Help please.
What I'm trying to do: JTAG dump of NAND
== Phone ==
Phone: Samsung i917
Mobile OS: Windows Phone 7.5
Chipset: Qualcomm QSD8250
== Riffbox ==
Hardware: RIFF Box v2
Software: RIFF Box. Version 1.73
== Setup steps ==
1. Extracted motherboard from phone
2. Soldered to JTAG points using 2.5" long pieces of 30AWG magnet wire (all points wired, including VREF, NRST, and TRST)
3. Soldered to RIFF II adapter board (checked for shorts and verified solder points with conductivity test)
4. Supply battery pins with 4.1 volts (DC bench power supply)
5. Press and motherboard hold power button until power on (vibrates on power on + monitor amperage draw)
Setup picture: Link
== JTAG Read/Write Panel Output ==
JTAG TCK Speed: RTCK, Sample at 1 MHz
Connect & Get ID result:
Analyze JTAG Chain result:
== DCC Read/Write Panel Output ==
JTAG TCK Speed: RTCK, Sample at 1 MHz
Access ROM1 Address Space
checked: Auto FullFlash Size
checked: Image File Is Used (Main + Spare Combined into single file)
Read Memory output:
== Direct Memory Programming Plugin Output ==
Plugin version 1.05
Chipset (MCU): QSD8250
Memory Type & Host: NAND (via Chipset)
JTAG TCK Speed: RTCK, Sample at 1 MHz
Reset Sequence (Method): RESET, Wait 0ms, HALT at 0
JTAG I/O Voltage: 2.60V
TAP#: 0 (have also tried 1)
Connect & Flash ID Output:
Powering methods tried:
Relevant portions of JTAGManager.txt: RIFFBOX - Pastebin.com
What I'm trying to do: JTAG dump of NAND
== Phone ==
Phone: Samsung i917
Mobile OS: Windows Phone 7.5
Chipset: Qualcomm QSD8250
== Riffbox ==
Hardware: RIFF Box v2
Software: RIFF Box. Version 1.73
== Setup steps ==
1. Extracted motherboard from phone
2. Soldered to JTAG points using 2.5" long pieces of 30AWG magnet wire (all points wired, including VREF, NRST, and TRST)
3. Soldered to RIFF II adapter board (checked for shorts and verified solder points with conductivity test)
4. Supply battery pins with 4.1 volts (DC bench power supply)
5. Press and motherboard hold power button until power on (vibrates on power on + monitor amperage draw)
Setup picture: Link
== JTAG Read/Write Panel Output ==
JTAG TCK Speed: RTCK, Sample at 1 MHz
MAX sample rate was giving issues.
rates less than 80 KHz gives memory read timeouts
rates less than 80 KHz gives memory read timeouts
Connect & Get ID result:
Open serial port...OK
Connecting to the RIFF Box...OK
Firmware Version: 1.47 (RIFFBOX2), JTAG Manager Version: 1.73
Selected Resurrector: [Samsung I917 V1.0.4466.60929]
Connecting to the dead body...OK
Set I/O Voltage reads as 3.02V, TCK Frequency is RTCK
Detected dead body ID: 0x202400E1
Connecting to the RIFF Box...OK
Firmware Version: 1.47 (RIFFBOX2), JTAG Manager Version: 1.73
Selected Resurrector: [Samsung I917 V1.0.4466.60929]
Connecting to the dead body...OK
Set I/O Voltage reads as 3.02V, TCK Frequency is RTCK
Detected dead body ID: 0x202400E1
Analyze JTAG Chain result:
Connecting to the target...OK
Set I/O Voltage reads as 3.00V, TCK Frequency is RTCK
Following devices are found on the JTAG chain:
Device on TAP #0: ID = 0x1BA000E1, IR Length = 0x04 bits
Device on TAP #1: ID = 0x202400E1, IR Length = 0x04 bits
Total IR length: 0x0008 bits
Analizing IDCODE(s) of the JTAG scan chain:
1. 0x202400E1: Qualcomm QCS8250, H/W Rev. #2
Set I/O Voltage reads as 3.00V, TCK Frequency is RTCK
Following devices are found on the JTAG chain:
Device on TAP #0: ID = 0x1BA000E1, IR Length = 0x04 bits
Device on TAP #1: ID = 0x202400E1, IR Length = 0x04 bits
Total IR length: 0x0008 bits
Analizing IDCODE(s) of the JTAG scan chain:
1. 0x202400E1: Qualcomm QCS8250, H/W Rev. #2
== DCC Read/Write Panel Output ==
JTAG TCK Speed: RTCK, Sample at 1 MHz
Access ROM1 Address Space
checked: Auto FullFlash Size
checked: Image File Is Used (Main + Spare Combined into single file)
Read Memory output:
Connecting to the dead body...OK
Detected dead body ID: 0x202400E1 - CORRECT!
Set I/O Voltage reads as 3.02V, TCK Frequency is RTCK
Adaptive Clocking RTCK Sampling is: [Sample at 1 MHz]
Settings Code: 0x25010009000000000000000000000000
Resurrection sequence started.
Establish communication with the phone...OK
Initializing internal hardware configuration...OK
Uploading resurrector data into memory...OK
Starting communication with resurrector...FAILED
ERROR: Wrong DCC data checksum.
Detected dead body ID: 0x202400E1 - CORRECT!
Set I/O Voltage reads as 3.02V, TCK Frequency is RTCK
Adaptive Clocking RTCK Sampling is: [Sample at 1 MHz]
Settings Code: 0x25010009000000000000000000000000
Resurrection sequence started.
Establish communication with the phone...OK
Initializing internal hardware configuration...OK
Uploading resurrector data into memory...OK
Starting communication with resurrector...FAILED
ERROR: Wrong DCC data checksum.
== Direct Memory Programming Plugin Output ==
Plugin version 1.05
Chipset (MCU): QSD8250
Memory Type & Host: NAND (via Chipset)
JTAG TCK Speed: RTCK, Sample at 1 MHz
Reset Sequence (Method): RESET, Wait 0ms, HALT at 0
JTAG I/O Voltage: 2.60V
TAP#: 0 (have also tried 1)
Connect & Flash ID Output:
Selected Target: [QSD8250, 2.60V, TAP0]
Connecting to the QSD8250 target...OK
Detected dead body ID: 0x1BA000E1 - IGNORED!
Set I/O Voltage reads as 2.61V, TCK Frequency is RTCK
Adaptive Clocking RTCK Sampling is: [Sample at 1 MHz]
Resetting and Halting target...OK
R0 = 0xFFFFFFFF R6 = 0xFFFFFFFF R12 = 0xFFFFFFFF
R1 = 0xFFFFFFFF R7 = 0xFFFFFFFF R13 = 0xFFFFFFFF
R2 = 0xFFFFFFFF R8 = 0xFFFFFFFF R14 = 0xFFFFFFFF
R3 = 0xFFFFFFFF R9 = 0xFFFFFFFF R15 = 0xFFFFFFED
R4 = 0xFFFFFFFF R10 = 0xFFFFFFFF CPSR = 0xFFFFFFFF
R5 = 0xFFFFFFFF R11 = 0xFFFFFFFF
Connecting to MCU's NAND Memory Controller...FAILED
ERROR: Read/Write memory failed during H/W Init.
== Have also tried ==Connecting to the QSD8250 target...OK
Detected dead body ID: 0x1BA000E1 - IGNORED!
Set I/O Voltage reads as 2.61V, TCK Frequency is RTCK
Adaptive Clocking RTCK Sampling is: [Sample at 1 MHz]
Resetting and Halting target...OK
R0 = 0xFFFFFFFF R6 = 0xFFFFFFFF R12 = 0xFFFFFFFF
R1 = 0xFFFFFFFF R7 = 0xFFFFFFFF R13 = 0xFFFFFFFF
R2 = 0xFFFFFFFF R8 = 0xFFFFFFFF R14 = 0xFFFFFFFF
R3 = 0xFFFFFFFF R9 = 0xFFFFFFFF R15 = 0xFFFFFFED
R4 = 0xFFFFFFFF R10 = 0xFFFFFFFF CPSR = 0xFFFFFFFF
R5 = 0xFFFFFFFF R11 = 0xFFFFFFFF
Connecting to MCU's NAND Memory Controller...FAILED
ERROR: Read/Write memory failed during H/W Init.
Powering methods tried:
USB only
OEM battery only
USB + OEM battery
USB + DC power supply 4.1V
DC power supply only 4.1V
Have tried pressing and/or holding the power button during connection => doesn't do anythingOEM battery only
USB + OEM battery
USB + DC power supply 4.1V
DC power supply only 4.1V
Relevant portions of JTAGManager.txt: RIFFBOX - Pastebin.com
Comment