Skip to main content
Topic: Issue: cant dump SPI flash EEPROM contents using flashrom with a bus pirate (Read 275 times) previous topic - next topic

Issue: cant dump SPI flash EEPROM contents using flashrom with a bus pirate

I have been using flashrom on and off for probably around a year or two to dump the contents of various SPI flash chips I have laying around for,

  • having a backup of the flashchip if i ever need to replace the chip down the road
  • and learning how to use my bus pirate with flashram and just generally trying to learn a little more about the BP SPI and what not

I have dumped several SPI flash chips in the past using my BP, and the current bootloader and FW I have running on my BPv3a SEP 2009 is,

Code: [Select]
HiZ>i
Bus Pirate v3.a
Community Firmware v7.1 - goo.gl/gCzQnW [HiZ 1-WIRE UART I2C SPI 2WIRE 3WIRE PIC DIO] Bootloader v4.3
DEVID:0x0447 REVID:0x3003 (24FJ64GA00 2 A3)
http://dangerousprototypes.com
HiZ>

I started using the community firmware a while back, but i'm not opposed to using a different version if it means i can dump the contents of a flashchip using flashrom.

I have had general issues using the BP on macOS due to the whole FTDI driver kext issue, presently i'm using the stock ftdi driver provided by Apple on macOS 10.13 high sierra, and NOT the one provided by ftdichip, (once again i'm not opposed or preferentially to either driver, i've used both and have had the same mixed results with both.

so whenever i want to dump the contents of a new SPI chip that comes in front of me, generally i use my BP with flashrom, and dust off my open bench logic sniffer, and dump (re)dump the contents of that SPI chip on it to make sure everything is connected and working as it should.  I choose to use the OBLS (OLS) board as a baseline because i've had the most success in dumping the contents of its flash in the past, and it also provides a convenient break out header for accessing the pins of a SPI flash chip

  • cs
  • clk
  • DO
  • DI
  • GND
  • VCC

without having to use a SOIC 8 pin clamp clip or using tiny little probe connectors with dupont jumper wires.

For whatever reason

i can longer dump / read the contents of the current flash chip on my OLS. 🤷‍♂️  In the past I would use the below command to dump the contents of the chip

Code: [Select]
flashrom -p buspirate_spi:/dev/tty.usbserial-A700dzDq -r dump-01.bin -c W25X40

and then i could verify the file using
Code: [Select]
file
and
Code: [Select]
md5sum
of the dumped blob

Code: [Select]
file obls-dump6.bin
obls-dump6.bin: Xilinx BIT data - from Logic_Sniffer.ncd;UserID=0xFFFFFFFF - for 3s250evq100 - built 2011/02/23(02:10:05) - data length 0x29500

I can not determine where my issue may be. Is it?

  • OLS open bench logic sniffer, which i can connect to, and run the below command
    • Code: [Select]
      olsfwloader -f APP -P /dev/tty.usbmodem1411 -R -r dump.hex
    • Code: [Select]
      Found OLS HW: 1, FW: 3.0, Boot: 2
      Found flash: WINBOND W25X40
      Reading flash
      ................................................................
      Writing file 'dump.hex'

or is it something else I'm overlooking (i've been trying to figure out where to fault is for a little while now) and I want to believe the issue is with flashrom, and not my physical connections or hardware, as i have run into issues with in the past

And I'm not opposed to using the provided interface by the BPI, ie the SPI mode of the firmware, but that is something I have not used before in the past.  Either way, I'd like to figure how to fix flashrom so i can dump the contents of the OLS flash chip using flashrom once again. or use the SPI mode provided by the BP to begin see if i can even verify if the connections to the chip are sound, and possibly learn how i could retrieve the JEDEC id of the chip just to verify the communication between the BP and the ols spi flash chip.

Any and all suggestions are greatly welcome
also known as ipatch on these forums, account got locked out during the upgrade 🤷‍♂️
...shit happens