If we listened to the memory bus, we could see the unencrypted os. So you don't think the 50kb of bootrom would ever leave the cpu?
also, the link I gave you doesn't have the actual die photos, but I know that they did take photos of the die for identifying the chip. maybe we could ask if they still have them. tof wrote: > hello Cory > > > for the memory bus listening, i suppose that the most sensitive > informations will stay in the samsung's internal cache... > > > I cannot find the die photos you'r speaking about on > http://www2.electronicproducts.com... did i miss something ? > > > sto > > > Cory Walker a écrit : >> Well that stinks. While you were gone, we came up with a few methods >> that might help: >> >> 1. Snoop the memory bus - the ipod nano 3g would be a good candidate, >> because it appears to have most of the bus exposed on the top layer. >> (even lined up in a convienient row!) >> http://l4n.clustur.com/index.php/File:3G_frt_annotation.png >> >> 2. Set up a FPGA - I don't exactly remember how this would help, but it >> seems to be a popular idea. (if someone knows, please let me know) >> >> I also thought of some things we could do with the S5L8701 processor >> right now: >> >> 1. Look for unused pins - the JTAG pins are not likely to be connected >> to anything. If we can list out the pins that do not seem to be >> connected to other parts of the circuit, they are possible JTAG pins. >> >> 2 Take high-res pictures of the die - we could look for the JTAG section >> (possibly?) and see what bonding lands connect to it. >> >> very useful if you haven't seen already. they have documented every >> single part of the 1G (and also the 3G) nanos. They have even taken die >> photos to determine the actual chip: >> http://www2.electronicproducts.com/Apple_iPod_nano-whatsinside-2.aspx >> tof wrote: >>> Hello >>> >>> >>> no, unfortunately, the bonding lands are different. >>> >>> About half of the supply pins are at the same location, the others are >>> shifted or mixed .... >>> Concerning the clock, there are 3 clocks instead of 2 in the 8700. Also >>> the pins of the clocks have all moved a lot. >>> >>> 8700 : 32kHz XTAL (system clock after 2 PLLs) + 24 MHz XTAL (USB clock) >>> 8701 : 32kHz input (probably an XTAL connection possibility also) + 24 >>> MHz XTAL + 1.something MHz XTAL >>> >>> my conclusion : the device architecture has been changed. >>> I suppose the wakeup time of the PLL was probaly too low with a 32kHz >>> quartz, or something similar... >>> >>> >>> ++ >>> sto >>> >>> >>> >>> Cory Walker a écrit : >>>> I know the device that uses the exact chip described on the datasheet. >>>> The pinout is correct for the device. Before I go into the idea I just >>>> came up with, would the S5L8701 (iPod's chip) and the S5L8700 (the chip >>>> described in the datasheet) have similar/exact bonding lands? >>>> >>>> tof wrote: >>>>> Hello everybody. >>>>> >>>>> >>>>> I did not have a lot of time in the last months, but now i'm back and >>>>> alive ;) >>>>> >>>>> I made very interesting investigations onthe 8701. >>>>> >>>>> first results : >>>>> >>>>> http://l4n.clustur.com/index.php/Main_Page/S5L8701_analysis >>>>> >>>>> http://f4eru.free.fr/8701%20pinout.ods >>>>> >>>>> >>>>> >>>>> The bad news : the pinout seems to be very different than the 8701, >>>>> there is a different clock system at least in the chip. >>>>> >>>>> Therefore it will be very hard to locate jtag pins, etc... >>>>> >>>>> What could be extrmely helpful would be to have decapsulated chips to >>>>> view under the microscope. >>>>> Does somebody here have an opportunity to acess decap. equipment? or at >>>>> least a contact where we could do this cheaply ? >>>>> >>>>> >>>>> More to come soon >>>>> >>>>> Sto >>>>> >>>>> >>>>> _______________________________________________ >>>>> Linux4nano-dev mailing list >>>>> [email protected] >>>>> https://mail.gna.org/listinfo/linux4nano-dev >>>>> http://www.linux4nano.org >>>>> >>>> _______________________________________________ >>>> Linux4nano-dev mailing list >>>> [email protected] >>>> https://mail.gna.org/listinfo/linux4nano-dev >>>> http://www.linux4nano.org >>>> >>> _______________________________________________ >>> Linux4nano-dev mailing list >>> [email protected] >>> https://mail.gna.org/listinfo/linux4nano-dev >>> http://www.linux4nano.org >>> >> >> _______________________________________________ >> Linux4nano-dev mailing list >> [email protected] >> https://mail.gna.org/listinfo/linux4nano-dev >> http://www.linux4nano.org >> > > _______________________________________________ > Linux4nano-dev mailing list > [email protected] > https://mail.gna.org/listinfo/linux4nano-dev > http://www.linux4nano.org > _______________________________________________ Linux4nano-dev mailing list [email protected] https://mail.gna.org/listinfo/linux4nano-dev http://www.linux4nano.org
