DIY编程器网

 找回密码
 注册

QQ登录

只需一步,快速开始

扫一扫,访问微社区

查看: 14075|回复: 16
打印 上一主题 下一主题

FT2232H NAND芯片读写器

[复制链接]
跳转到指定楼层
楼主
发表于 2015-4-11 11:53:21 | 只看该作者 |只看大图 回帖奖励 |倒序浏览 |阅读模式
这个是英文资料,需要自己理解了,俺不会翻译,软件是linux下运行的
ftdinandreader.tgz (8.02 KB, 下载次数: 4)
原文:
Intro
As a hacker, just like most other occupations that require physical work, your toolsetcan make or break you. If you can't solder SMD components because your solderingiron is uncontrolled or has a point that's too big, forget about hacking on SMD pcbswith tiny 0402 components. The same goes for e.g. programmers: if you don't have anAVR programmer, programming AVRs is going to be impossible. The advantage, however,is that we can hack together our own tools: you can still program an AVR if you, forexample, have an Arduino board you can persuade to act as a programmer.
I have run into a similar problem in the past. When security-testing the 'secure' USB-sticks I got my hands on in the past, I needed a way to directly read theNAND-flash these sticks use to store the data on. For that, I created a quick hack: aNAND-reader consisting of a small PCBthe flash had to be soldered on and a parallelport interface. There was no voltage conversion apart from some resistors to limit thecurrent from the 5V parallel port to the 3.3V flash chip and the software was ahorrific hack, but the contraption worked: I now had a tool to read out NAND flash,even if it was tied together with the solder and the software equivalent of lots of duckttape.
Since then, I've been getting a slow but steady trickle of requests for the code andschematics for the nand reader. I've never been willing to release those because it'ssuch a hack. It also uses the parallel port, something that is unavailable in moreand more PCs nowadays.
Recently, I had the need to read out a NAND-flashchip again. Ofcourse, I could get out the old device, try to find a parallel port somewhere and hope the software stillworked. I could also build a new one and improve both the software and hardware tosomething a bit less hack-ish.
HardwareAs you may have guessed, I opted for building a NAND-flash reader from scratch. I wanted a few things that weren't an option on the old parallel port basedone:
  • USB connectivity. Parallel ports are almost extinct, USB ones probably will stay with us for the forseeable future.
  • Speedy. The original unit took a day to read out the 1Gbyte nand chip I connectedto it. I really wouldn't mind my new one to be a bit quicker
  • Easy connectivity. Needing to solder a NAND to a board in order to read it out means a chance to mess up the chip, and without a backup that can be quite painful.
  • Cheap. I wasn't planning on spending hundreds of Euros for this.
The easy-connectivity-requirement was the easiest to fill: a while ago, I managed to pick up a TSOP56ZIF-socket for about ten Euros. The socket has a few more pins than the NAND chipsusually have (56 vs 48) but the chip fits perfectly and makes good contact. If you'relooking for cheap TSOP48 ZIF-sockets yourself, take a look at e.g. Ebay: there are multiple sellers offering them for EUR10-EUR15.
USB was a bit harder. For the device to be speedy, I'd need at least USB2.0. Nota lot of cheap and easy microcontrollers have that, so one of those would be out ofthe question. Luckily, I knew about a chip called the FT2232H. This chipis marketed as a dual-port USB2-to-serial converter, but it actually can do a lotmore than that: you can do FIFO, JTAG, I2C with it natively, and it also has a so-called'host emulation mode'. That last mode was of particular interest: it gives you a multiplexed data and address bus with read and write strobes, just like a microcontrollerlike the 8051 has. The flash chip should be interfacable easily with this, and the480MBit/s the USB2 chip offered should be enough to be a lot quicker than the parallel port reader.
The FT2232H needs a few parts around it to work, and it's a TQFP chip, so I couldn'tjust plug it into a breadboard or prototyping PCB. FTDI does make a module with theFT2232H on it and all relevant pins connected to headers; modules like this canbe found on eBay too. While the EUR30 this would cost didn't worry me too much, Iknew I could get a quicker result from the loose FT2232H I had stashed away somewhere,plus one of the TQFP adapter PCBs I had in a box somewhere. All in all, aftera bit of soldering I ended up at this contraption:

On the adapter pcb, I soldered all the components needed for the FTDI-chip to work in bus-powered mode, like page 53 of the datasheetindicates. I then connected the bus pins of the FTDI-chip to the NAND ZIF-socketlike this:

The connections are fairly simple. The data-lines of the FTDI-chip are connected directly to the databus of the NAND-flashchip. The FTDI multiplexes the low address bits on these lines too, but because we don't need them we can ignore that. The readand write strobe run directly to their counterparts on the flash chip too. TheALE and CLE-lines, as well as the write-protect line, connect to the highaddress lines. This way, by reading from or writing to a particular address, we canset the values of these lines. The R/B-line, a line the flashchip uses to indicateif it's busy with something, is connected to a spare I/O-line.
SoftwareTo read the NAND, I also needed some PC software to control the FTDI lines. Luckily,there already is a librarywhich supports all the nifty bitbang modes of the chip, including the host-bus-emulationmode needed here. I whipped up a small bit of software that'll try to autodetect thespecific NAND installed and uses that info to set the parameters and algorithm to readout the chip. It does that by reading out the NAND page by page.
The software can read out a NAND quicker than my parallel port solution can, it'llget about 250KByte a second. That still is orders of magnitude below the maximumattainable speed of the FT2232H. The reason probably is because of latency: every time you switch from writing data to reading data, the chip will introduce a bit of latency because of how the USB bus works. Reading just one page at a time means thelatency gets introduced fairly often, degrading performance. The software could bespeeded up a lot by sending the read commands for multiple pages, then requesting thedata read. For me, this was enough: the current software can read an 1GByte chip in about half an hour and that was the biggest chip I tested
I also wanted to build the ability to write a NAND chip in the software, but after some thought I decided to abandon it: I didn't need that feature myself, and writinga page to the NAND also means the OOB data for the page, containing e.g. the ECC-data,would have to be written. The ways to do ECC and the location to store that vary fromdevice to device, and I wasn't willing to dive into that.
Conclusion
So, there you have it: a NAND-reader for 3.3V 8bit NAND flash chips for about EUR30worth of components. It's not lightning fast or feature-rich yet, but it canbe expanded to be. It was useful for me: I managed to read out the NAND chip I builtit for.
The software (for Linux) is available, as usual, under the GPLv3.If you manage to upgrade it or make it faster, I'd appreciate a note. Update: some people already havebeen working on improvements, an example is Bjoern Kerlers work.
One last note: If you have a broken SD-card or USB-stick and think you can recoverit using this, be warned: reading out the flash (with a tool like this) only is half the work. As soon as you have an image, you'll still need to know how to interpretit: most flash chips do bad block management and/or will swap sectors around for wearleveling. Unfortunately, I know of no free or cheap tool to undo that yet.



分享到:  QQ好友和群QQ好友和群 QQ空间QQ空间 腾讯微博腾讯微博 腾讯朋友腾讯朋友 微信微信
收藏收藏3 分享分享 支持支持 反对反对
沙发
发表于 2015-4-11 13:15:13 | 只看该作者
谢谢版主共享的资料,辛苦!
板凳
发表于 2015-4-13 21:42:52 | 只看该作者
楼主打个板,这个很需要。

要有SD卡接口的EMMC读写器更好
地板
 楼主| 发表于 2015-4-13 22:37:13 | 只看该作者
zjs423315 发表于 2015-4-13 21:42
楼主打个板,这个很需要。

要有SD卡接口的EMMC读写器更好

加块扩展板的事,ft2232hl的核心板做好了
5#
发表于 2015-5-30 21:50:37 | 只看该作者
核心板好了。还得有NAND读写座子--DIP48转TSOP的转接板,直插的那种,有空打个样。便宜,呵呵。

6#
发表于 2015-6-6 09:31:45 | 只看该作者
有DIP48转TSOP的转接板了一定入手个
7#
发表于 2016-8-28 15:06:34 | 只看该作者
没银子怎么办
10#
发表于 2016-9-1 20:41:46 | 只看该作者
这个资料不错啊
您需要登录后才可以回帖 登录 | 注册

本版积分规则

小黑屋|文字版|手机版|DIY编程器网 ( 桂ICP备14005565号-1 )

GMT+8, 2024-11-17 08:41 , 耗时 0.104339 秒, 24 个查询请求 , Gzip 开启.

各位嘉宾言论仅代表个人观点,非属DIY编程器网立场。

桂公网安备 45031202000115号

DIY编程器群(超员):41210778 DIY编程器

DIY编程器群1(满员):3044634 DIY编程器1

diy编程器群2:551025008 diy编程器群2

QQ:28000622;Email:libyoufer@sina.com

本站由桂林市临桂区技兴电子商务经营部独家赞助。旨在技术交流,请自觉遵守国家法律法规,一旦发现将做封号删号处理。

快速回复 返回顶部 返回列表