On Tue, 5 Apr 2011, Andrei Warkentin wrote: > Let me clarify, this is what the MMC spec says: > > > The only effect of the APP_CMD is that if the command index of > the, immediately, following command > has an ACMD overloading, the non standard version will used. If, > as an example, a card has a definition > for ACMD13 but not for ACMD7 then, if received immediately after > APP_CMD command, Command 13 > will be interpreted as the non standard ACMD13 but, command 7 as > the standard CMD7. > In order to use one of the manufacturer specific ACMD’s the host will: > * Send APP_CMD. The response will have the APP_CMD bit (new > status bit) set signaling > ... > ... > ... > If a non valid command is sent (neither ACMD nor CMD) then it > will be handled as a standard > MultiMediaCard illegal command error. > > This means, since an MMC card doesn't support ACMD25 or ACMD38, these > will be executed as CMD25 or CMD38. I.e. - it's an attack vector. > Ah I see. OK, that makes sense. I'll check to make sure to check that the allowed ACMDs are just for SD cards. Thanks for catching that! John
