Dumping An EMMC Chip With Many Bodge Wires

Sometimes, you know where the data you need is stored, you just don’t have a way to access it. In this case, [GetHypoxic] needed to rip data off an eMMC chip, salvaged out of a camera. With no desire to wait for an adapter to show up, it was time to bust out the bodge!

Once removed from the PCB, bodge wires were attached to the ball-grid array contacts on the bottom of the chip. Incredibly fine soldering was the order of the day to get these hooked up to the tiny pads, and we count 11 or 12 bodge wires in total. 1.8 volts was manually supplied to the eMMC chip, and it was directly wired up to the contacts of a built-in card reader out of an old laptop for reading.

Despite the rats-nest look of it all, and the yellow polyimide tape holding it together, [GetHypoxic] reported that it mounted successfully and got the job done. We’ve seen similar hacks before, too, wiring eMMC chips up to SD card adapters. It might look messy, but hey – it sure beats waiting for shipping!

An EMMC Gives Up Its Secrets

An increasing phenomenon over the years since mobile phones morphed from simply telephones into general purpose pocket computers has been that of the dead device taking with it some treasured digital resource. In most cases this means the device has died, but doesn’t necessarily mean that that the data has completely gone. Inside the device will be an eMMC flash chip, and if that can be read then the data is safe. This applies to some single board computers too, and thus [Jeffmakes]’ adventures in recovering an eMMC from a dead Raspberry Pi CM4 are particularly interesting.

The whole thing relies on the eMMC presenting the same interface as an SD card, so while it comes in a multi-pin BGA package it can be addressed with surprisingly few wires. Using the PCB from another dead CM4 he traced the relevant connections from eMMC to SoC pads, and was thus able with some very fine soldering to construct an interface for an SD card reader. The disk could then be imaged in its entirety.

This work will be of huge use to experimenters who’ve fried their Compute Modules, but of course the information it contains will also be of use to retrieve those photos from the phone that fell in the bath. It’s not the first time we’ve taken a look at someone’s efforts in this area.

PinePhone Speed Up Takes Soldering

It is no secret that we like a good hack and [Federico Amedeo Izzo] explains a hack for the PinePhone that can double the speed used for the device’s memory chips. Like many good hacks, it all started with a question. [Federico] was reading a review of the PinePhone Pro (the source of the image for this post) and apparently, the eMMC memory in that phone clocks in at about 150 MB/s. The original phone gets about 50-80 MB/s.

Reading some datasheets, it looked like the same chips are in both phones and should support not only DDR52 mode — the mode the original phone uses — but also HS200 and HS400 modes which top out at 200 and 400 MB/s, respectively. But there was one problem.

Continue reading “PinePhone Speed Up Takes Soldering”

Tesla Recalls Cars With EMMC Failures, Calls Part A ‘Wear Item’

It’s a problem familiar to anyone who’s spent a decent amount of time playing with a Raspberry Pi – over time, the flash in the SD card reaches its write cycle limits, and causes a cavalcade of confusing errors before failing entirely. While flash storage is fast, compact, and mechanically reliable, it has always had a writeable lifespan much shorter than magnetic technologies.

Flash storage failures in the computer behind Tesla’s famous touch screen are causing headaches for drivers.

Of course, with proper wear levelling techniques and careful use, these issues can be mitigated successfully. The surprising thing is when a major automaker fails to implement such basic features, as was the case with several Tesla models. Due to the car’s Linux operating system logging excessively to its 8 GB eMMC storage, the flash modules have been wearing out. This leads to widespread failures in the car, typically putting it into limp mode and disabling many features controlled via the touchscreen.

With the issue affecting important subsystems such as the heater, defroster, and warning systems, the NHTSA wrote to the automaker in January requesting a recall. Tesla’s response acquiesced to this request with some consternation, downplaying the severity of the issue. Now they are claiming that the eMMC chip, ball-grid soldered to the motherboard, inaccessible without disassembling the dash, and not specifically mentioned in the owner’s manual, should be considered a “wear item”, and thus should not be subject to such scrutiny. Continue reading “Tesla Recalls Cars With EMMC Failures, Calls Part A ‘Wear Item’”

Hackaday Links Column Banner

Hackaday Links: December 8, 2019

Now that November of 2019 has passed, it’s a shame that some of the predictions made in Blade Runner for this future haven’t yet come true. Oh sure, 109 million people living in Los Angeles would be fun and all, but until we get our flying cars, we’ll just have to console ourselves with the ability to “Enhance!” photographs. While the new service, AI Image Enlarger, can’t tease out three-dimensional information, the app is intended to sharpen enlargements of low-resolution images, improving the focus and bringing up details in the darker parts of the image. The marketing material claims that the app uses machine learning, and is looking for volunteers to upload high-resolution images to improve its training set.

We’ve been on a bit of a nano-satellite bender around here lately, with last week’s Hack Chat discussing simulators for CubeSats, and next week’s focusing on open-source thrusters for PocketQube satellites. So we appreciated the timing of a video announcing the launch of the first public LoRa relay satellite. The PocketCube-format satellite, dubbed FossaSat-1, went for a ride to space along with six other small payloads on a Rocket Lab Electron rocket launched from New Zealand. Andreas Spiess has a short video preview of the FossaSat-1 mission, which was designed to test the capabilities of a space-based IoT link that almost anyone can access with cheap and readily available parts; a ground station should only cost a couple of bucks, but you will need an amateur radio license to uplink.

We know GitHub has become the de facto standard for source control and has morphed into a collaboration and project management platform used by everybody who’s anybody in the hacking community. But have you ever wished for a collaboration platform that was a little more in tune with the needs of hardware designers? Then InventHub might be of interest to you. Currently in a limited beta – we tried to sign up for the early access program but seem to have been put on a waiting list – it seems like this will be a platform that brings versioning directly to the ECAD package of your choice. Through plugins to KiCad, Eagle, and all the major ECAD players you’ll be able to collaborate with other designers and see their changes marked up on the schematic — sort of a visual diff. It seems interesting, and we’ll be keeping an eye on developments.

Amazon is now offering a stripped-down version of their Echo smart speaker called Input, which teams up with speakers that you already own to satisfy all your privacy invasion needs on the super cheap — only $10. At that price, it’s hard to resist buying one just to pop it open, which is what Brian Dorey did with his. The teardown is pretty standard, and the innards are pretty much what you’d expect from a modern piece of surveillance apparatus, but the neat trick here involved the flash memory chip on the main board. Brian accidentally overheated it while trying to free up the metal shield over it, and the BGA chip came loose. So naturally, he looked up the pinout and soldered it to a micro-SD card adapter with fine magnet wire. He was able to slip it into a USB SD card reader and see the whole file system for the Input. It was a nice hack, and a good teardown.

Recover Data From Damaged Chips

Not every computer is a performance gaming rig. Some of us need cheap laptops and tablets for simple Internet browsing or word processing, and we don’t need to shell out thousands of dollars just for that. With a cheaper price tag comes cheaper hardware, though, such as the eMMC standard which allows flash memory to be used in a more cost-advantageous way than SSDs. For a look at some the finer points of eMMC chips, we’ll turn to [Jason]’s latest project.

[Jason] had a few damaged eMMC storage chips and wanted to try to repair them. The most common failure mode for his chips is “cratering” which is a type of damage to the solder that holds them to their PCBs. With so many pins in such a small area, and with small pins themselves, often traditional soldering methods won’t work. The method that [Jason] found which works the best is using 0.15 mm thick glass strips to aid in the reflow process and get the solder to stick back to the chip again.

Doing work like this can get frustrating due to the small sizes involved and the amount of heat needed to get the solder to behave properly. For example, upgrading the memory chip in an iPhone took an expert solderer numerous tries with practice hardware to finally get enough courage to attempt this soldering on his own phone. With enough practice, the right tools, and a steady hand, though, these types of projects are definitely within reach.

Reverse Engineering With Sandpaper

Every once in a while, and more so now than before, you’ll find a really neat chip with zero documentation. In [David]’s case, it’s a really cool USB 3.0 eMMC/ SD MMC controller. Use this chip, attach a USB port on one end, and some memory on the other, and you have a complete bridge. There are drivers, too. There are products shipping with this chip. The problem is, there is no data sheet. Wanting to use this chip, [David] turned to sandpaper to figure out the pinout of this chip.

The best example of a product that came with this chip is a simple board from the hardkernel store that happily came with fairly high resolution product photos. While waiting for these boards to be delivered, [David] traced the top layer of copper. This was enough to get an idea of what was going on, but the real work started when the boards arrived. These were placed in a flatbed scanner and carefully photographed.

The next step was to desolder all the parts, taking care to measure and catalog each component. Then, it’s off to sanding with 200 and 600 grit wet sandpaper. Slowly, the soldermask is removed and the top copper layer appears. After that, it’s just a matter of sanding and scanning, stacking all the layers together with your image processing software of choice.

There are a few caveats to hand-sanding a PCB to reverse-engineer the copper layers. First, it makes a mess. This is wet/dry sandpaper, though, and you can and should sand with water. Secondly, even pressure should be applied. We’re not sure if [David] was holding the sandpaper or not, but the best technique is to actually hold the board itself.

Despite a few problems, [David] did get the pictures of each copper layer. After assembling these images, he could make an Eagle part for an eMMC reader for his Nintendo Switch.