Hello,
For the first time of my life, I need to recover a memory chip, an eMMC from Hynix
The internal controller is died. I unsoldered the chip from the board, buy a BGA153 adapter and was able to recover 100% of data from 2 partitions.
But on 2 other partitions (128MB and 5.2GB), the eMMC answers 128MB of zeroes and 5.2GB of zeroes.....
After the read of a lot of documentation to understand how eMMC work, I discovered it's possible to directly access the low level Flash Nand memory of the eMMC, because all manufacturer install non documented pad under the BGA chip, probably for test or initial programming purpose ?
Thus I ordered the right BGA adapter to be able to access these specific Nand signal without soldering. I hope it will arrive quickly
The first step was to access this nand signal, when I will receive the adapter, it will be okay.
The second step will be to dump the Nand content, and thus to have a Nand flash programmer. I just have one chip to read, I don't want to put a lot of money.
And I love the diy concept
)
I know it's not very difficult to read Nand, because I am an hardware/embedded software developer and already designed board with processor + nand flash.
So I think the best 2 options for low cost Nand reader are :
- FT2232 chip + Linux software (I only work with Linux) :
https://spritesmods.com/?art=ftdinand&page=2- STM32 development board, with custom software.
I bought the 2 boards (should arrive tomorrow), but my preferred solution is the STM32 development board with custom embedded software. I choose the NUCLEO-F446ZE board.
With a 180Mhz and hardware bus natively compatible with Nand signal, the dump will be quicker than the F232 chip + linux software solution.
I am absolutely not worried about this second step
The third step will be to understand the dump. For now I am not worried because I also read a lot of documentation, and I absolutely understood every concept we need to understand.
Of course there are high level software to do that, like Visual Nand Recovery, but for a single flash to recover, it's not possible to buy a licence, that's too expensive :/
So I played with some raw Nand dump available on internet, and begun to play with them. In all case, was able to understand the nand page formatting, where and how to find bad columns, data zone, spare area zone, etc...
It's very easy to detect this parameters with a Visual view of the dump. No need too have complex software, it's easy to open the raw data as raw image, I use Gimp for example :
Attachment:
1.png [ 662.22 KiB | Viewed 28395 times ]
Attachment:
2.png [ 67.84 KiB | Viewed 28395 times ]
On the first one, the repetitive pattern we can see is the XOR key (All the block containing zeroes with XOR key = XOR key), and it's relatively easy to get it graphically and export it to file.
When the internal architecture is understood, I think I will be able to extract and build the logical data with some hours of coding in C or Python