Practical Reverse Engineering Part 4 - Dumping the Flash

In case you need to dump&#x2F;re-flash an SPI memory chip, but don&#x27;t happen to have an FTDI programmer handy (be that as a protest to their despicable actions with Windows drivers some time ago, or for any other reason), another (much cheaper) alternative is Chinese CH341A, which are available on eBay and other usual places for around $3 (complete assembled programmer board, shipped). CH341A is well supported on both Linux [1] and Windows [2].<p>[1] <a href="https:&#x2F;&#x2F;github.com&#x2F;setarcos&#x2F;ch341prog" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;setarcos&#x2F;ch341prog</a><p>[2] <a href="https:&#x2F;&#x2F;tosiek.pl&#x2F;ch341-eeprom-and-spi-flash-programmer&#x2F;" rel="nofollow">https:&#x2F;&#x2F;tosiek.pl&#x2F;ch341-eeprom-and-spi-flash-programmer&#x2F;</a>

This approach won&#x27;t always work. On some boards applying enough power to bring up the SPI will also power enough connected logic that it&#x27;ll start generating SPI traffic and your read attempts will fail. On some boards the capacitance of unpowered logic will leave you miserable. It&#x27;s definitely worth trying this as a first step in dumping SPI, but you need to be prepared to remove the chip and re-dump it. Also bear in mind that these things <i>really</i> aren&#x27;t designed for multiple attach&#x2F;detach cycles, so unless you want an IC with fewer legs than it started with you shouldn&#x27;t plan on being able to repeatedly remove and reflash it without adding some sort of removable setup - sockets may not be practical for multiple reasons, but you might be able to get away with soldering a header onto the pads and then jumpering the chip onto that. But as a fallback: dump the chip after you remove it the first time, keep hold of that dump and buy some compatible parts that you can swap in if you kill it.

This is such a great series! I have been an RE hobbyist for some years, but this taught me a few tricks I didn&#x27;t know about.

SDA\