Hacking What Is The ATF01 chip

[reveng]

Seeing as I have like.. 5 flash carts. Functional or not, it doesn't matter to me. (And yes, it still works. Including the spring)
I'm still looking for it, but I had to go to work. So I'll reply later on tonight.

EDIT Off-Topic: Woo, 800 posts.

Cheers mate,

But no big hurry,

The R4DS project is a sideline to another "spare time" project.

OpenSource Project

Maybe be the 800 hits are because its something other then "backups"?

 

[cory1492]

I didn't mean it in a nasty way. It's just that I don't understand what "microprobes, xray, die dissection, timing attacks etc." are. I don't speak geek, so whatever.

And what's the point in signing it 'R....' it's not like we can't read his name above his avatar.

Before you start slagging non-english terminology like "geek" around... you might consider that we may not be orbiting your world and live on earth, as such that it quite possibly would have been much more polite to ask what you wanted to know (or search for it) instead of trying to join the topic in such a fashion. Such an example being: "I'm an incredibly intelligent individual who feels it shouldn't be necessary to use google to look up the terms 'microprobes, xray, die dissection, timing attacks' so I can understand what is going on and possibly join in on the fun, could you please explain their context in this discussion?"

To explain a little further, there are many methods of attacking an unknown microchip (even secured ones, sometimes termed "silicon") to determine their internal coding and operations by getting them to reveal the state of their circuitry inside the chip. From doing micron sized shavings and attaching really small probes (microprobes) to the exposed surfaces under a powerful magnification, to attempting to use a xray (like what doctors use to look at your bones?) to actually see the state of the gates. In a relatively cheap device like the R4, it's unlikely anyone will go quite that far as many of the methods require special equipment, clean rooms and a lot of time (and thus money) - the gain to be had from understanding the proprietary device would be relatively small.

reveng
Let me know if you find something that will dissolve the epoxy on those bump chips, I'd definitely like to know if there is something that isn't specialized to do it. So far the only real way I was able to make a dent in it was with a 400C iron, and that was fairly ineffective (getting close to the die wires would not be an option). Also, all pads will be connected to the die else they wouldn't be in the footprint (I can confirm they didn't selectively wire the epoxy bump dies as region/version swap is still possible if you expose the pads)... whether they are set to do anything internally is another matter altogether. I don't believe the logic will be dumpable, but then again it could be (and thus also be a generic asic) but the already low cost may be the only thing stopping clones from entering the market.

 

[reveng]

reveng
Let me know if you find something that will dissolve the epoxy on those bump chips, I'd definitely like to know if there is something that isn't specialized to do it. So far the only real way I was able to make a dent in it was with a 400C iron, and that was fairly ineffective (getting close to the die wires would not be an option). Also, all pads will be connected to the die else they wouldn't be in the footprint (I can confirm they didn't selectively wire the epoxy bump dies as region/version swap is still possible if you expose the pads)... whether they are set to do anything internally is another matter altogether. I don't believe the logic will be dumpable, but then again it could be (and thus also be a generic asic) but the already low cost may be the only thing stopping clones from entering the market.

Hi Cory,

LOL: not from this planet

Thanks for the lowdown on the die connections with regards to the region settings. I think you could be right on the firmware “not dumpable” they don’t seem to be able to upgrade the device for 4GB SDHC?

I’ve not used any, “encapsulating potting compound”, since the mid 90’s so I need to do some research/googling although my local electronic store is still selling exactly the same stuff, so the tech hasn’t moved on much.

My initial thoughts where the usual, cellulose/acetone, epoxy paint stripper, … I have seen it suggested that a strong citric acid will dissolve it, but I think that’s silicone and not epoxy! A good friend of mine is a Chemist and is always up for a challenge, so I might confer with him.

My Dentist in Playa Del Carmen, MX has a nice X-Ray system I’m sure he will let me use. But it’ll be awhile before I can get myself down to that part of the world.

 

[cory1492]

Paint thinner with dichloromethane seems to be the chem of choice when removing epoxy from a PCB, no idea if it would be effective on the compound they use for dies though.

Just to make it absolutely clear, as I'm not sure you got this out of what I said, the PCB itself is identical on the epoxy bump version to the IC version, just they used those really tiny die wires and bump to attach the die instead.

 

[reveng]

Cory,
Have you still got the R4DS that you removed the bump from, if so could you scan a copy of the PCB without the bump on please

I aint got a R4DS with a bump on yet, maybe I'll dig in my pocket and get a few for expeminents.

Sorry, I did get you wrong in the last email, I though you had ripped the bump off and could see the die connections?

Paint thinner does it every time, wanna melt your best peice of furniture spill thinners on it

Sounds like a visit to the car body shop migh be in order.

 

[2dere]

I'm not in this league of understanding how the components work I did see peer pressure making renveng drop his signing his posts. I mean whats the big whoop? Its not like he is the only one, Nero does it all the time (or everytime?) And we're all sweet. In fact, to come off more as a prick why do you [reveng] sign your post with a capital 'R' when your name is all in lower case?
*sigh* Sorry, I usually try to be productive with my posts. I think this would be a first for me to not. Though your post that explained what you guys were going on about was great. Are you goings doing this to learn how the R4 works or just how its made up?

 

[ackers]

I didn't mean it in a nasty way. It's just that I don't understand what "microprobes, xray, die dissection, timing attacks etc." are. I don't speak geek, so whatever.

And what's the point in signing it 'R....' it's not like we can't read his name above his avatar.

Such an example being: "I'm an incredibly intelligent individual

But I'm not an incredibly intelligent individual

reveng good luck with your project!

 

[reveng]

I'm not in this league of understanding how the components work I did see peer pressure making renveng drop his signing his posts. I mean whats the big whoop? Its not like he is the only one, Nero does it all the time (or everytime?) And we're all sweet. In fact, to come off more as a prick why do you [reveng] sign your post with a capital 'R' when your name is all in lower case?
*sigh* Sorry, I usually try to be productive with my posts. I think this would be a first for me to not. Though your post that explained what you guys were going on about was great. Are you goings doing this to learn how the R4 works or just how its made up?

Hi 2dere,

All these flash cards shout of "HOMEBREW" friendly when they are not. HOMEBREW friendly would mean full specs on everything from the electrical schematics, to the firmware...

If you work commercially in the software engineering area, this is the sort of information is the norm. Look at the links I have provided on the dsx project page, Cypress (usb) - full specs, Actel (fpga) full specs....

The other motivation is simply a lust for knowledge.

 

[reveng]

I didn't mean it in a nasty way. It's just that I don't understand what "microprobes, xray, die dissection, timing attacks etc." are. I don't speak geek, so whatever.

And what's the point in signing it 'R....' it's not like we can't read his name above his avatar.

Such an example being: "I'm an incredibly intelligent individual

But I'm not an incredibly intelligent individual

reveng good luck with your project!

An inquisitive mind is an intelligent mind, dont sell yourself short..

Anyway stay on topic

 

[cory1492]

Ackers: I always give the benefit of the doubt on that one. I've run into too many smart people playing at being idiots

Hi 2dere,

All these flash cards shout of "HOMEBREW" friendly when they are not. HOMEBREW friendly would mean full specs on everything from the electrical schematics, to the firmware...

If you work commercially in the software engineering area, this is the sort of information is the norm. Look at the links I have provided on the dsx project page, Cypress (usb) - full specs, Actel (fpga) full specs....

The other motivation is simply a lust for knowledge.

Indeed, the few cards the manufacturers have released technical data on have very very limited (and I'm finding often buggy or inaccurate data)

Unfortunately, eventually every card that is currently the "cats arse" so to speak will eventually become unsupported (even if they aren't as rude about it as DSX team is) - in fact, part of the reason I started coding anything to begin with was the serious lack of support for my F2A 1G card which set me back $225USD ages ago (only to have the manufacturer entirely abandon it's users with no word around the time DS was announced. I know the feeling of a bad over-expensive investment, in other words.)

So yeah, I'm somewhere in the middle of trying to learn enough to be able to sus proprietary/non-open source stuff from hardware and disasm, but no where close to being able to tackle such a project (my teacher is somewhat lazy... that person being myself

)

 

[reveng]

I always give the benefit of the doubt on that one. I've run into too many smart people playing at being idiots

In my case its vice-versa

F2A 1G card Sorry I read that but assumed you meant a video card with a price tag of $225USD, anyway thanks for the heads up on that, on the other thread and the sniffing info.

cory1492

sus proprietary/non-open source stuff from hardware and disasm

If you havent tried it, IDA Pro is a pretty funky disassembler and its free (will only do PC exe's on the free version).

 

[reveng]

Ah some possible hints to chip suppliers to investigate

Reday Electronics

(we have made close partnerships with the well-known chip IC suppliers, such as CSR, ISSC and SIW)

 

[Electronix]

I know that this thread is over ten yrs old, but in case some ppl like me looking for info about the atf01, here is few things.
This X2 pad on the pcb, its most likely a place for different shape of crystal oscillator, since in my experience, usually in pcb stuff, the prefix X means Crystal (some sort) and its partially connected to existing oscillator.
Rn I'm developing a probe for fun, which can read the data and direction on the bus (ie the sd card and system bus), so later I might get more info regarding the data traveling on the buses and so hopefully gaining some intel about the chip. If there is a way to get connected to chip, its most likely through reset line and spi or sys bus. On the mean time, if anyone got some new info on the chip, would like to know