, doesn’t matter the CRC you can read via PC’s hardware.
      If you send only 30 caracters (15bytes) evoplus_cid will calculate the correct CRC by itself.
      Please, though, explains better what you mean by “SD card duplicator” and exactly how you retrieve the CRC.
      If you want write here the new cid you intend to use and I will calculate for you its correct CRC, just to ensure that there are no other problems.

  25. So, Hi everybody,

    I take back my guenuine Samsung Evo+ 32 Go to the shop and i take a Samsung Evo+ 64 Go…..and now, the writing process was sucessful. I will try on the RNS315 soon.

    I think that effectively the backdoor on some Samsung Evo+ 32 Go is closed by the manufacturer.

    Another thing, yous must format the Samsung Evo+ 64 Go in FAT32 and i do that with a MacBook Air because you cannot do that with Windows. Windows have just two possibilities, NTFS or ExtFat wich is not recognised by UBUNTu.

    Thanks for all and i hope that my feedback will help others

    1. I know that the 64GB version is stated as always work, the 128GB one isn’t listed so.
      My two EVO+32GB are made in Philippines.
      Instead my Samsung 16GB is made in Korea.
      All three the cards work like a charm.

    1. Best guess – the error is in parsing the parameter. Have you copied and issued the cid and picked up a bad character which you are then passing as a parameter to the tool? If that’s not it try stepping through the source code and see where the error is occurring.

      1. Thanks for your time so far Richard, I am getting somewhere, last hurdle now I guess… ->

        sudo ./mmc prog_cid /dev/mmcblk0 this_is_all_good_a00
        Writing new CID.
        Success! Remove and reinsert SD card to check new CID.

        sudo cat /sys/block/mmcblk0/device/cid
        this_is_all_good_a01

        Instead of writing the last two digits as 00 it writes them as 01, this is the CRC right? How can I make this work?

          1. Hi menn0,
            surely you can try so, I guess it will work fine.
            In my opinion that is only due the way hardware retrieve the CRC.
            In order to be sure to get the right one it’s better acces the card directly via SPI, not via computer’s hardware, not even if PCI bus based.
            Richard’s software surely does the job in the correct way, doesn’t matter the CRC you can read via PC’s hardware.
            If you send only 30 caracters (15bytes) evoplus_cid will calculate the correct CRC by itself.
            Since you wrote /mmc prog_cid /dev/mmcblk0 I wonder what tool it is and where take it.

  26. I have a micro sd evo plus 16gb (man fac date 02-2015)
    with CID, I try to write a new CID and get the following error;
    sudo ./evoplus_cid /dev/mmcblk0 0XXXXXXXXXXX85e500fa00
    Failed to enter vendor mode. Genuine Samsung Evo Plus?

    what could this be?

  27. Hello everybody…
    I have exactly the same SD Card (as in image) it s work all fine in Ubuntu- said write CID succes… but I have the same CID …nothing change… what can be ? TNX in advance

    1. Hi dinelo,
      your uSD answer “Success! remove and re-insert card to check CID” but the CID has not changed because it allows for cmd62 but doesn’t for the specific backdoor.

    1. Hi szafarz,
      actually the two cards you are cloning are pretty different.
      Maybe you need to change also some parameters on the csd side.
      Even something in some other register can be different.
      Try to use an hex-editor in order to verify if blank sectors are 00h or FFh because some cards wipe to 00h and others to FFh.
      It’s vendor dependent.

  28. Maybe we could start a little db of cards that do and dont work. I got a feb 2015 16gb plus with 1:59b4 . I havent tested it yet because I dont have the card yet I want to clone.
    Should I remove all data before I try this? I did note the original CID but I dont know if there is a risk for dataloss.

  29. Hi Richard
    Thanks for the update.
    my evo plus 32Gb purchased from ebay is a mmc1:59b4 version not the mmc1:0001 and i couldn’t change the CID.

    I got the message “Success! remove and re-insert card to check CID” but the CID has not changed.

    Do all your working cards show as mmc1:0001 ?

    I guess im just going to have to keep buying cards until i get a 0001 type 🙁

    Thank you.

    1. Hi simon666,
      Also mine are 0001 but this time I don’t agree with Richard because some cards recognized as 59b4 are working the same like 0001’s and their cid can be changed in the same way.
      In most cases the 0001 always work (not only “evo+” type), but also among 59b4 (not only “evo+” type) there are some that work the same way.
      It doesn’t matter really, though the cards that are working not only allow for cmd62 but also for the specific backdoor.
      Your card answer “Success! remove and re-insert card to check CID” but the CID has not changed because it allows for cmd62 but doesn’t for the specific backdoor.

          1. Hi simon666,
            the crc in the cid you’ve got is indeed wrong, it can’t be “00”.
            The real one is b5h, so the whole real cid is 1b534d3030303030100a8d55cc0107b5, don’t 1b534d3030303030100a8d55cc010700.
            Ok for manufacture date as July 2016.
            My two cards are of April 2016 and April 2013.
            May be your isn’t the good one, may be they have fixed the issue even if I don’t think so.
            More simply that’s not the lucky card, you need a substitute for.
            I know 64evo+ always work, you could try one of them.
            Also some Verbatim SD.
            Would be great to find a standard card (not HC) that works.

          2. Or5/Richard
            My Galaxy S5 running cyanagen seems to always display the last 2 digits as 00 and not the true CRC.
            How do i calculate my true CRC?
            The CID i need to calculate the CRC for is:
            0353445355303247801d7db62900cc00

            If i use evoplus_cid to write the CID with the correct CRC digits. Will it actually write it to the new card even though it will still probably show at 00 when i read it?

          3. simon666 – leave off the checksum (last 2 digits) when using evoplus_cid and it will calculate the correct checksum for you. It will set it fine (as long as you have one of the cards that works at all!) but it will still read back as 00 on that device.

          4. Thanks for the tip Richard.
            In the end i realised i had an old Lenovo tablet. So i installed SD tools and this managed to read the last two digits of my cards.
            I executed evoplus_cid and successfully changed the CID of my 64gb card to match.
            I then used HDD Raw Copy by HDDguru to make an exact copy of my original card. Hopefully get to test it in my boat this weekend. 🙂

          5. Hi simon666,
            Richard has already answered you, it’s be possible by using his evoplus_cid.
            As already said the crc for the cid you wrote is wrong, it can’t be “00”.
            The real one is b5h, so the whole real cid is 0353445355303247801d7db62900ccB5, don’t 0353445355303247801d7db62900cc00.
            You need to solve the CRC7 polynomial of the 15 bytes of the cid for getting it.

  30. Hi Richard,
    I tried to to change the CID and it worked for changing the first 30 numbers, but for the last ones I wanted them to be 00, and the code printed that they were going to be changed to 00 but when I read the CID they were changed to e9. I used the Samsung Evo Plus 32 GB, it seems to be the same model as yours. I compiled your code and ran it in a raspberry pi running the latest raspbian.
    Do you know what could it be?

    Thanks for everything.

    1. What command did you run? And are you sure you need the last 2 digits as 00? This is technically invalid. Although a user requested this before I later came to suspect that his original card probably did have the right checksum – some versions of Linux seems to always show the checksum as 00 when displaying it.

      1. Hi Richard,
        sorry to bother you.
        Can I ask you a question?
        From what I can understand by reading the code evoplus_cid works by issuing the follow commands:

        cmd62 0xEFAC62EC
        cmd62 0xEF50
        cmd17 0x0
        cmd26 0x0 0xfe [16bytes cid]

        If you can, is it correct?
        Thanks.

      2. I compiled the code with the raspberry using: gcc -o evoplus_cid evoplus_cid.c It gave me some warnings, and then ran the program with: sudo ./evoplus_cid /dev/mmcblk0 then the 32 digits of the new CID. The program then printed the CID as I entered it and said successful write. Can you confirm you can change the checksum of your card to 00?

        1. Hi laerseon,
          as already stated the last bit in CRC byte wrote MSB first is always “1”, “00” is due some misreading of the real one: due the fact that at least one bit, the LSB, is always “1” the CRC can’t be “00”.
          Anyway I can confirm that despite what could show the device you are using for, the cid you wrote like input for evoplus_cid is exactly the same you have in the card, unless there has been some mistake, but in that case the program itself would have warned the user.
          By default CRC isn’t active in SPI mode unless it’s forced on by CMD59.
          In order to be sure of the real content of the cid the better way is to acces the card via SPI.

    2. Hi laerseon,
      in my opinion what Richard wrote it’s correct.
      I can confirm his statements.
      I have some Android devices as well some Linux computers which fail to read CRC even considernig that it’s composed by 8bit of which the last one have to be always 1.
      Anyway by changing the card’s cid using evoplus_cid what will be wrote is exactly what you input regardless, so doesn’t matter if then the device read it wrong.
      In order to be sure of the true cid it’s better to directly access the card via SPI rather than use Android or Linux, unless the device you are using for surely can retrieve the cid of the card in the right way.
      Could be that raspberry can’t read the true cid of the card.
      One last thing.
      Which raspberry model are you using?
      Due raspberry has a single microsd card slot, are you sure it’s safe change the cid directly on the OS mass memory storage?

      1. Im not sure it is safe to change the CID in the OS storage, but currently I don’t have anything else to try, maybe I’ll try with another device when I can get one. I used the first Raspberry B model. Can you confirm you can change the checksum of your card to 00?

        Thank you both for the support.

        1. Hi laerseon,
          ok, I undertand.
          In my opinion thats could not be so safe, though.
          For me isn’t somebody can change the CRC from “00” to another value, it’s that the real one can’t be “00”.
          Anyway I confirm that despite what you can then read from the device you are using for, the cid that you input in evoplus_cid is exactly the same that you have inserted, doesn’t matter what you are seeing which it’s depending from the hardware you are using.
          In order to be sure of the true value of the cid the better way is to access the card via SPI.

    3. Hi laerseon,
      due the fact with ecoplus cid you are changing a cid that isn’t otp hard coded but that is located in memory, there is some possibility that is even possible write its CRC as “00” even if that is a nonsense.
      If you want write here the 15 bytes of the cid you are talking about and I will calculate its true CRC as 16th byte in order to compare it with that you have got.

  31. Hi Richard,
    great job!, well done!
    For me it works on 32GB Samsung EVO+ 04/2016 and 16GB Samsung uSDHC 04/2013.
    I’ve used Linux Fedora.
    I wonder if it can be successfully used on not HC cards (size below 4GB).
    I believe with Samsung’s 2GB cards marked using blu screenprinted capacity it could work, though I have to find that kind of card.
    Thank you for the sharing!

    @Sanchez
    “When I try change CID of these 16 and 32 GB cards, evoplus_cid return success, but CID is not changed.”

    Hi,
    in my opinion that cards allow for CMD62 but manufacturer porpouse for them is different or their cid backdoor set is so.

  32. Hi Richard,

    Source code from GitHub compiled on fedora 24 x64. Here is result:
    – 3x 64GB SD card manufactured 05/2016 and 08/2016 successfuly changed CID
    – 1x 32GB SD card manufactured 05/2016 not work
    – 4x 16GB SD card manufactured 05/2016 also not work

    When I try change CID of these 16 and 32 GB cards, evoplus_cid return success, but CID is not changed.

    In /var/log/messages is recorded this error:
    kernel: rtsx_pci_sdmmc rtsx_pci_sdmmc.0: __mmc_blk_ioctl_cmd: cmd error -22

Leave a Reply