|
glaze83
|
 |
« Reply #60 on: July 22, 2011, 11:52:22 AM » |
|
Reading that some winbonds work and others don't it's looking to me like a timing issue. If you intro the drive while its off, boot up with the resistor pulled down to ground and it intros then you have the proper strength resistor.
|
|
|
|
|
Logged
|
|
|
|
|
CasioNo15
|
|
« Reply #61 on: July 22, 2011, 12:24:39 PM » |
|
Reading that some winbonds work and others don't it's looking to me like a timing issue. If you intro the drive while its off, boot up with the resistor pulled down to ground and it intros then you have the proper strength resistor.
Hmm...could be. Do you know which pin of the controller gets pulled to ground and how it's bonded to the SPI? |
|
|
|
|
Logged
|
|
|
|
|
danthaman
|
|
« Reply #62 on: July 22, 2011, 12:33:03 PM » |
|
Yes, I think a cap might help here... Also: Perhaps by isolating some of the ground pins and applying -3v to the approximate WP area of the silicon one could manufacture a potential difference at the same time as writing/altering Status Register Protect ...(we need a little app that just constantly sends that - assuming the 16gds unlock app doesnt) ... (Just and idea I'm floating that might be massaged/refined by others) I would be interested to know which pin the Russian method uses(CS?), when I have the time I might remove the epoxy ... I have often wondered if the part of the SPI protocol that allows for Master/slave election could be utilised here somehow.. ... (Timing/rising edge makes me wonder about perhaps messing with the clock pulse maybe??)
I am much sleep-deprived and some of this doesn't sound right when I read it back ... If I've made a glaring error then by all means flame away :p I mostly had to get those thoughts out... I'm still hoping one of the guru/legends will come along and put us out of our misery with a ninja-CDB command or something, although I think from how it's been described the WP might put a dent in that possibility. On the other-hand I wouldn't have thought we would get this far either, I'm sure it's on the tip of our collective (figurative) tongues ...(so to speak :p )
|
|
|
|
« Last Edit: July 22, 2011, 12:36:16 PM by danthaman »
|
Logged
|
|
|
|
snyder80
Newbie
Posts: 4
|
|
« Reply #63 on: July 22, 2011, 12:53:16 PM » |
|
I would imagine its a matter of timing, too. Winbonds seem to be a little more stable/less glitchy.
The Winbond manual explicit tells, on powerup/reset no instructions are recognized (Table 7 Fig.18) until timedelay tPUW.
Then you need to get WEL to "1" via Probe and set software Write Status Register with sekil´s tool or JF.
Regarding the Probe-Method. It is said, Winbond needs close to 1V DC at C59. Thats a drop of 2,3V from VCC. Using a resistor/pot is - well not that good.
First, it should be at least a 2W resistor/pot (russ.page refers 3,5 - 5.5 Ohm). Otherwise you might burn the resistor/change its value due of the heat (power dissipation).
Second problem seems to be we are finding a timing-glitch in the area of some nanoseconds.
If (!) winbond chips need 1,0 V at C59 we should use diodes for the requsted Voltage drop (like mentioned in that brazilian board ) for several reasons.
1. They maintain the high impedance/resitance between C59 and GND. That means no "f***up" with pullup resistors
2.They are switching very fast (nS).
3. They are stable when stressed.
I would use either a 1V zenerdiode with min. 1,3W, or 2 diodes in series (added foreward Voltage) like a 1n4007 (VF ~0,7) in series with a schottky diode BAT 41-46 (VF ~0.3).
And for sure the "Voltage-Drop-Hack" needs to be followed by software a "Write Status Register instruction". I dont know if these are alreade included in latest JF or only in the russian tool.
I think its interesting that following TX´s Tutorial you MUST use the PHAT-Button to flash 0225 and 0401 LT´s. 9504 need the SLIM-Button.
Good Luck,
snyder80
|
|
|
|
|
Logged
|
|
|
|
|
|
|
Acton1
|
|
« Reply #65 on: July 22, 2011, 04:30:23 PM » |
|
Thanks mate that did help me alot |
|
|
|
|
Logged
|
|
|
|
|
|
|
Pacote-san
|
|
« Reply #67 on: July 22, 2011, 05:07:41 PM » |
|
Its portuguese BR and its fake its a well known douchebag from brazil... |
|
|
|
|
Logged
|
|
|
|
|
Acton1
|
|
« Reply #68 on: July 22, 2011, 05:34:55 PM » |
|
Its portuguese BR and its fake its a well known douchebag from brazil... Until its been proven we don't know it's fake there are some good unknow hackers out there mate that what to make a name for themselves. Only time will tell |
|
|
|
|
Logged
|
|
|
|
|
Pacote-san
|
|
« Reply #69 on: July 22, 2011, 05:46:49 PM » |
|
Its portuguese BR and its fake its a well known douchebag from brazil... Until its been proven we don't know it's fake there are some good unknow hackers out there mate that what to make a name for themselves. Only time will tell Yes we KNOW its fake... and thats not how things works... the one how makes and affirmation is the one responsible in proving its real not the other way around... Its just a known electronic store here in Brazil already known for stating false stuff (like saying they were able to jtag a f***ing SLIM console) Its not in ANY way any major hacker.... please just LOOK at the horrible BAT in place.... |
|
|
|
|
Logged
|
|
|
|
|
morenomdz
|
|
« Reply #70 on: July 22, 2011, 09:26:48 PM » |
|
Yes he is a well known mo.fo here from Brazil, he even charges noobs around here for stupid free info.
And I'd say he is using a 9504 board already flashed with a 0225+ ofw to fake it up.
|
|
|
|
« Last Edit: July 22, 2011, 09:29:33 PM by morenomdz »
|
Logged
|
|
|
|
|
glaze83
|
|
« Reply #71 on: July 22, 2011, 11:22:28 PM » |
|
had another few minutes to review the datasheets of the mcix and winbond and noticed something interesting:
Write Status Register Cycle Time:
MCIX = min 5ms - max 15ms
Winbond = min 10ms - max 15ms
Could the Russian program be cycling below 10ms?
Anybody with more knowledge than me able to measure this or disassemble the program?
|
|
|
|
|
Logged
|
|
|
|
|
spookyman166
|
|
« Reply #72 on: July 23, 2011, 01:54:19 AM » |
|
The russian program has no wait time. I guess it takes the program at least 5ms to clear the instruction which works with mexico but it takes shorter that 10ms, which doesnt work with winbound. I could recompile it with a wait. How long would you like?
|
|
|
|
|
Logged
|
|
|
|
|
glaze83
|
|
« Reply #73 on: July 23, 2011, 01:58:34 AM » |
|
How about 12ms? Or if its not a pain, make one with 10, 11, 12, 13, 14, 15? Here's hoping  |
|
|
|
|
Logged
|
|
|
|
|
spookyman166
|
|
« Reply #74 on: July 23, 2011, 02:15:07 AM » |
|
ok. ill install Vb net and ill just make a box with custom wait time lol.
|
|
|
|
|
Logged
|
|
|
|
|
glaze83
|
|
« Reply #75 on: July 23, 2011, 02:20:11 AM » |
|
its the cycle time though, to complete the instruction on the chip -- not just how long after you push the button that it sends the commands -- its the time between the commands. Just making sure here  |
|
|
|
|
Logged
|
|
|
|
|
spookyman166
|
|
« Reply #76 on: July 23, 2011, 02:26:40 AM » |
|
currently the program reads: Me.send_ser_set_write_enable_9504(num, 160, &H72) // I assume this sets the write disable
Me.send_ser_write_status_reg_9504(num, 160, &H72, 0) // And this turns it off for good?
I will make it look the this: Me.send_ser_set_write_enable_9504(num, 160, &H72)
Thread.sleep(parseInt(textbox1)) // What you would enter in a text field as wait time
Me.send_ser_write_status_reg_9504(num, 160, &H72, 0)
|
|
|
|
|
Logged
|
|
|
|
|
glaze83
|
|
« Reply #77 on: July 23, 2011, 02:32:52 AM » |
|
actually I don't know if that looks good -- it looks like the first line is disabling the unlock and the second line is checking to make sure the spi is 0
No way to find the write_enable_9504 command in the code?
|
|
|
|
« Last Edit: July 23, 2011, 02:44:21 AM by glaze83 »
|
Logged
|
|
|
|
|
spookyman166
|
|
« Reply #78 on: July 23, 2011, 02:46:04 AM » |
|
Private Function send_ser_set_write_enable_9504(ByVal port As UInt16, ByVal drive_pos As Byte, ByVal status As Byte) As Boolean
If Not Me.send_ser_ata_68(port, drive_pos, status, 0, &H88, 6) Then
Return False
End If
If Not Me.send_ser_ata_1b(port, drive_pos, status, 1, 0, 0, 0, 0) Then
Return False
End If
Return True
End Function
|
|
|
|
|
Logged
|
|
|
|
|
glaze83
|
|
« Reply #79 on: July 23, 2011, 02:55:04 AM » |
|
edit: decided to decompile the program myself and the area where it appears to be sending commands to the drive are lines which start with OutP. And there's no need for a variable delay -- just put 20ms delays after any line of code with OutP in it and it should be golden, or is there anyway to make every command in the program run 10ms after each other? I googled and saw a timer tick function?
I'd put the pause after the first "Then Return False" but then again in the previous lines of code the 160 could be a clock cycle or something, or some other value could be a clock cycle -- can you not post the entire code even though I'll admittedly not understand it, possibly someone else will jump in if we're on the right track here or misguided.
You can make this pause in ms correct?
|
|
|
|
« Last Edit: July 23, 2011, 05:55:59 AM by glaze83 »
|
Logged
|
|
|
|
|
