Since I had little to do over New years day, I threw together some Arduino code that would allow reading of Nand-Flash chips. This includes the memory contents and both the ID and ‘secret’ ID where supported.
First thing that needs to be acknowledged is that the Arduino Mega has a 16Mhz crystal & clock speed, therefore with a 5 Volt supply rail we are looking at about 100nS* for a single instruction cycle, a nand flash chip normally operates in the 15-25nS range.
*(06/Jan/2012) There have been some complaints about rounding the cycle time up, actually the cycle time is about 62ns (1 second /16,000000). Since I work with micro-controllers, generally I add in a margin when reckoning timing for code, saves any expensive mistakes when designing for production.
There are a couple of things to keep in mind:
- The Arduino mega employs interrupts, which run in the background unless specifically disabled
- There are not many single cycle instructions for port manipulation, you have to load a value before you can store or mask it, which already puts you ‘over’ 100ns, yes you can toggle a line in a single instruction, but you have to be 100% sure of its status before you start.
By the time we throw something together that can communicate a command to the nand flash chip there is not going to be much ‘change’ left over from 900nS.
From the timing diagrams we see that it takes about 3uS to read a 5 digit Nand Flash chip ID, specifically because there is the I/O toggling plus a subroutine call and return plus memory store for each byte recovered.
The above assumes we consider a design with direct read/write of the ‘Arduino Mega’ ports.
If we were to design a system that relied on the standard Arduino libraries, then the design would become unstable and potentially fail(for some stupid reason a “DigitalWrite()” library command takes over 6uS to execute, which would mean nearly 40uS to perform the same functionality with the Arduino library functions).
Other considerations in the design were to reduce down the number of subroutines, whilst it would be good programming practice to have the Read/Write bytes routines as callable subroutines, doing so would add the stack call timings to each byte that we read/write. (consider the time cost of >2 BILLION stack calls!! needed to fully read a device)
So here is the hardware setup along with some pictures of the results.
I’m currently working on cleaning up the library and trying to work round some ‘issues’ resulting from when the Arduino Mega is reset,powered up or code loaded.
It appears the Arduino Mega really hammers the I/O ports and creates a lot of spurious binary noise which has the potential to ‘trash’ any attached Nand Flash chip if the wrong set of I/O lines are thrashing about, it *may* require some sort of gating control that locks out the chip control lines UNTIL after the Arduino is powered up.
Finally I need to decide ‘how’ one might get all this information out of the Arduino, after all there is hardly the room to store the multi Gb data in the Arduino device.
Options currently under consideration:
- Make the current Nand Flash code a full library.
- Write a communication system to pass the data over ethernet to a ‘server’ hosted on a PC.
Write a library to store the data in a suitably sized SD card.
(Tried and it is FAR too slow)
Good luck on finding a data-sheet for a DYNET DN27UT088G2M (ID:ADD314A564), there are plenty of references to this part on the web but no data-sheets interestingly most of the references find their way back from China. Initial findings show the part to be connected with the manufacturer ‘HYNIX’, since the closest 4 digit ID for the matching Hynix product HY27UT088G2M is ID:ADD314A5.
See the Hardcore forensics forum for: Further work on the Nand Flash Chip Library…… If there is the interest