Thanks for the help, you have been very helpful. OK I'll dig in further on my on, time to dust off oscilloscope. It would just make my understanding better if I could have some base information: 1. Are CE1/CE2 levels changed in current CPLD configuration only as a a result using sync button or as a result of also something else? 2. You mentioned that one can "you can short the PU_EN jumper and not solder CE_B, that will disable secondary nand" Can you point me to the location of PU_EN?
Did a little investigation by just gradually eliminating stuff that I changed after successful glitching when I added the second nand. After some trials found out that if I did the following the glitch image started to work again with post0 e4 image as before: 1. desoldering motherboard nand connection from ace and restoring track 2. eliminated second nand from play by pulling its CE to high (3.3V) through a resistor You were right about retail image - I could not get it to work in this situation. Then I broke track again and tied the FT1T1 to ground to make it active. Nand was written/read OK, but no successful glitches again. Could it because southbridge is no longer connected to CE that the timings change?
https://www.dropbox.com/s/kj1pu59tnn1i8b8/jasper_150S_E_4_L_1_SU_DU.xsvf I hope this one can work without cutting the trace (+ post1 for retail compatibility)
В чем может быть дело? Припаял бутербродом на корону нанд сверху: 1. Родной нанд STM, обрезал дорогу CE, с ним приставка стартует, подпаян на чипе к CE2. 2. Верхний нанд Hynix, подогнул 9 ногу, соединил отгнутую ногу до CE1 на чипе, льется и определяется флешером все нормально, но СТАРТА нет при выборе второго нанда. Мать корона v5
СЕ2 припаян к резюку по линии CE родного нанда (этот нанд стартует первым), ессно дорога СЕ перерезана возле точки DB1D5 CE1 припаян к отогнутой ноге верхнего нанда
По умолчанию (когда запускается родной нанд) на родном нанде нет напряжения, на верхнем нанде 2.25v Когда выбираешь второй нанд, на родном нанде 2.69v, на верхнем нанде нет напряжения.
прозвони ещё раз, может недорезал дорогу... и что во втором залито? пробовал лить оригинал / фрибут? что значит "нет старта"?
разрезано на 100%, там 0.5мм щель нет старта - имеется ввиду никакой реакции на кнопку включений при выбранном втором нанде
Connected post to FT6U7 reconnected nand track back on motheboard Following observations: 1. when nothing connected on ACE ce1 ce2, track is connected on MB and additional NAND pulled to 3.3V you can read/write MB nand and retail boots ok. glitching does not succeed. 2. when motherboard nand is connected to ce2 and additional nand still pulled high read/write motherboard NAND works, but retail doesn't boot - RROD 3. when motherboard nand is connected to ce2 and additional nand to ce1 it doesnt go either in addition to track being present, RROD on retail boot, switching to secondary nand does not work. Voltages on ce2 when connected switched between 0,8V and 2,07V So in summary - Retail works, RGH2 doesnt (probably timings again different?) switching doesnt work.
RichY, не знаю в чем было дело, но я поставил какой-то старые полуубитый Hynix (с оторванным CE и неиспользуемыми ногами), припаял этот нанд сверху , подпаялся тонкой жилой к остатку контакта CE, и работает! ессно все закрепил под клей. Хотя учитывая все косяки, на устаноку бутерброда я потратил меньше времени чем на распайку мажорских сквиртовских плат (заказал десяток, а знал бы - просто нанды в 3 раза дешевле купил). Теперь другая трабла, дуалнанд впервые на Ешку ставлю, как паять диод? На слимках все просто, землю диода к земле возле диодов на RF-плате, а с чипа точку от плюса диода проводом до плюса диода на RF плате, на ешке упорно не работает, при этом тот же диод впаиваешь в чип - и он горит. И куда лучше паять плюс, чтобы яркость выше была, а то сильно тускло горят диоды от родных точек дебага с чипа.
Ok here is what I think is going on Here is a picture of what is happening when data is being exchanged with NANDs (from Hynix datasheet). CE# is pulled low from high voltage (inactive over 2.4V) state to low voltage (active less 0.8V) to activate the chip and then depending on types of operations performed on the chip various other NAND pins are pulled low/high after CE# has been pulled low. So basically pulling CE low starts the timing offsets that enables both south bridge and nand to precisely know what is going to happen when like here (this is just one example of type of operations with NAND): So I measured if this is indeed what is happening in real life: Bottom is the CE line from south bridge and top is basically higher frequency noise due to during reading NAND. So if you pull CE low NAND knows someone want to talk to them and starts to respond based on offset from CE pulled low. If we remove that information there could be some synchonization issues as the common event is by no longer seen by NAND and therefore the answer cannot arrive at exactly the expected time back to south bridge. Especially if various mix of commands are used as in real life vs. just reading or writing the NAND sequentially. But there ofcourse is a solution - instead of pulling the active NANDS CE line to low voltage we should actually switch if according to the CE line coming from south bridge. Inactive NANDS CE line can be kept at high voltage. I measured the for how long each conversation lasts between south bridge and nand and thankfully its not a very fast changing signal: Its just around 64 uS which is around 15KHz. This should be no problem for CPLD. But I don't know what CPLD is in ACE and whether we have spare pins that can do the switching. What we need there is just maps two CE output signals for primary and secondary so that the active nands changes according to the southbridge CE and inactive NANDs CE is kept high (over 2.4V). If we cannot keep inactive nands CE high we can ofcourse just put it into not a bit lower state voltage and make sure that there is some 10K resistor near NANDs that pull them to 3.3V line. The nand on the motherboard already has that feature (R1E2). Ofcourse direct connection needs to broken somewhere between southbridge and motherboard nand. I've verfied that on my machine both primary and secondary nand work correctly on bootup only when the active nands CE is connected to CE line of south bridge and not just pulled low. Inactive nands CE is pulled high as the same time.
but it worked fine on my jasper, without any complicated things! moreover, all current dual nand solutions (demon, squirt, trident) works the same way! I can make another port as CE input, and link / switch it with NANDs https://www.dropbox.com/s/70dec61j6ydprv2/1.xsvf this one will map signals from R4 to R7 & R8 also you can use R5 to switch CEs (ground it and CEs will be immediately switched without SMC reset)
Вопрос, как вывести индикацию дебага на переднюю панель? Неделю назад ставил на слимку дуалнанд, просто катодом к RF плате на землю, и анод к площадке анода на X360Ace v2, и работало отлично! Хз толи чипы разные, толи в другом дело, но поставив точно такой же чип на Xbox 360 E. не работает диод на рф плате, паялся к двум площадкам диода и резюку рядом, в чем может быть дело?
