Has anyone ever tried to read the NAND memory which works in Source Synchronous mode by default? I have a pendrive that has an additional CLK clock that is used for synchronous communication, but the controller seems to work asynchronously. In the onfi 2.0 specification, page 42, there is a procedure that allows reading synchronous memory using an asynchronous controller. VNR, PC3K do not support this, can it be read with something else?

Hi ,
if controller is not using it why would you need to use it

_________________
Regards
Amarbir S Dhillon , Chandigarh Data Recovery Labs [India]
Logical,Semi Physical And Physical Data Recovery
Website-> http://www.chandigarhdatarecovery.com

To read NAND ofcourse. I assume this is happening because on the logic analyzer I can see that the communication is asynchronous, but VNR, PC3000 and FE cannot even read the ID. Controller is classic PS2251-7-V but with crystal oscillator connected to NAND that generate CLK signal.
There is option to change interface using "Timing Mode" but available NAND readers can't do it.

Need extra CLK and DQS to do this.

Interesting case, what are the markings or IDs for NAND flash?

_________________
Auxiliary Tool Used For MonoLith Data Recovery, featuring the industry's most extensive Monolith pinouts
http://flash-matrix.com/

ID: 983A98A376 from ChipGenius, LGA70 markings are removed.

In many cases, LGA70 = EZ NAND, it seems to me that the Chinese refurbished specialists have found a way to use RAW NAND in such memories by bypassing the built-in ECC or maybe just switch only from sync to async. I also had a similar case with CBM2199E, which also had LGA70 but with eeprom with the I2C protocol where the SCL signal (clock) from this protocol was used, connected to NAND CLK, where in chip genius I had the normal Hynix ID: AD 3A X X and after disconnecting it (SLC-CLK) chip response like EZ-NAND ID: 50 50 X X.

Understanding how to bypass the ECC engine to use RAW NAND may not be important, but exploring it would certainly be interesting. The VNR software version 8.0 has already added the EZ-NAND read protocol, but currently, I don't have any cases to test it.

_________________
Auxiliary Tool Used For MonoLith Data Recovery, featuring the industry's most extensive Monolith pinouts
http://flash-matrix.com/

Yes they added in VNR 8.0 but without documentation were connect DQS or CLK? EZ NAND = ONFI 2.3 = secend-generation ONFI so coluld using sync interface.

From the third-generation of ONFI interface on, the ONFI working group decided to shift back to the asynchronous interface - it makes sense. I have TSOP48 with ONFI 2.0 (DQS, CLK) pinout, maybe they just map the TSOP48 pin map one to one to their ZIF socket and release out CLK and DQS signals - I have to test it - it's a good idea but why doesn't Rusolut inform its clients about this??

If you have the appropriate chip on hand, you can test it, and I will wait for your results. If VNR doesn't support this chip, I want to investigate it; the unknown is always intriguing. I have ordered donors through some channels. It is worth mentioning that EZ-NAND has both regular access mode and bypass access mode. The regular access mode follows the ONFI 2.3 standard, where the ECC engine is enabled, and RB (Read Buffer) time will be longer than conventional flash memory. If the on-chip controller is in ECC correction or read retry state, the RB time length will be unpredictable. According to my investigation, if you find that there is no I2C ROM installed on the PCB, the controller is using regular mode. In this case, sending a read ID command to EZ-NAND will return the identifier 50 50 4E 01. Bypass access mode is interesting; I speculate it is a testing feature retained by the EZ-NAND manufacturer. It bypasses the internal ECC engine through special vendor commands, allowing access to the real raw NAND ID and reading the entire flash memory space.

_________________
Auxiliary Tool Used For MonoLith Data Recovery, featuring the industry's most extensive Monolith pinouts
http://flash-matrix.com/

No wrong answers, throwing sh*t at the wall and seeing what sticks..

What if you drive CLK with RE and WE. It’s very bad electrical design but I've done stupider stuff, and hey, China.. You just need to make sure the controller has protection against bus contention with RE and WE.

2 cents..

_________________
Recover My Flash Drive

Hi ,
Can you post photo of this Device ,I want to see how this OSC is connected to NAND .

_________________
Regards
Amarbir S Dhillon , Chandigarh Data Recovery Labs [India]
Logical,Semi Physical And Physical Data Recovery
Website-> http://www.chandigarhdatarecovery.com

I do not see such a need. CLK signal is generated independently using any square wave source. I have one simple idea: WE/RE = HIGH during command and address latch enable for Set Features Timing mode from sync to async (we no need WE for write all this is drive by CLK) and after that back WE/RE to default states (async interface) - DQS also no needed.

To get square wave form OSC I think some like this:

The latest development is that through studying the programmer used for repairing iPhone smartphones, I have discovered a method to access the bypass mode of the flash memory.
These flash memories contain some unrecorded pins, which, for a short period after power-on, pull up or pull down the voltage and, after sending special VSC code to the flash memory through standard NAND flash pins, can enter bypass mode. Using 90h-00h can obtain the correct flash memory ID. At this point, reading and writing can be done in standard flash memory mode, with the process supporting only asynchronous mode. The VSC code vary depending on the flash memory brand, and I have not yet fully investigated all brands of flash memory. I have designed test fixtures and am waiting for delivery from the factory to proceed with the next stage of research.
It should be noted that unlike Hynix LGA60, Hynix EZ-NAND LGA60 does not require entering bypass mode. It only uses a standard LGA52 adapter, obtaining the identifier 50504E01 for 90h-00h. Then you can access the flash memory through SDR mode. What sets it apart is that the ECC error correction process is completed internally within the flash memory, so the dump does not include the ECC region. Other brands' LGA52/60 EZ-NAND, however, require entering bypass mode through VSC codes.

_________________
Auxiliary Tool Used For MonoLith Data Recovery, featuring the industry's most extensive Monolith pinouts
http://flash-matrix.com/