Zhuowei Zhang on Nostr: (me, never done any hardware hacking, trying to figure out how things work) When ...
(me, never done any hardware hacking, trying to figure out how things work)
When dumping an eMMC, you cut the trace to the eMMC clock or even cut power to the device CPU to stop the device from booting and accessing the eMMC while you're dumping.
Why can't you just ground the eMMC clock temporarily? This is the canonical method to reach bootrom mode in many devices, and the device won't try to read/write eMMC in bootrom.
> The clock will run 100% of the time while the system is on, even if there is no eMMC or a bad eMMC
(https://www.retrosix.wiki/emmc-booting)
oh.
I guess eMMC/SD controllers turn on clock at probe, and never turn them back off, even when the eMMC fails to read. So you need to cut the clock so your SDCard reader's clock can take over
When dumping an eMMC, you cut the trace to the eMMC clock or even cut power to the device CPU to stop the device from booting and accessing the eMMC while you're dumping.
Why can't you just ground the eMMC clock temporarily? This is the canonical method to reach bootrom mode in many devices, and the device won't try to read/write eMMC in bootrom.
> The clock will run 100% of the time while the system is on, even if there is no eMMC or a bad eMMC
(https://www.retrosix.wiki/emmc-booting)
oh.
I guess eMMC/SD controllers turn on clock at probe, and never turn them back off, even when the eMMC fails to read. So you need to cut the clock so your SDCard reader's clock can take over