Hi,
I was wondering if OLS is able to sniff SDRAM protocol.
I have a board with an ARM CPU connected to a 16 mb sdram chip 143 mhz (hynix HY57V283220T).
What I just need is to sniff the bus in order to dump what CPU read/ write.
In this way I could access directly to code loaded from flash (it's encrypted there).
Someone know if OLS can accomplish these velocities?
If not, what kind of logic analyzer I have to see?
regards
[quote author="fisarmio"]Hi,
I was wondering if OLS is able to sniff SDRAM protocol.
I have a board with an ARM CPU connected to a 16 mb sdram chip 143 mhz (hynix HY57V283220T).
What I just need is to sniff the bus in order to dump what CPU read/ write.
In this way I could access directly to code loaded from flash (it's encrypted there).
Someone know if OLS can accomplish these velocities?
If not, what kind of logic analyzer I have to see?
regards[/quote]
It is doubtful that you could do that with OLS.
1. The dram referred to, appears to be a x32 part. So, you'd need all 32 OLS lines just to capture the data alone. There would be none left for RAS/CAS/WE, etc, much less address lines.
2. The 143 MHz is the part spec, but assuming that the application is really using a clock near that speed, let's say 125 MHz for example, luckily this is SDR and not DDR, you would still need a good bit more than the 200 MHz max sample rate of the OLS to capture any semblance of usable data. Perhaps you could use the external clocking option and sample on the opposite edge of the clock? Still, with just 24KB of sample memory, you wouldn't get much data captured before the OLS buffer fills.
As for what sort of logic analyzer can do what you want to do, you need something with upwards of 250 MHz sample rate and as much buffer storage as data you intend to capture. Plenty of professional solutions in the $100K and up range. Even used models command nearly new prices.
Thank you Qwlciguk for your reply.
So, considering that OLS can sample @200 mhz, I should analyze all 32 lines.
To obtain the RAW data I need to write a sort of plugin that allow me to reconstruct data from sdram protocol I sniffed?
Or is there some software that can handle it compatible with OLS?
I didn't know OLS has a buffer of just 24k . So that means I can sniff just 24K of signals? Can't I just empty the buffer and restart the sniffing? (Maybe not due to high velocity right?)
Regarding professional LA, this one is perfect, but it costs around 100k :)
keysight U4154A
(replace all capitalized C with / )
it has also a module that handle up to DDR4 sample rate.
[quote author="fisarmio"]Thank you Qwlciguk for your reply.
So, considering that OLS can sample @200 mhz, I should analyze all 32 lines.
To obtain the RAW data I need to write a sort of plugin that allow me to reconstruct data from sdram protocol I sniffed?
Or is there some software that can handle it compatible with OLS?
I didn't know OLS has a buffer of just 24k . So that means I can sniff just 24K of signals? Can't I just empty the buffer and restart the sniffing? (Maybe not due to high velocity right?)
Regarding professional LA, this one is perfect, but it costs around 100k :)
keysight U4154A
(replace all capitalized C with / )
it has also a module that handle up to DDR4 sample rate.[/quote]
You can connect all 32 lines and it will use up all the available inputs on the OLS. Then you need to connect either the dram clock or perhaps the DQS strobe line to use as the sample clock for the OLS. Then you will need to figure out what are writes to dram vs reads from dram, but there are no more inputs on the OLS after you use all 32 for data. Trying to use a free-running 200 MHz sample rate, isn't going to work very well. It won't get much data captured, less than 8K 32 bit dwords and it will require a lot of manual analysis. If you use DQS strobe as the OLS clock, it will only capture actual data and not idle time. The OLS client software will display the data nicely for you in that case.
You would need to keep all input wires as short as possible. I'd recommend nothing over 5 cm.
The keysight U4154A commercial logic analyzer would work for what you're trying to do.
From having done this sort of thing before, I can say that it's very difficult using a logic analyzer like OLS.
Many thanks.
I'm waiting for OLS, then I will start to work with.
Regards
Did you ever start this project?
If you're willing to learn FPGA programming, I think that you could write your own FPGA setup to sniff the DRAM protocol. Instead of storing the raw waveforms (high bandwidth), you could first decode the data and then store only the DRAM data in the FPGA RAM. This would then require a method to upload the data through the PIC, which probably requires some custom PIC programming beyond what it already supports. It's all open source, so you have a decent starting point, but learning FPGA programming won't be easy. In other words, the OLS is a great hardware platform for more than just a Logic Analyzer, but it requires custom programming to do things outside the norm.
I think you'd also need some complex triggers to facilitate grabbing different sections of DRAM on different runs. Or, you could just grab a different address range on each run, filling the FPGA RAM. However, I don't think that your goal of directly accessing the code loaded from Flash will work if you're just sniffing the DRAM lines. You'll be able to see the actions performed by the code in Flash, but you won't actually be able to read the Flash contents (unless the Flash is automatically copied to DRAM and then executed from DRAM - in which case you're in luck).