Requirements:
- external SPI flash, which has firmware stored
- SPI capable reader (Buspirate, RaspberryPi, Xgecu T56, etc.)
Let's say you find an external flash memory on a PCB: chances are good that it will store interesting information like the bootloader or the root-filesystem.
-
Identify the used flash chip by Google the chip description printed on it
-
in the datasheet of the chip you should find the pinout of the chip (the dot on the chip specifies the upper left corner
-
Example Pinout:
.png)
Example pinout of a flash chip
-
-
Connect your Flash reader probes to the pins of the chip:
.png)
{% tabs %} {% tab title="Clamp" %} The quickest and easiest way to connect to a flash chip is by using a clamp, like these:
Clamps can be used to connect to pins on chip
Attach the clamp to the chip and the end to your programmer/debugger like the Bus Pirate or an Xgecu T56.
clamps connected to an SPI flash
{% endtab %}{% tab title="Soldering" %} If you don't have a clamp, you can also solder cables directly to the needed pins:
.png)
{% tab title="Desoldering" %} If Unsuccessful: The methods before can be unsuccessful as the MCU on the PCB inteferes with the flash chip, making it unable to read out. In that cases you can try to:
- Remove clock crystal on the PCB to stop the MCU from running
- desolder the flash chip and read it out separately using XGECU T56 for example
If the chip has internal pins (BGA layout) you might be required to desolder the chip.
If you desoldered the chip, you can:
- solder jumper cables on the correct pins
- read the chip out by placing it on an adapter, like the XGecu T56:
.png)
SPI flash is read out using Xgecu T56
{% endtab %}{% tab title="Probes" %} You can also 3D-Print Board Probe Testing Jig like this one:
The needles probes will directly connect to the pins on the chip:
