XOR

[HaQue]

Hi, Can anyone point me to where I can learn about the XOR process of Flash? Maybe even a laymans explanation of some arbitrary fictional chip even. or some psuedocode. I dont care how vague. I know going by recent posts on sharing Im probably really optimistic, but I cant find too much about it.
For example does the controller:

a) Take a Page and XOR it with a some bytes that are a Page in size?
b) Does it XOR a Block of Data against a Block of bytes?
c) Does it have a small, say 32byte or 64byte set of bytes it XORs the data against?
or depending on the controller, any or all of the above, or Im totally thinking about it wrong?

I would welcome anyhing on the subject, PM and I will NDA your secrets, but please how does XORing work?
Cheers
HaQue

[Doomer]

The purpose of XORing is to increase data entropy and thus reduce and even out number of writing cycles of all NAND cells
XORing can also be used as data obfuscation to increase data security
XOR patterns can be large in size (KBs or MBs)

You can't find too much about it because as everything in DR it is a hard to get information on the first place. I didn't hear that flash manufacturers are eager to share their IP with everybody

[bubaleh]

There is nothing complicated.
Controller has a special unit inside itself (XOR pattern generator), which is able to generate pseudo-random sequence of bytes, but this sequence has a period. Before XOR generetor would be able to create some sequense, controller had to initialize it by some sequence of bytes (the size of this sequence is about 16-32 bytes). So, controller take a page with user data and spare area, initialize XOR generator by some values and ask it to generate pseudo-random sequence. After that controller apply xor operation of page and generated sequence. There may be two ways, controller can xor spare area of page, and it can not do it. It depends on every controller. For example some Phison controllers xores only user data area of a page, and doesn't xor spare area.
How could the controller generate random sequence? There are may be many ways.
1. The controller xores every page with the same random sequence. The controller just one time initialized XOR generator by some default sequence of bytes.
2. XOR generator can create a long sequence of bytes (it would be about a few Mb). The controller one time initialized XOR generator. Every time it save page to nand it calculate the page offset in block (where this page will be saved) and ask XOR generator to create sequence from the position <page offset in block>*<page size>. So it looks like every block xored with the same random sequence.
3. Controller can every time initilize xor generator using values from spare area of a page. It is the most difficult case. Because you must know what are this values.

PC3000 flash has a xor determination method, which generates a file with info about your case. This file must be sent to tech support and they will generate the xor pattern and add it to support. It usually takes a few days.

[labtech]

These explanations definitely help me understand the concept a little better.

Thanks

[HaQue]

Thank you, this is very good information, helps me find what to research next. I cant seem to find anything in a flash datasheet or a controller datasheet that says anything about this. Is this the kind of thing a controller firmware writer would develop using a proprietry DevKit or something?

I am trying to reverse engineer the firmware of some controllers, and starting with looking for any opcodes of the 80C51 processor in any of the firmware. So far it doesn't look like any firmware for embedded systems I have seen, but the controller seems to have a semi-standard MCU architecture.

Thank you again.