Forum Rule: Always post complete source code & details to reproduce any issue!
Results 1 to 14 of 14

Thread: Monitoring tsop 48 nand data irt or in log can this be done?

  1. #1
    Junior Member psxpetey's Avatar
    Join Date
    Feb 2013
    Location
    Canada
    Posts
    18

    Monitoring tsop 48 nand data irt or in log can this be done?

    What am I trying to do: I am trying to swap a 48pin tsop nand but it appears to be married to the board somehow, it has no unique id, When I install the exact same chip exact same type: K9HAG08U1M, datasheet: https://datasheetspdf.com/pdf-file/6...g/K9HAG08U1M/1 It doesn't function doesn't show up and wont initialize even when programmed with a t56gecu programmer(weird it should work when programmed) So I thought what if I could monitor the chip to see what commands are sent to and from the chip from the data controller. I considered a few ideas but I do already have a teensy. The question is can the teensy actually monitor the pins of a tsop. I took a look through the connections etc but I need some guidance. Can a teensy monitor the 7 io pins of the nand if I connect them? what other materials will I need/ has anyone tried something like this?

    I would like to monitor commands, what its reading and writing and to what addresses. This way I can initalize the device/ restore it and see what the device is expecting from the nand.

  2. #2
    Senior Member+ Frank B's Avatar
    Join Date
    Apr 2014
    Location
    Germany
    Posts
    8,007
    Best is to buy a good Logic Analyzer.

  3. #3
    Senior Member PaulStoffregen's Avatar
    Join Date
    Nov 2012
    Posts
    23,802
    According to the data sheet on page 14, this is a 20ns access time part. A slower (presumably cheaper) version exists with 30ns access time, which is probably a sign whatever you're trying to reverse engineer is using this part with very fast timing, otherwise the original designers would have saved some money to choose the slower version.

    Capturing signals on 20ns time scale is much too fast, even for Teensy 4.0 / 4.1. This is so far beyond what any microcontroller could do. Even many FPGAs would be hard-pressed to accomplish this, though faster ones could probably do it with careful design. That sort of design isn't easy. Odds of success as a beginner-level project and without access to high-end test gear would be very low.

    One of the USB3 Saleae logic analyzers is probably the most realistic "budget" approach. But check the fine print carefully. While they advertise 500 MSample/sec capture, that speed is only for capturing a small number of signals. Also not usually mentioned on their website is the need for an extremely high end PC to achieve the fastest capture speeds. Buyer beware.

    I should also mention, on this forum we generally only appreciate reverse engineering which is both legal and ethical.

  4. #4
    Junior Member psxpetey's Avatar
    Join Date
    Feb 2013
    Location
    Canada
    Posts
    18
    do you now of any good ones? Ive read a few papers and found some dinky open source analyzers.

  5. #5
    Senior Member PaulS's Avatar
    Join Date
    Apr 2015
    Location
    Netherlands
    Posts
    506
    This logic analyzer may (just) work for you.
    You need 14 channels for this flash chip: IO0-IO7, CLE, ALE, CE, WE, RE, WP.
    The U3Pro16 can sample 16 channels @ 500 MHz in Buffer mode or @ 125 MHz in Stream mode. Buffer mode means you can only store a finite number of samples before transferring the sampled data to your PC for analysis in the DSView application. So you have to set the trigger conditions wisely.

    Paul

  6. #6
    Junior Member psxpetey's Avatar
    Join Date
    Feb 2013
    Location
    Canada
    Posts
    18
    good catch, ya that looks like the best one at the cheapest price that's around I think i might go for that one. I've seen some of the big pc logic analyzers from Agilent on ebay: https://www.ebay.ca/itm/Agilent-1680...AAAOSwLitgCK9I. I feel like there are more pieces you need to make it work than what he is selling pretty cool and beefy tho.

  7. #7
    Senior Member+ Frank B's Avatar
    Join Date
    Apr 2014
    Location
    Germany
    Posts
    8,007
    Quote Originally Posted by psxpetey View Post
    good catch, ya that looks like the best one at the cheapest price that's around I think i might go for that one. I've seen some of the big pc logic analyzers from Agilent on ebay: https://www.ebay.ca/itm/Agilent-1680...AAAOSwLitgCK9I. I feel like there are more pieces you need to make it work than what he is selling pretty cool and beefy tho.
    Haha...shipping US $557.11
    Ebay sucks.. they should stop that.

  8. #8
    Junior Member psxpetey's Avatar
    Join Date
    Feb 2013
    Location
    Canada
    Posts
    18
    Quote Originally Posted by Frank B View Post
    Haha...shipping US $557.11
    Ebay sucks.. they should stop that.
    you must be overseas, but ya I too hate ebay's shipping program. Why people use It I have no clue. Pitney Bowes is a joke nd they just add in more shipping
    by sending it to their shipping hub. They then proceed to usually wreck or at least damage the package when opening it to check contents.

  9. #9
    Senior Member PaulS's Avatar
    Join Date
    Apr 2015
    Location
    Netherlands
    Posts
    506
    Quote Originally Posted by psxpetey View Post
    i might go for that one
    For what it's worth: I have been using the little brother DSLogic Plus now for over a year and it served me well. I especially liked the protocol-decoder built into the DSview program. The cables a.k.a. "fly wires" are sturdy and the clips are not the usual cheap stuff.
    You can try the DSview program functionality yourself before purchasing - DSview has a "Demo Device" built in.
    Took about 3 weeks after ordering before it arrived at my place. Not bad from China. And free shipping.

    Paul

  10. #10
    Junior Member psxpetey's Avatar
    Join Date
    Feb 2013
    Location
    Canada
    Posts
    18
    Quote Originally Posted by PaulS View Post
    For what it's worth: I have been using the little brother DSLogic Plus now for over a year and it served me well. I especially liked the protocol-decoder built into the DSview program. The cables a.k.a. "fly wires" are sturdy and the clips are not the usual cheap stuff.
    You can try the DSview program functionality yourself before purchasing - DSview has a "Demo Device" built in.
    Took about 3 weeks after ordering before it arrived at my place. Not bad from China. And free shipping.

    Paul
    I just downloaded it, looks half decent, the demo device doesnít seem to decode so I couldnít really check that out. Does it have the nand protocol for decoding? Is it async serial maybe?

    What do you typically use it for.

  11. #11
    Senior Member PaulS's Avatar
    Join Date
    Apr 2015
    Location
    Netherlands
    Posts
    506
    The demo device does decoding. Here is a screen shot of DSview in action. I set it to decode I2S on the top 3 signals.

    Click image for larger version. 

Name:	DSview.jpg 
Views:	11 
Size:	111.6 KB 
ID:	23438

    The demo data is bogus ofcourse so the I2S decode shows garbage.

    I've been using the analyzer mostly for checking I2S, CAN and I2C signals.

    Paul

  12. #12
    Junior Member psxpetey's Avatar
    Join Date
    Feb 2013
    Location
    Canada
    Posts
    18
    Quote Originally Posted by PaulS View Post
    The demo device does decoding. Here is a screen shot of DSview in action. I set it to decode I2S on the top 3 signals.

    Click image for larger version. 

Name:	DSview.jpg 
Views:	11 
Size:	111.6 KB 
ID:	23438

    The demo data is bogus ofcourse so the I2S decode shows garbage.

    I've been using the analyzer mostly for checking I2S, CAN and I2C signals.

    Paul
    Apparently it doesn't have a nand flash decoder so I dunno how useful it would be to me.

  13. #13
    Senior Member PaulS's Avatar
    Join Date
    Apr 2015
    Location
    Netherlands
    Posts
    506
    You can add custom protocol decoders to DSview. DSview is open-source and can be found here.
    The protocol decoders [written in Python] are here.
    I'm not sure there is such a thing as a "nand flash decoder", so I believe you have to go the tedious way and either write a decoder yourself with the datasheet at hand or sample a lot of waveforms and do the decoding by yourself [again with the datasheet at hand].

    With this Read flow chart and Mode selection table,

    Click image for larger version. 

Name:	ReadFlowChart.PNG 
Views:	4 
Size:	21.2 KB 
ID:	23450 Click image for larger version. 

Name:	ModeSelection.PNG 
Views:	5 
Size:	41.0 KB 
ID:	23451

    and setting the appropriate triggers on the CLE, ALE, CE, WE, RE, WP signals, you should be able to look at data read from the flash.
    But yeah, it's a tedious job...

    BTW, I used this LA a lot at work in the 80's... $10K then, but it got the job done.

    Click image for larger version. 

Name:	HP 1630G.jpeg 
Views:	9 
Size:	187.0 KB 
ID:	23452

    I'm happy that technology progressed over the years and prices dropped.

    Paul

  14. #14
    Junior Member psxpetey's Avatar
    Join Date
    Feb 2013
    Location
    Canada
    Posts
    18
    Quote Originally Posted by PaulS View Post
    You can add custom protocol decoders to DSview. DSview is open-source and can be found here.
    The protocol decoders [written in Python] are here.
    I'm not sure there is such a thing as a "nand flash decoder", so I believe you have to go the tedious way and either write a decoder yourself with the datasheet at hand or sample a lot of waveforms and do the decoding by yourself [again with the datasheet at hand].

    With this Read flow chart and Mode selection table,

    Click image for larger version. 

Name:	ReadFlowChart.PNG 
Views:	4 
Size:	21.2 KB 
ID:	23450 Click image for larger version. 

Name:	ModeSelection.PNG 
Views:	5 
Size:	41.0 KB 
ID:	23451

    and setting the appropriate triggers on the CLE, ALE, CE, WE, RE, WP signals, you should be able to look at data read from the flash.
    But yeah, it's a tedious job...

    BTW, I used this LA a lot at work in the 80's... $10K then, but it got the job done.

    Click image for larger version. 

Name:	HP 1630G.jpeg 
Views:	9 
Size:	187.0 KB 
ID:	23452

    I'm happy that technology progressed over the years and prices dropped.

    Paul
    Ya I messaged the sigrok boys( ds uses sigrok software) and they said about the same. They said it might be called clocked parallel or something.
    What a pain, in the salae software I saw synchronous and asynchronous serial and parallel no idea if those would work but I messaged them.

    Yap tedious is right.

    Anyways that la in the picture looks pretty awesome 10k my Lord! You must have been working on some really cool stuff 😎

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •