GTVhacker • View topic - NAND Flash question

Wiki

Blog

Forum

FAQ

Board index » Google TV Devices » Logitech Revue » Revue Development

It is currently Mon Jun 17, 2013 11:11 pm
All times are UTC - 8 hours

View unanswered posts | View active topics

NAND Flash question

Moderator: Revue Mod

Page 1 of 3 [ 22 posts ] Go to page 1, 2, 3 Next

Post a new topic">

Post a reply

NAND Flash question

Author

Message

pcgeil

Post subject: NAND Flash question

Posted: Wed Aug 17, 2011 3:20 am

Android 1.0

User Control Panel

Joined: Wed Aug 17, 2011 3:15 am
Posts: 26
GTV Device Owned: Logitech Revue

Hi,
does anyone know, if for example the root-filesystem is saved encrypted on the NAND flash?
Has anyone tried it before to read the NAND to get the real honeycomb from a honeycomb flashed device?

Or has it be tried with a virgin box? Are there differences?

Thanks.

pcgeil

Post subject: Re: NAND Flash question

Posted: Thu Aug 18, 2011 12:22 pm

Android 1.0

User Control Panel

Joined: Wed Aug 17, 2011 3:15 am
Posts: 26
GTV Device Owned: Logitech Revue

today my gtv was delivered :-)

i am happy that uart is still working with this box

guess nobody tried to dump the nand externally before, or?
next week, I should get all things which are needed to dump the nand externally.
First of all, I will dump my virgin box and look if that works

maybe i will then try to update to honeycomb and dump again.
i am excited if the whole flash is then encrypted or not ...

cj_000

Post subject: Re: NAND Flash question

Posted: Thu Aug 18, 2011 9:39 pm

1.6 Donut

User Control Panel

Joined: Fri Jul 29, 2011 2:13 pm
Posts: 115

pcgeil wrote:

today my gtv was delivered :-)

What type of hardware are you planning on using to dump out the nand?

pcgeil

Post subject: Re: NAND Flash question

Posted: Thu Aug 18, 2011 11:04 pm

Android 1.0

User Control Panel

Joined: Wed Aug 17, 2011 3:15 am
Posts: 26
GTV Device Owned: Logitech Revue

I will desolder the TSOP48 with a hot air soldering machine and put the TSOP then in:

http://datasheet.octopart.com/IC191-048 ... 508500.pdf

To read the TSOP, I will probably use the ATNGW100 from Atmel based on an AVR32 or
will try if I can use an CARD-Reader with xD-Card support, see

http://en.wikipedia.org/wiki/XD-Picture ... w_hardware

Chinpokomon

Post subject: Re: NAND Flash question

Posted: Fri Aug 19, 2011 4:35 pm

Android 1.0

User Control Panel

Joined: Mon Aug 01, 2011 10:13 pm
Posts: 36

pcgeil wrote:

today my gtv was delivered :-)

I'd hold off on upgrading to Honeycomb until then... it might be valuable having root access before going further.

pcgeil

Post subject: Re: NAND Flash question

Posted: Thu Aug 25, 2011 2:38 am

Android 1.0

User Control Panel

Joined: Wed Aug 17, 2011 3:15 am
Posts: 26
GTV Device Owned: Logitech Revue

Update, my setup with Yamaichi IC191-0482-004 is ready.
I hope I can desolder the NAND this weekend and then I try to dump it :-)

pcgeil

Post subject: Re: NAND Flash question

Posted: Sat Aug 27, 2011 4:48 pm

Android 1.0

User Control Panel

Joined: Wed Aug 17, 2011 3:15 am
Posts: 26
GTV Device Owned: Logitech Revue

i managed it to get a dump of the samsung nand
but till now, I do not know if the dump is correct.

Maybe on monday i will be able to check if the dump is complete and try to update to honeycomb and dump again.

Itsjusttim

Post subject: Re: NAND Flash question

Posted: Sat Aug 27, 2011 7:07 pm

Android 1.0

User Control Panel

Joined: Mon Aug 01, 2011 9:33 pm
Posts: 22

Good! Thanks for the update

pcgeil

Post subject: Re: NAND Flash question

Posted: Mon Aug 29, 2011 5:09 am

Android 1.0

User Control Panel

Joined: Wed Aug 17, 2011 3:15 am
Posts: 26
GTV Device Owned: Logitech Revue

Just another short update:

Some Information about the GTV filesystem is written here:
http://gtvhacker.com/index.php/GTV_FileSystem

I don't know if anyone dumped the nand before to get some of these information.
So what I can confirm is that:
1. 0x00a00000-0x00c00000 "redboot" All FF's
but the last 10 bytes are zero in my dump, it looks somehow if everything is shifted 10 bytes in the dump.
don't know why ...

2. 0x00c00000-0x00e00000 "cefdk-config" Holds Box SN, repeats (like MBR)
0x00bffff6 - 0x00c01ff5 is 0x00 (important 10 bytes shift)
then everything is 0xff till 0x00c06ff5
but from 0x00c21f6 - c02204 it is not 0x00 maybe the serial number (same pattern in 0x00c02a2e, 0x00c02c3c, 0x00c02e4a, 0x00c031f6, 0x00c03404 and so on)
there are more pattern the following block ... and it looks as if everything gets repeated many times

3. 0x00e00000-0x00f00000 not described
0x00e00000 to 0x00ebff5 is 0xff, from 0x00ebff6 to 0x00effff5 is 0x00 and from 0x00effff6 to 0x00fffff5 is 0xff again
(remember the 10 bytes shift!)

4. 0x01800000-0x01900000 "fts" Flash Transaction Key/Value Storage. (Contents seem to be just seems to be just: "F*TS..e.L.......bootloader.command=boot-recovery.bootloader.recovery=recovery.--wipe_data.")
this is correct, there are some more things inside this area, for example you can find the same pattern as in 0x00c21f6 - c02204
there are some more things which also repeats
everything else is 0xff

please forget the mentioned 10 bytes shift, it was a problem of my hexedit ...

pcgeil

Post subject: Re: NAND Flash question

Posted: Mon Aug 29, 2011 2:01 pm

Android 1.0

User Control Panel

Joined: Wed Aug 17, 2011 3:15 am
Posts: 26
GTV Device Owned: Logitech Revue

here maybe a helpful script to split the dump!

Code:

#!/bin/bash
# copyright: pcgeil
# (c) 2011 progged for GTV revue

dumpFile="nand.dump"

outputDir="dump"
outputName=${outputDir}"/test"

# bash check if directory exists
if [ -d $outputDir ]; then
   echo "Directory exists"
else 
   echo "Directory does not exists"
   mkdir $outputDir
fi 

# dump mbr 0x00000000-0x00200000
dd if=$dumpFile of=${outputName}".mbr" count=8192 bs=256

# dump cefdk 0x00200000-0x00a00000
dd if=$dumpFile of=${outputName}".cefdk" count=32768 bs=256 skip=8192

# dump redboot 0x00a00000-0x00c00000
dd if=$dumpFile of=${outputName}".redboot" count=8192 bs=256 skip=40960

# dump cefdk-config 0x00c00000-0x00e00000
dd if=$dumpFile of=${outputName}".cefdk-config " count=8192 bs=256 skip=49152

# dump splash 0x01000000-0x01800000
dd if=$dumpFile of=${outputName}".splash" count=16384 bs=512 skip=32768

# dump fts 0x01800000-0x01900000
dd if=$dumpFile of=${outputName}".fts" count=2048 bs=512 skip=49152

# dump recovery 0x01900000-0x02d00000
dd if=$dumpFile of=${outputName}".recovery" count=40960 bs=512 skip=51200

# dump kernel 0x02d00000-0x03200000
dd if=$dumpFile of=${outputName}".kernel" count=10240 bs=512 skip=92160

# dump boot 0x03200000-0x07200000
dd if=$dumpFile of=${outputName}".boot" count=131072 bs=512 skip=102400

# dump system 0x07200000-0x1f200000
dd if=$dumpFile of=${outputName}".system" count=786432 bs=512 skip=233472

# dump data 0x1f200000-0x3fa00000
dd if=$dumpFile of=${outputName}".data" count=1064960 bs=512 skip=1019904

# dump keystore 0x3fa00000-0x3ff00000
dd if=$dumpFile of=${outputName}".keystore" count=10240 bs=512 skip=2084864

# dump bbt 0x3ff00000-0x40000000
dd if=$dumpFile of=${outputName}".bbt" count=2048 bs=512 skip=2095104

Page 1 of 3 [ 22 posts ] Go to page 1, 2, 3 Next

Board index » Google TV Devices » Logitech Revue » Revue Development

It is currently Mon Jun 17, 2013 11:11 pm
All times are UTC - 8 hours

View unanswered posts | View active topics

Who is online

Users browsing this forum: No registered users and 1 guest

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:

Design by Mighty Gorgon
Some ideas by ChriZ