[HN Gopher] NANDcromancy: Live Swapping NAND Flash
___________________________________________________________________
NANDcromancy: Live Swapping NAND Flash
Author : tptacek
Score : 56 points
Date : 2021-04-27 00:17 UTC (22 hours ago)
(HTM) web link (www.atredis.com)
(TXT) w3m dump (www.atredis.com)
| nousermane wrote:
| On the third photo in the article, there is NAND chip pinout. And
| it is striking how tightly pins are packed, despite so many being
| "no connect". In fact, out of 48 pins on the package, only 18 are
| actually in use (24 if we count duplicate Vcc/Vss).
|
| And that's not an outlier. As far as I can tell, this is a very
| common NAND chip pinout. I wonder - why was it done that way?
| Physical security feature? To make data recovery more difficult?
| photoGrant wrote:
| Many reasons amongst which is that it's a standard pin out of
| which other chips may utilise all pins. If they don't the added
| bonus is the additional pins help physically secure to the
| board itself, as well as extra heat dissipation, etc.
| pkaye wrote:
| Its a standard pinout. There are other NAND configurations like
| 16-bit data bus, multiple bus, multiple die that requires more
| pins. 16-bit data bus is pretty rare these day. Other possible
| reasons can be for test modes, thermal.
| bri3d wrote:
| This is a blog that is definitely worth clicking back into to
| read past entries. There's some really esoteric/fun stuff there
| like a deep dive into the Garmin smartwatch virtual machine.
| dvdkon wrote:
| I've got a device which I've bricked through CFE in a similar
| manner, I'm probably not going to unbrick it like this though :)
| Any tips on a cheap way to flash parallel NAND?
| merbanan wrote:
| Arm based devices have an early boot menu accessible by holding
| the "a" button. From here boot with fail-safe defaults.
| monocasa wrote:
| Arm based devices are not consistent enough with their
| bootloader to allow such a thing.
| monocasa wrote:
| There's a lot of solutions for clipping a programmer on to an
| in circuit parallel Flash chip in the dozens of dollars range.
| merbanan wrote:
| I never got a clip-on adapter working on later generation
| Broadcom devices. On previous ones I shorted the cs-pin to
| make the nand chip disappear from the SoC. Then you could
| flash the chip.
| monocasa wrote:
| Were you trying to flash while the device was on?
| justdionysus wrote:
| I've used a clip similar to the "360-clip" to reflash TSOP-48
| NAND flash without desoldering. Honestly, I found it easier to
| desolder with chipquik than try to get a clip like the above to
| work though. Chipquik and a breakout board and then a SD/MMC
| controller (see: http://www.trapbit.com/reports/blueray-
| blues-1.pdf)
|
| Edit: but, also, I'm pretty bad at this stuff and hope someone
| jumps in with some more experience / saner advice
| bri3d wrote:
| This is totally reasonable advice IMO. TSOP clips are an
| option and work OK, but are expensive and fiddly. Rework onto
| a breakout board is usually the cheapest and easiest option,
| whether hot air or chipquik.
|
| Another sketchy option is deadbug to the chip in situ (using
| solder or microclips), or test points if you're lucky and
| they are provided. This can be quite questionable depending
| on how backfeeding power into the board via the chip's Vcc
| works out, but is sometimes possible.
___________________________________________________________________
(page generated 2021-04-27 23:01 UTC)