This file contains the OOB out-of-band data as well, resulting in a byte file.
I can now write my image to mtd using nandwritewith the -o option to indicate that the dump contains OOB information:. This results in a byte file without OOB data. This file is sensible as in, contains file systems I can mount. How does this combination of nandsimnandwrite and nandddump decide which ECC scheme to use?
How do these utilities know what to do? First of all the ECC scheme used does not necessaryly have to be the for all the flash erase blocks. There are ususally 3 different types of flash partitions used and for every type the method to specify the used ECC code differs:. For any ECC scheme we need to add some extra data while writing so as to detect and correct if possible the errors introduced by the NAND part.
The bootloader decides this on his own. The information is controlled by U-Boot configuration settings set at compile time. Recent versions of U-boot can switch the ecc at runtime using the nandecc command. The selection is completely OS specific. For Linux embedded systems using AMx processors I know that this information is passed into the kernel using the device tree. There is a parameter called bch which can be passed to the nandsim module to select an ecc code.
Similar to the nandsim module real mtd drivers have ways to specify the used ECC scheme kernel parameters, device tree. But you can instruct nanddump to ignore the ECC information, too. Sign up to join this community.
The best answers are voted up and rise to the top. Home Questions Tags Users Unanswered. Ask Question. Asked 4 years, 6 months ago. Active 3 years, 9 months ago. Viewed 7k times. A few times, when playing around, I have seen ECC errors when running nanddump. Cybergibbons Cybergibbons 1, 1 1 gold badge 14 14 silver badges 24 24 bronze badges.
You might have better luck asking on electronics. I think I will try to move it over if I get nothing here. I've tried a few other places and the answers have been don't know or "read the code" which is great, but I still can't work out how it works.
Active Oldest Votes. There are ususally 3 different types of flash partitions used and for every type the method to specify the used ECC code differs: The one that are accessed by the ROM bootcode The ones that are accessed by the bootloader usually u-boot The ones that are accessed by the operating system assuming you are using Linux In general the use of a specific ECC method is limited by the OOB size of the flash. ECC used by the bootloader The bootloader decides this on his own. Which ECC method does nandsim use There is a parameter called bch which can be passed to the nandsim module to select an ecc code.In systems management, out-of-band management involves the use of management interfaces or serial ports for managing and networking equipment.
Out-of-band management allows the network operator to establish trust boundaries in accessing the management function to apply it to network resources. It also can be used to ensure management connectivity including the ability to determine the status of any network component independent of the status of other in-band network components.
In computing, one form of out-of-band management is sometimes called lights-out management LOM and involves the use of a dedicated management channel for device maintenance. It allows a system administrator to monitor and manage servers and other network-attached equipment by remote control regardless of whether the machine is powered on, or whether an operating system is installed or functional. By contrast, in-band management through VNCSSH or even serial ports is based on in-band connectivity and software that must be installed on the remote system being managed and only works after the operating system has been booted.
This solution may be cheaper, but it does not allow access to firmware BIOS or UEFI settings, does not make it possible to reinstall the operating system remotely, and it cannot be used to fix problems that prevent the system from booting. In networking, it does not allow management of remote network components independently of the current status of other network components.
NAND Flash Support Table
Both in-band and out-of-band OOB management are usually done through a network connection, but an out-of-band management card can use a physically separated network connector if preferred. A remote management card usually has at least a partially independent power supply and can switch the main machine on and off through the network. A complete remote management system allows  remote reboot, shutdown, powering on; hardware sensor monitoring fan speed, power voltages, chassis intrusion, etc.
It also can access local media like a DVD drive, or disk images from the remote machine. If necessary, this allows one to perform remote installation of the operating system. Remote management can be used to adjust BIOS settings that may not be accessible after the operating system has already booted.
Settings for hardware RAID or RAM  timings can also be adjusted as the management card needs no hard drives or main memory to operate. As management via a serial port has traditionally been important on servers, a complete remote management system also allows one to interface with the server through a Serial over LAN cable.
As sending monitor output through the network is bandwidth intensive, cards like MegaRAC use built-in video compression  versions of VNC are often used in implementing this . Devices like Dell DRAC also have a slot for a memory card where an administrator may keep server-related information independently from the main hard drive.
The remote system can be accessed either through an SSH command-line interface, specialized client software, or through various web-browser-based solutions. There are also various scaled-down versions, up to devices that only allow remote reboot by power cycling the server. This helps if the operating system hangs but only needs a reboot to recover.
NAND bad blocks
Remote management can be enabled on many computers not necessarily only servers by adding a remote management card while some cards only support a limited list of motherboards. Newer server motherboards often have built-in remote management and need no separate management card.
Internally, Ethernet-based out-of-band management can either use a dedicated separate Ethernet connection, or some kind of traffic multiplexing can be performed on the system's regular Ethernet connection. Thus, out-of-band nature of the management traffic is ensured in a shared-connection scenario as the system configures the NIC to extract the management traffic from the incoming traffic flow on the hardware level, and to route it to the BMC before reaching the host and its operating system.
An older version of out-of-band management is a layout involving availability of a separate network which allows network administrators to get command-line interface CLI access over the console ports of network equipment, even when those devices are not forwarding any payload traffic.
If a location has several network devices, a terminal server can provide access to different console ports for direct CLI access. In case there is only one or just a few network devices, some of them provide AUX ports making it possible to connect a dial-in modem for direct CLI access.
Stack Overflow for Teams is a private, secure spot for you and your coworkers to find and share information. However, my changes aren't taking effect. Learn more. Asked 5 years, 11 months ago. Active 5 years, 11 months ago. Viewed 1k times. The process I'm following is: Use 'nand read.
Is there any way to do what I want? Overo mm. Overo nand write. Notice that the data at 0x and 0x is not 'ff' as it should be. Tom Hennen. Tom Hennen Tom Hennen 3, 7 7 gold badges 28 28 silver badges 40 40 bronze badges.
Does the write command you are using automatically erase flash blocks before writing to them? If not, you can probably write 1's such as your 0xff to 0's, but not back again, until you explicitly erase. Also, is your NAND perhaps locked against writing?
From your prompt it looks like perhaps you have a Gumstix Overo, but please edit your specific processor and NAND chip identities into your question text. It doesn't look like the write.
So I guess I'd have to read the entire eraseblock in to memory including oob datathen modify the bits I want in memory, erase that block and then write it all back down using write.
That's kind of a pain. Am I correct in thinking that's the only way to go? Sure seems like it - unless you can dig up a data sheet for that particular part that says otherwise. If you are designing a custom scheme, consider if you can create one that only ever needs to write 1's to 0's, and thus avoid the erasing. Hmm, That's a pain. If you put this as an answer I'd be happy to accept it.
Change your preferences any time. Stack Overflow for Teams is a private, secure spot for you and your coworkers to find and share information. I am struggling on flashing a previous ROM dump of an embedded device in Linux.
My previous dump contains oob data. By comparing the old and new ROM dump, I see some un-explainable situation: the last 24 bytes of the oob ecc bytes of any empty blocks filled with 0xFF is ought to be 0xFF also, but those in the new ROM dump is filled with 0x00, causing later write failures. So the problem exists when trying to write an empty page to the NAND? Now I am having this problem also when writing a bootloader image.
The image isn't page-aligned so nandwrite padded it with 0xFF. But for pages with only 0xFF the ecc bytes are still polluted by 0x00 just like above.What is NAND Flash? MLC vs. TLC, 3D NAND, & More
Seems that my hack doesn't totally solve my problem. Anyone can help? Perhaps it could be a bug in kernel 2. Sorry, Alvin, but the backup really will not "only work on that particular flash", because you cannot know when a particular bit will go from good to marginal or marginal to bad.
You may read it in one state, attempt to write it in the exact same state and fail, on any given day, with any given backup. You read from the device with ECC corrections to get good data. Consider a situation where you have a block 1 with an error in position 0. The "controller" of the Nand-flash device puts error correcting code to correct this error. If that new nand-flash device has an error in position 1.
Then the data you write back will be wrong on the following read, because position 1 is bad. But the system will think it is right, because the ECC does not show an error in position 1.
The only way to do it reliably is to read the data out, use the systems ECC algorithms to correct any errors. Write the data out to a new device, use the systems algorithms to correct any bit errors. I made a backup of that particular chip and then write it back to THAT particular chip. It's not me who think it's the same, but there is only one single chip from the beginning to the end.A erase block consists of multiple pages.
GTA02 has kByte large erase blocks. NAND memory apparently gets shipped with blocks that are already bad.
Optometrists & Opticians
The vendor just marks those blocks as bad, thus resulting in higher yield and lower per-unit cost. We are also guaranteed that a minimum of blocks out of the total are good.
This means up to 70 blocks 1. You may want to backup the "Factory-Default bad blocks" just in case you accidentally delete it. The u-boot command "nand bad" lists the offsets of the bad blocks. The boot loader itself contains a small first-stage boot loader for the S3C Steppingstone. This code mostly written in ARM assembly was altered to detect and skip bad blocks.
This means, the first stage bootloader can itself extend over bad blocks. The u-boot environment is traditionally stored at a fixed location within the NAND flash. This is not acceptable, since it could be a factory-set bad block. Since the environment address is unlikely to change often, the erase cycles guaranteed for the first block are good enough. The exact location is byte The u-boot "dynenv get" command can be used to read out a pre-programmed Environment offset from NAND, and the "dynenv set" can be used to write the offset if the last eight bytes of OOB area are erased 0xff.
Since those up to 80 factory-bad blocks can be located about anywhere in NAND, we have to accomodate for this worst case. However, we cannot just make every partition 1. The only solution to this that Harald could think of is to dynamically calculate a partition table for each device. So as an example, let's assume we have a 0x k bytes sized partition for u-boot, starting at address 0 in NAND. If there were no bad blocks, it would extend from 0x to 0x From 0x to 0x 2MB we have the kernel partition.
Let's now assume that blocks 0x and 0x each 0x in size are marked as factory-bad. Thus, in order to have 0x bytes of usable storage, the uboot partition actually extends from 0x to 0x This shifts the start address of the kernel partition to 0x If the kernel partition contains more bad blocks, the start address of the rootfs partition following the e kernel partition is further shifted down to the end.
Those calculations have been implemented as u-boot "dynpart" command. Once you issue "dynpart", the partition configuration is put in the "mtdparts" environment variable. If you "saveenv" the environment, it is saved into the non-volatile environment partition. Since the usual bad block marker in the OOB area does not allow us to distinguish between factory-bad and worn-out-bad blocks, we need to store this information elsewhere.
Reverse Engineering Stack Exchange is a question and answer site for researchers and developers who explore the principles of a system through analysis of its structure, function, and operation.
It only takes a minute to sign up. The dump was done by a friend and unfortunately cannot be redone because the chip was destroyed. I tried various ways of removing OOB and I can get some reasonably-looking data but many things are still off and I can't extract proper files.
Just by looking visually into hex dump, there are a byte lines beginning with "01 00 00 00" every 0x bytes which look out of place. I made a short script to remove 16 bytes after every 0x And indeed, the next line starting with 01 00 00 00 is atnot I tried to account for it and restart, but I ran into similar issues later. So I wonder if I'm missing something.
The full file is 4GB which is a bit heavy so here are few cut out chunks:. The final goal is to figure out the firmware update encryption and produce custom firmware for the device. First, a bit of background on NAND: it is organized in pages which are grouped into blocks. You can read or write a single page at a time but erasing which turns all bits to 1s so bytes to FFs can be only done one block at a time writing can only change bits from 1 to 0 but not the other way around, so to write new data the block usually has to be erased first.
And the value is So looks like is the start of NAND block 1. If we check the code further, we can see that it's looking for other signatures e. And let's see:. So looks like the page size in the dump is The actual data is probably 0x bytes and 0x40 is the "spare" data.
So, this explains why I had desynchronization after each four 0x sectors: there are 8 sectors per page but only 0x40 bytes of OOB data.Selecting a language below will dynamically change the complete page content to that language. You have not selected any file s to download. A download manager is recommended for downloading multiple files. Would you like to install the Microsoft Download Manager?
Generally, a download manager enables downloading of large files or multiples files in one session. Many web browsers, such as Internet Explorer 9, include a download manager. Stand-alone download managers also are available, including the Microsoft Download Manager. The Microsoft Download Manager solves these potential problems. It gives you the ability to download multiple files at one time and download large files quickly and reliably.
It also allows you to suspend active downloads and resume downloads that have failed. Microsoft Download Manager is free and available for download now. Warning: This site requires the use of scripts, which your browser does not currently allow. See how to enable scripts. Select Language:. Choose the download you want. Download Summary:. Total Size: 0.
Back Next. Microsoft recommends you install a download manager. Microsoft Download Manager. Manage all your internet downloads with this easy-to-use manager. It features a simple interface with many customizable options:. Download multiple files at one time Download large files quickly and reliably Suspend active downloads and resume downloads that have failed. Yes, install Microsoft Download Manager recommended No, thanks.
What happens if I don't install a download manager? Why should I install the Microsoft Download Manager? In this case, you will have to download the files individually.