Author Topic: 01_Nand Flash Chip reader (Read ID)  (Read 5105 times)


  • Administrator
  • Jr. Member
  • *****
  • Posts: 60
  • Karma: +2/-0
    • Hardcore forensics
01_Nand Flash Chip reader (Read ID)
« on: January 02, 2012, 10:11:15 AM »
We put together a Nand Flash chip reader library which after several days of testing the 'READ ID' functionality appears to be stable.
Initially there were some issues related to the ID being offset, usually with some sort of dummy byte before the first  genuine ID byte.


This seems to be related to some sort of glitching on the WE# line, so after doing something stupid by inverting the WE#( which should not work). Because looking at the data-sheets the WE#, should only go low after the ALE goes high to latch in the dummy address.

The 'something stupid'

I suspect that this is not the whole picture, because in theory this is preventing the  dummy address byte being written because the  WE# downward edge does not occur inside the  ALE which should take the chip out of specification but instead it makes it work.

Specifically in the top capture (malfunction) you can see the WE# going 'down' then 'up', inside the ALE, but in the next capture  the WE# is 'down' but then it just goes 'up' which does not match the data-sheet but works.

Again, this is possibly why so many people have failed getting this to work because the  Mega is just too slow to operate the Nand-flash chip at the  speed require. To get the mega functioning appears to require the use of a logic analyzer to  physically 'see' what is going on, then 'fiddle' with the waveforms until it works

Open NAND Flash Interface (ONFI ) is supposed to be a standard for Nand Flash chips.
Way way back in the past, Nand Flash chips had different functionality,packaging,timing,command sequences and pin outs, this was great for the industry as it resulted in 'tie in' but bad for everyone else, since it requires you to stick with a standard manufacturer or  have multiple PCB layouts and code bases.
The ONFI was a way to standardize the functionality and pinouts (initially Samsung and Toshiba united to destroy the ONFI)
To test if a chip is ONFI compatible you can replace the 'Address cycle 0x00' with 'Address Cycle 0x20' when issuing a read ID
The chip is supposed to respond with "ONFI" instead of the chip manufacturers ID.
Since it is a no brainer to implement this functionality, we added it to the library, but don't get too worked up about it even now the functionality is still not common, but the manufacturers have at least settled on the pinouts and some commands.

« Last Edit: January 06, 2012, 04:29:07 AM by Destroyer »