Products > Test Equipment

R&S RTB2004 Snooping

<< < (19/20) > >>

sergeyklenov:
For info: i found in flash MSDOS5.0 FAT16 table. So i think this NAND formatted as usual PC disk.

ElectronMan:

--- Quote from: sergeyklenov on November 02, 2021, 05:46:23 am ---For info: i found in flash MSDOS5.0 FAT16 table. So i think this NAND formatted as usual PC disk.

--- End quote ---

There are references to that in the firmware, but it is specifically for the USB disk emulation when you connect your RTB to your PC via USB. There are also components that allow mounting USB drives. The flash filesystem itself is not DOS compatible.

uski:
Hi,

I have soldered the missing 10-pin connector on my oscilloscope.

I had to extremely carefully remove the solder on the connector pads with a bit of flux and desoldering braid.
There are 0201 resistors nearby and significant ground heatsinking, so this is not for beginners...

Then, I soldered the connector, and made a custom cable with only the relevant pins (less pins = less force to remove = less chance to damage something = better)

I used the following:
- Pre-crimped cables: DigiKey 0500798000-12-L8-D-ND which I cut in half
- SMD connector: DigiKey WM7614CT-ND
- Housing: DigiKey WM1728-ND

Now, on to JTAGing... :popcorn:

skander36:
Success!
It took me about 5 hours using a JTAG interface (TMS320-XDS100-V3) which is considered high speed and OpenOCD.
I'm curious how long it will took you.

uski:
So because I am so late into the party, I needed to update a few things to get the openocd script to work.

First, I had an issue where the syntax of the "target create" command no longer accepts the chain-position parameter, I rather had to create a dap separately.

I have followed the guide here: https://visualgdb.com/support/chainposition/

The resulting script is:


--- Code: ---source [find interface/jlink.cfg]
reset_config trst_and_srst
if { [info exists CHIPNAME] } {
   set _CHIPNAME $CHIPNAME
} else {
   set _CHIPNAME fpgasoc
}
if { [info exists DAP_TAPID] } {
        set _DAP_TAPID $DAP_TAPID
} else {
        set _DAP_TAPID 0x4ba00477
}

jtag newtap $_CHIPNAME cpu -irlen 4 -ircapture 0x01 -irmask 0x0f -expected-id $_DAP_TAPID
adapter_khz 4000

dap create $_CHIPNAME.dap -chain-position $_CHIPNAME.cpu

set _TARGETNAME1 $_CHIPNAME.cpu.0
target create $_TARGETNAME1 cortex_a -dap $_CHIPNAME.dap -endian little -coreid 0 -dbgbase 0x80110000
init
cortex_a dbginit

--- End code ---

If anyone is more familiar with OpenOCD than I am, and can check that I did this right, feel free to take a look.

I am now downloading the flash using the rtb_nand_dump.pl script (thanks ElectronMan for the fantastic background work in post #1, really couldn't have done it without you).

I am using a clone JLink V9 (this is what I had in stock...). It had an internal VTref of 3.3V, and I didn't have an exposed 2.5V on the connector of the scope, so I switched the AMS1117 3.3V LDO that creates that reference inside the probe to a 2.5V one (the scope uses 2.5V signals). I don't seem to have issues reading the data, and I checked the signals with a voltmeter and all is at 2.5V.

As to the speed, here is a quick measurement:


--- Code: ---$ ls -l RTB_NAND_IMAGE.img && sleep 60 && ls -l RTB_NAND_IMAGE.img
-rw-rw-r-- 1 x x 16191568 Nov  5 13:20 RTB_NAND_IMAGE.img
-rw-rw-r-- 1 x x 17897344 Nov  5 13:21 RTB_NAND_IMAGE.img

--- End code ---
1705776 bytes per minute. Image is 512MB. 512*1024*1024/1705776=314 minutes, so around 5 hours if all goes well (no interruptions - hopefully my probe is stable)

Stay tuned!  8)

[EDIT] Image file seems to contain valid data so far. I can see the bootloader that was discussed previously at the beginning of the image, with legible text etc.

Navigation

[0] Message Index

[#] Next page

[*] Previous page

There was an error while thanking
Thanking...
Go to full version
Powered by SMFPacks Advanced Attachments Uploader Mod