Flash erase time

I had to replace a flash chip yesterday because it would not read OK at times - and had a byte fail after programming about all the 2M of it. Since I don't do large volumes this is my first ever experience of the kind and I want to ask the group for some insight.

The part was an Atmel at49bv163d ; it was on a netmca board which came for repair (torn power cable...) after a few years at the customer. After replacing it (with an equivalent) things went back to normal.

The device had been opened and tampered with. I think even the flash may have been unsoldered and resoldered but it has been done reasonably clean so I can't say that for sure. [Reverse engineering the netMCA could be considered only by someone uncapable of understanding how hopeless the task is, so needing to unsolder the flash rather than JTAG reading it via the CPU as we do it here and pose no obstacles to might have been opted for....].

So my question is how likely is it for a flash chip like that to wear off after 2-3 times initial programming? Yesterday I did rewrite it may be 10 times but it showed the symptoms from the very start.

My curiosity is directed towards the flash durability and perhaps towards what has been done to the device.

Dimiter

------------------------------------------------------ Dimiter Popoff, TGI

formatting link

------------------------------------------------------

formatting link

Reply to
Dimiter_Popoff
Loading thread data ...

Hey Dimiter:

I'm more inclined to suspect that whatever took out the flash was a consequence of whatever bumbling they did inside the instrument case, or perhaps the chip was taken out by some problem with the board that they managed to fix.

One thing I have learned is that sometimes when a chip dies it will take other chips with it, and not always ones that are either physically or electrically close.

--
Tim Wescott 
Wescott Design Services 
 Click to see the full signature
Reply to
Tim Wescott

Hey Tim,

the chip was not completely dead, it did program its first 64k or so always correctly and booted; the rest is the "ROM disk", which is used to boot from when the HDD is messed up or new and needs reinstall. Now that "ROM disk" part sometimes failed - usually the first byte, not always at the same address - to program. That byte did program on a second attempt. But when the "disk" was read certain areas of it would fail if the transfer was longer; one particular directory (only) would read correctly when read just for a "dir" or "repair", but would fail when trying to copy it elsewhere after the first 3-4 files, no matter which ones, such that the file starting sector would be corrupted and the driver would try to read some bad address (and get trapped, which is how I knew). It looked as if some sustained transfer would make a part of the flash unstable... but just a part, about 10% of the 2M, the rest worked OK.

After replacing the flash things are 100% normal with the board.

Can I interpret this as a sign of a flash wear off? The datasheet says 100k times programming is OK.... It has been written to here, including yesterdays tests (mostly then really), a few tens of times, max 20 times I guess.

I erase the whole flash by issuing the "erase" command and wait

25 seconds (datasheet says this is the max. erase time), then I program it at 120 uS per byte (datasheet says this is max or sort of), tried to double that time - no change. May be I tried triple as well.

Dimiter

Reply to
Dimiter_Popoff

Is anything else hanging on the same bus? Maybe that device is driving the bus when it should not.

--
Chisolm 
Republic of Texas
Reply to
Joe Chisolm

A common cause of partly damaged chips is static electricity - if an amateur has changed the chip, then it is not unreasonable to suppose that they were not careful about static.

If you (Dimiter) have access to an X-ray machine, you may be able to examine the faulty chip and see if it has visible internal damage.

Reply to
David Brown

Hi David,

I don't have access to such an X-ray (never asked friends though). I am just curious and trying to learn. Basically I have never done hundreds (let alone thousands) of erase/program cycles to a flash like that and I wonder what other peoples experience is.

ESD damage might be the cause but nothing made me look at the signal levels at each pin, i.e. I don't think there has been any zapped input. Or may be there was, facing that investigation I just soldered a new flash and moved on :-). Then ESD damage can probably be more subtle than a zapped gate, I suppose. Asking the group for experience is so much easier than a full blown investigation :D .

Dimiter

Reply to
Dimiter_Popoff

Hey Dimiter:

I really don't think that you're wearing out the flash in ten repetitions unless you're managing to do something severely wrong. AFAIK most modern flash chips manage their own write and erase algorithms, so unless it's oddball (or oddball-old) then you should be OK.

Doesn't the chip have a way of telling you when it's busy erasing or writing? I'd use that rather than just holding off for a fixed interval.

--
www.wescottdesign.com
Reply to
tim

Hey Tim,

I think it does have some indication but as far as I remember the point of using it is only to speed things up. Then although I am small I have had a good number of flash chips at the same place and never had a problem. This unit had no problem either when shipped 2 years or so ago.

Dimiter

Reply to
Dimiter_Popoff

The trouble is, an event like this is probably a one-off. Without having at least a few cases, there is no way to get a pattern - any theories will therefore be pure guesswork.

For my own experience, I have had flashes fail on occasion, but never in a way that suggests some parts fail after only a few cycles. Although flash cycle lifetimes are only guaranteed statistically (i.e., the manufacturer says that on average only 1 in x thousand parts will fail after y thousand cycles), you are not going to get a failure after a few cycles without some serious problem or damage to the part.

Reply to
David Brown

Presumably NOR flash for program storage (i.e., XIP)?

Given our past discussions in this regard, I'd be willing to bet this is *exactly* what happened! And, that the adversary didn't really care to "understand" the design; rather, to be able to

*duplicate* it (counterfeit).

This is actually pretty common :< Sure, the thief can't "support" the product to the extent that they could make "upgrades". But, for an "as is" product, their development costs are *zip*!

I'd guess they tried to access it in some more "conventional" reader/programmer (e.g., as a "ROM") and screwed the pooch in the process.

Reply to
Don Y

In article , Dimiter_Popoff wrote: }The part was an Atmel at49bv163d .. }So my question is how likely is it for a flash chip like that }to wear off after 2-3 times initial programming?

The data sheet says "Minimum 100,000 Erase Cycles", so extremely unlikely.

Reply to
Charles Bryant

Hi Don,

this might be the case though the people I have been in contact with did not look to be heading that way. Then if someone would need to unsolder the flash in order to read it his chances to get the cloning right are virtually 0 (here is the board:

formatting link
).

Then cloning it would do them little good, I have taken precautions against what a number of players already attempted - to write some baloney PC software and interface it to the device which does the job (and has all the software one needs accessible from any RFB/VNC capable platform). Then they "sell" the "system" at 20k euro instead of my 2k .

But there is no control interface to the netmca other than through its "screen" via VNC; I know these people did contemplate writing something to click on screen buttons which supports your theory. If this is the case they may have wanted to clone the device rather than buy it so they would not depend on me. Now after two years of trying they may have given up the independence - or perhaps succeeded with me being unaware of that.

Either way this is unlikely to ever work, with all the movable/stretchable windows on the netmca display, live spectra, scope display etc.

Which is not to say they can't sell a system at 20k, for that it does not have to work - it only has to look as if it works so the entire chain involved in the "deal" gets paid.

Dimiter

------------------------------------------------------ Dimiter Popoff, TGI

formatting link

------------------------------------------------------

formatting link

Reply to
Dimiter_Popoff

But, could they just *copy* the board, the firmware AND the PC software? I.e., become an "unlicensed manufacturer and distributor" of your product? ILLEGALLY??

Or, make some token changes to the design (cosmetic) and/or firmware and software to *suggest* it isn't the same (which anyone other than a cretin would recognize as a thin disguise)?

E.g., in the 80's, video (arcade) games were blatantly copied. Almost literally! A tiny bit of effort would be expended to, for example, change the name of the game ("Frogger" might become "Logger" or "Froggie"). Or, tweek the copyright notice (again, illegal but done, nonetheless).

The counterfeiters goal wasn't to be a long term presence in the market. Rather, to quickly steal some sales (as their development costs were essentially ZERO) and move on -- to the next "garage" down the street.

I.e., *your* thieves may not be interested in support contracts or any ongoing business with "their" customers -- they'll let YOU handle supporting THEIR sales! Especially as they have no real knowledge of the workings of the product to be able to make any changes/improvements/repairs/fixes!

Again, imagine I walked into one of YOUR (legitimate) customer's premises and STOLE his genuine netMCA. Now, imagine the device that I stole was an exact copy of your device. What would the practical difference(s) be (to the thief)?

I.e., what prevents YOUR software from running on MY PC (instead of the PC that belongs to your legitimate customer -- from whom I stole the device and software)? What prevents me from duplicating the actual device hardware, etc. (yes, I know there is considerable know-how/art in some of the manufacture -- coils, etc. -- but, can everything else be replicated by a conventional electronics manufacturer?)

E.g., to protect video games, full custom chips were often designed ("potting" subassemblies was far too easy to work-around -- even if you embedded metal fibers, etc. to confuse XRay's). The chips were sold as spare parts from the regular parts depot -- for $2000 (essentially, the price of a new game!) I think they would give you a $1950 credit if you returned the OLD chip with no signs of tampering :>

Eventually, a "customer" is going to need support and feel screwed. Hopefully, they realize they have been screwed by the counterfeiter and not *you*! Ideally, you can have a list of "registered owners" or some other credential so you can deprive customers of thieves any support and dry up the market that way!

--
BTW, yesterday's $0 "rescue": 

 
 Click to see the full signature
Reply to
Don Y

I'm not sure what you mean by "illegally" in your comments. If you mean "can go to jail for doing", then no, it's not illegal to steal IP, at least not in any jurisdiction that I know of.

If you mean "leave yourself open to being sued", then yes, in most "Western" countries this applies -- but the owner of the IP won't be getting any help from the cops. It's considered a civil matter between the IP owner and the IP thief. Having copyright or a patent gives you an entry into a courtroom, but paying for the courtroom appearance, and your half of the lawyers therein, is up to you.

Then if you take yourself outside of a "Western" country, and you'll find that the views on intellectual property are quite different. The whole notion of patents and copyrights and whatnot is something that evolved in Europe fairly recently (just a few hundred years ago). It is (a) still evolving here, and (b) hasn't really spread outside of heavily Europeanized countries.

I have no idea of what the situation is is the former eastern block countries, but I'm pretty sure that Marxism rejected the concept of intellectual property along with other sorts of property ownership, and so stunted or reversed the progress of IP law. While I'm sure that it varies greatly from country to country, I suspect that the level interest by officialdom is much less, and that the ability of an ordinary Joe to seize a court is for a lawsuit is much less.

--
Tim Wescott 
Wescott Design Services 
 Click to see the full signature
Reply to
Tim Wescott

I meant it as "without your consent".

Hence my original comment about moving on "to the next garage". E.g., Samsung can't blatantly ignore the ruling in the judgement re: Apple -- because Samsung can't "pack up and move down the street" ... reopening as Bamsung!

In the video game heyday, this was not the case. A small shop could clone a game, sell many copies, then "disappear" and reemerge as a different LEGAL ENTITY before the victim was able to get an injunction against importing their products.

Given that many "owner/operators" (i.e., the folks who purchased the games) were a bit "grey" in their ethics (so to speak), this meant the market for counterfeits never changed -- nor the supply -- as a result of any real or perceived impropriety with these "sources".

Dimiter is a one-man shop, essentially. The legal system is effectively useless to him -- it costs more to defend against challenges to his IP than the total sales are possibly worth! Not to mention the time it takes away from making and supporting legitimate sales and new product!

His remedies are similar to the gaming vendors: raise the bar to make counterfeiting harder/more expensive (i.e., to approach the cost of a genuine development effort); penalize customers of those counterfeiters so they regret their purchase and HOPE word gets around that this would be a bad way to go for other potential customers.

[Anyone who has gone the "protection" route realizes its not a long term solution to protecting your market -- all schemes fail over time!]

A large, very "ethical" US manufacturer once blatantly copied the control software (ran in a PLC) for a product that they bought from a company I worked for. And, proceeded to modify it and develop their own "internal" product cutting us out of the $$$ loop entirely. Do you sue them because they have "allegedly" developed a product just like yours FOR THEIR OWN INTERNAL CONSUMPTION? (buying all the COTS parts from the same vendors that YOU bought them from) Or, do you make a note of it and keep it in mind for your future products AS YOU CONTINUE TRYING TO SELL TO THEM?

Reply to
Don Y

What Dimiter can do -- and probably does, already -- is to continually improve his product so that people want to buy his latest, instead of hanging on to his older stuff, or counterfeits thereof.

He's fortunate that he's selling scientific instruments. In most such markets that I know of, you're selling to people who need the instrument to work, and whose time is valuable enough that it's just not a winning proposition to buy junk and dick with it.

--
Tim Wescott 
Wescott Design Services 
 Click to see the full signature
Reply to
Tim Wescott

I understand it to be a relatively small market. And, lots of "politics" in his customer base that effectively make it hard to make inroads.

Note that improvements that are "just" firmware/software upgrades are easy to counterfeit after-the-fact... buy a counterfeit device, then buy a counterfeit "upgrade".

E.g., in the video game market, it was *cheaper* to buy upgrades from the grey vendors. You would slap new "artwork" on the generic cabinet that you had purchased (at a reduced price); then, upgrade the ROMs on the counterfeit board set (that you also bought at a reduced price).

Going directly to the original game vendor, you would end up with a brand new cabinet, brand new boards, brand new firmware, etc.

At $2K/game, an owner/operator has to pull in at least $4K in "play" (25c at a time) to pay off the initial cost of the game (because you typically split the take with the "location" that is hosting your machine. (ignore costs of repairs which come "off the top").

As many of these locations are low traffic (bowling alleys, private fraternal clubs, etc.) it can take a fair bit of time to generate that much play. And, there is an upper limit on the time a piece is playable -- many games were "90 day wonders" (consumers lost interest in them within 90 days of their release).

For a "genuine" game, you are then left with large devices that need to be stored somewhere (scrapped!). Hence the appeal of a reusable, grey market approach (remember, they don't have engineering/development staffs that they have to pay! Royalties to other tie-ins -- e.g., licensing a name/concept from a movie or entertainment venue, etc.)

See above re: business politics.

Note that these places also tend not to replace equipment often (from Dimiter's offline comments). So, he makes a big investment and *hopes* he can recover it from legitimate buyers while dealing with losses to competitors (apparently, they buy his products to see what's inside -- and, may even have the audacity to RETURN said devices for refunds once they've learned what they want to!) and counterfeiters.

Tough nut to crack!

Reply to
Don Y

Hi Don,

(me back after a days walk and almost 14 hours sleep :-)

there is no PC software involved other than a freely available RFB client ( realVNC ) and a browser. So once you clone the device successfully it will work as if it came from us here - and look that way, however, so eventually people would recognize what it is. But even the most experienced of us here would find it very very tricky to clone the thing and preserve all the specs, the analog conditioning part is simple but very hard to duplicate. I don't think anyone capable of that would not have a better job to do. The market is so small that it makes no commercial sense to do that; now since the netmca does things no other spectrometer can do (better resolution etc.) non-commercial considerations might come into play (not that I am aware of any), I don't know.

You just won't believe how corrupt that market is. Our netmca may sell at 2.2k euro but a competitors unit - the one deemed "best" which can't match the netmca in resolution etc. - sells at 12k euro. Others sell at 8k. They can afford even half of that price for bribery (things I just don't want to get involved in, I like the feeling of not being a thief). I once had a "customer" to whom a "friend" introduced me hold a device of mine for over than a year "waiting" for some money to come to pay; that "customer", in collaboration with my "friend", was simply raising her bribe price. Worst of all I knew what was they were doing and had no winning move.... Eventually they got what they wanted, I got my device back, the "customer" bought herself a new smartphone shortly after etc. :-) . Well, the device did not stay orphaned for too long.

Basically we succeed at places where they do need their equipment to work or face closure and have no big cash to spend and distribute down the chain (like for the customer providing "consulting" services to the seller, the least of the bribery costs :-) ).

The unit comes back from a typical customer of the kind we succeed at, I mean they are a genuine lab etc. Some link to some competitor firm (more likely to some wannabe firm) is of course possible, with the idea to make a system based on a cloned netmca device and have 5-10 systems sold to their very lab.

But cloning will do them little good, they can just buy 5-10 netmca devices from us, will be cheaper than to clone it wasting years. If they need a control interface in order to hide what they are using so the sale can take place cloning will be of no use to them, they will end up with the same device.

So generally I don't know if the failed flash is their fault, may be not. Silicon fails rarely but sometimes it does fail, go figure.

Dimiter

------------------------------------------------------ Dimiter Popoff, TGI

formatting link

------------------------------------------------------

formatting link

Reply to
Dimiter_Popoff

In article , Tim Wescott wrote: }I'm not sure what you mean by "illegally" in your comments. If you mean }"can go to jail for doing", then no, it's not illegal to steal IP, at }least not in any jurisdiction that I know of.

In the UK, under the Copyright, Designs and Patents Act 1988 it is an offence to "make for sale or hire" "an article which is, and which he knows or has reason to believe is, an infringing copy of a copyright work". The punishment may include up to ten years imprisonment.

And in the USA the Digital Millennium Copyright Act specifies various IP-related offences.

Reply to
Charles Bryant

You're getting old!!! :> (at least you managed to find your way back home! ;)

But, if they were dicking with the FLASH, they hadn't (yet?) concerned themselves with the trickier aspects!

Competitor trying to figure out what you've done? or how you've done it?

(sigh) Yes, as I was commenting upthread to Tim... the legal system isn't the friend of "smaller shops". Too many ways to screw over a vendor!

So, the evidence of it having been "opened" may have been one of curiosity? Or, perhaps trying to make the needed repair without sending it in for service? You mentioned you were not positive that the FLASH had been tampered...

People often operate under funny criteria! E.g., the firm that openly "copied" the PLC code and cloned the control system from us... "Do you want to be in the control system BUSINESS? Why not let others deal with those sorts of issues so you can concentrate on your primary business goals??"

Maybe just having the unit open increased the risk that they "slipped" with a probe, tool, ESD, etc.

Had the component been socketed, then I would be more confident that it may have been unseated/reseated just as a matter of course ("I wonder if this thing is loose?"). One of the first things I do when I rescue a bit of kit is to disassemble and reseat all cables, etc. Amazing how often this "fixes" problems! (a connector/PCB working its way loose; someone servicing the device and failing to correctly reinstall a cable in the proper orientation, etc.)

If replacing the component did the trick, then just make a mental note in case you see the problem again -- here or in another unit! "Unknown causes" always leaves me sleepless at night...

--don

Reply to
Don Y

ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.