Extract Firmware using SPI
Requirements:
external SPI flash, which has firmware stored
SPI capable reader (Buspirate, RaspberryPi, Xgecu T56, etc.)
Let's say you find an external flash memory on a PCB: chances are good that it will store interesting information like the bootloader or the root-filesystem.
Steps to Extract Firmware:
Identify the used flash chip by Google the chip description printed on it
in the datasheet of the chip you should find the pinout of the chip (the dot on the chip specifies the upper left corner
Example Pinout:
Example pinout of a flash chip
Connect your Flash reader probes to the pins of the chip:
The quickest and easiest way to connect to a flash chip is by using a clamp, like these:
Attach the clamp to the chip and the end to your programmer/debugger like the Bus Pirate or an Xgecu T56.
If you don't have a clamp, you can also solder cables directly to the needed pins:
If Unsuccessful: The methods before can be unsuccessful as the MCU on the PCB inteferes with the flash chip, making it unable to read out. In that cases you can try to:
Remove clock crystal on the PCB to stop the MCU from running
desolder the flash chip and read it out separately using XGECU T56 for example
If the chip has internal pins (BGA layout) you might be required to desolder the chip.
If you desoldered the chip, you can:
solder jumper cables on the correct pins
read the chip out by placing it on an adapter, like the XGecu T56:
You can also 3D-Print Board Probe Testing Jig like this one:
The needles probes will directly connect to the pins on the chip:
Last updated
Was this helpful?