Trying to read a protected chip

Do you have a question? Post it now! No Registration Necessary

Translate This Thread From English to

Threaded View


Hi guys,
I'm trying to read the data from a protected chip (Samsung K9F5608U0B
YIB0)... Does anybody know what pins I would have to use to monitor the data
coming from this chip while its running? and also what software/hardware I
could use to capture the data?

Thanks in advance for any of you may be able to offer!
Cheers!





Re: Trying to read a protected chip


Quoted text here. Click to load it

Have you got the data sheet?
You'll mostly likely need a logic analyser to capture the data pins
while triggered from the address pins.

Are you *sure* you can't just get the same computer somewhere cheap
like on eBay and rip the chip out?

Dave :)


Re: Trying to read a protected chip



. . .

Quoted text here. Click to load it

The data sheet is available on the Samsung site
( http://www.samsung.com )

From a quick look, it does not look like it would be easy to do what
has been proposed.

BTW in another thread the OP mentioned there was a "secure
area". The only security feature I saw in the data sheet is that there
is a section which is OTP. From that it sounds like the only
protection is that some of an already programmed device cannot be
altered, but you can read the whole thing out normally, and hence copy
it (unless some secret chant is required to program that area  - it
does not seem to go into detail about the OTP area).
Andy Wood
snipped-for-privacy@trap.ozemail.com.au

Re: Trying to read a protected chip


Quoted text here. Click to load it

It does look like a generic OTP area, the datasheet just says:

"Unique ID for Copyright Protection is available
-The device includes one block sized OTP(One Time Programmable),
which can be used to increase system security or to provide
identification capabilities. Detailed information can be obtained by
contact with Samsung."

If that is the case and you know the address (was it mentioned in the
previous thread?), then it should be fairly easy read out?

Then of course you need a programmer that supports writing to this OTP
location. It might only be a factory programmed thing, in which case
the chances are not good.

Dave :)


Re: Trying to read a protected chip


Quoted text here. Click to load it



It is a factory programmed thing, but I wasn't able to get a reply from
samsung :( Im not even sure how many bytes it is... I know roughly it holds
the model# and the ID code which I assume would be about 9 bytes total(?),
but if I knew what was in it I could find a way to reprogram it.
I also don't know the address.... because its not something samsung
released.



Re: Trying to read a protected chip
Quoted text here. Click to load it

If you know the model number it puts out then in thoery I guess you
could use a logic analyser and trigger on a sequence of bytes?

If the OTP area is simply inside the normal address range then you
might be able to simply use a programmer to read out all of the data
and then program a similar flash chip without this OTP option? This
would at least be worth a try before resorting to harder schemes.

If on the other hand the OTP area requires some address sequencing
scheme to work (likely I guess, otherwise it's not very "secure"), then
you are probably up the proverbial creek without a paddle!

Dave :)


Re: Trying to read a protected chip
Quoted text here. Click to load it

Yep I know the code it puts out, and thats why i was thinking of using a mod
chip type thing, to watch for the sequence and then change it. But I didnt
know how to go about it....

The only other option I have failing this, is to actually find someone to
hack the bios and software inject the code rather than having it read from
the hardware... which would probably be less dramatic than a mod chip or
chip copying...





Re: Trying to read a protected chip
Quoted text here. Click to load it

Well, you won't be able to use PIC like you mentioned before, too slow,
it would have to be a fast PLD/FPGA operating with real-time
transparency. AND you'd have to make sure it didn't upset the
motherboard system timing. Not a trival thing to do any stretch of the
imagination.

But if you don't know the address/data sequence I wouldn't bother
starting to think about it.

Quoted text here. Click to load it

Take 1 genious geek, add Jolt Cola and Pizza, and hey-presto! :->

Any geek wearing one of those "Will work for Bandwidth" t-shirts should
do the trick!

Dave :)


Re: Trying to read a protected chip


Quoted text here. Click to load it

Thanks Dave, now I know I I'll probably just be wasting time looking this
way...
I'm off to find some nerds :D
 



Re: Trying to read a protected chip



Quoted text here. Click to load it

Dave, if only things were that simple lol.
The only options I have are:
1) reverse engineer the boot code and modify it to load a pre set ID  <---  
Dont know os9/mips assembly
2) copy the chip and reverse engineer the one time writable block  <-- too
expensive/chips no longer available/not guaranteed to work
3) buffer the code from the chip and look for the hardware ID on the unit
and then use a pic chip to change the ID to the proper code(mod chip)

Already tried going the second option... now I'm left with the third lol...
If this doesnt work I'll have to find a hacker who can help with option 1!!!
:)

Cheers!









Site Timeline