Help with theory regarding latest 'nsa hard drive firmware'

[Mynight]

It's been reported recently that the NSA has the ability to rewrite hard drive firmware and keep persistent back door tools within it.

Now my theory is could we create a hash of the standard(clean) firmware and use it as a checksum on future hard drives?

I'm capable of creating a basic GUI to pull serials/manufacturer/model/firmware version and sending it to a database for future reference but I'm at a complete loss on the above suggestion.

Now obviously I don't hope to defeat the NSA it's more of a learning exercise/ fact finding for me .

So my queries to you are;

1) is it possible to create a hash of the firmware on a hard drive/SSD?

2) if so could you point me in the direction of how to do this? I don't expect the actual code just a hint .

 

[Mynight]

Thats a good point.

I would assume a hard drive straight from the manufacturer would be clean, however knowing assumptions the database could easily poll numerous hashes of a specific hard drive, working on the basis of 4 hashes, 3 are the same and 1 is different it would be reasonable to assume the errant hash is infected.

However this would still be under the assumption that all drives aren't released in a "back doored" state from manufacturer.


Primarily it would function on the basis of querying the database with the data collected from your hard drive if no previous example exists then it would return a "unknown result". Crowd sourcing to an extent.