annotate eeproms/dumps/FT232R-notes @ 56:d4357e6d6679

checking in some Calypso JTAG experiments
author Mychaela Falconia <falcon@freecalypso.org>
date Sun, 12 May 2019 04:11:30 +0000
parents af70c59654ed
children 4e13c90c1405
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
48
af70c59654ed EEPROM dumps moved into eeproms/dumps and properly annotated
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
1 Unlike FT2232x devices with external EEPROMs, an FT232R device is not expected
af70c59654ed EEPROM dumps moved into eeproms/dumps and properly annotated
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
2 to ever have a blank EEPROM in normal usage: these chips have their EEPROM
af70c59654ed EEPROM dumps moved into eeproms/dumps and properly annotated
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
3 built in, and FTDI ships them with this internal EEPROM already programmed.
af70c59654ed EEPROM dumps moved into eeproms/dumps and properly annotated
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
4 It may be possible to create a "blank" EEPROM by explicitly programming 0xFFFF
af70c59654ed EEPROM dumps moved into eeproms/dumps and properly annotated
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
5 into every word, but it would be an unnatural scenario, and I (Mother Mychaela)
af70c59654ed EEPROM dumps moved into eeproms/dumps and properly annotated
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
6 do not currently have an FT232R device on which I can experiment: I don't have
af70c59654ed EEPROM dumps moved into eeproms/dumps and properly annotated
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
7 an FT232R device which is not valuable and which is not already bricked.
af70c59654ed EEPROM dumps moved into eeproms/dumps and properly annotated
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
8
af70c59654ed EEPROM dumps moved into eeproms/dumps and properly annotated
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
9 I have read out the EEPROM content from the two specimen I did have available:
af70c59654ed EEPROM dumps moved into eeproms/dumps and properly annotated
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
10 FT232R-specimen1 came from a no-name ebay-sourced FT232RL breakout board;
af70c59654ed EEPROM dumps moved into eeproms/dumps and properly annotated
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
11 FT232R-specimen2 came from George UberWaves' "FTDI Professional" USB-serial
af70c59654ed EEPROM dumps moved into eeproms/dumps and properly annotated
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
12 cable with OsmocomBB branding. Specimen 2 is probably a genuine FT232RL chip
af70c59654ed EEPROM dumps moved into eeproms/dumps and properly annotated
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
13 (I remember George telling me that he went out of his way to procure genuine
af70c59654ed EEPROM dumps moved into eeproms/dumps and properly annotated
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
14 FTDI chips after having been burned by FTDI's Winblows drivers screwing around
af70c59654ed EEPROM dumps moved into eeproms/dumps and properly annotated
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
15 with close-but-not-perfect clones), but specimen 1 is suspected to be one of
af70c59654ed EEPROM dumps moved into eeproms/dumps and properly annotated
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
16 those less-than-perfect clones: the serial number string was programmed to
af70c59654ed EEPROM dumps moved into eeproms/dumps and properly annotated
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
17 "00000000", whereas FTDI supposedly program true per-unit serial numbers.
af70c59654ed EEPROM dumps moved into eeproms/dumps and properly annotated
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
18
af70c59654ed EEPROM dumps moved into eeproms/dumps and properly annotated
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
19 The only diffs between FT232R-specimen1 and FT232R-specimen2 are the just-
af70c59654ed EEPROM dumps moved into eeproms/dumps and properly annotated
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
20 mentioned serial number string (specimen 2 has it set to "A9031HG6", which looks
af70c59654ed EEPROM dumps moved into eeproms/dumps and properly annotated
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
21 like a real per-unit serial number), two non-understood "garbage" words after
af70c59654ed EEPROM dumps moved into eeproms/dumps and properly annotated
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
22 the last string, and of course the checksum.
af70c59654ed EEPROM dumps moved into eeproms/dumps and properly annotated
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
23
af70c59654ed EEPROM dumps moved into eeproms/dumps and properly annotated
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
24 The unit that was specimen 1 (the suspected fake) is now bricked: when I tried
af70c59654ed EEPROM dumps moved into eeproms/dumps and properly annotated
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
25 to program my own EEPROM config generated with ftee-gen232r, the resulting
af70c59654ed EEPROM dumps moved into eeproms/dumps and properly annotated
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
26 EEPROM content became a bitwise AND between the previous image and the new one,
af70c59654ed EEPROM dumps moved into eeproms/dumps and properly annotated
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
27 as if the "EEPROM" is not really an erasable memory, but one of OTP kind where
af70c59654ed EEPROM dumps moved into eeproms/dumps and properly annotated
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
28 ones can be turned into zeros, but not the other way around. I am not willing
af70c59654ed EEPROM dumps moved into eeproms/dumps and properly annotated
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
29 to experiment on the specimen 2 chip because it is part of a valuable cable
af70c59654ed EEPROM dumps moved into eeproms/dumps and properly annotated
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
30 assembly which I don't want to risk bricking, so I will need to order more
af70c59654ed EEPROM dumps moved into eeproms/dumps and properly annotated
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
31 sacrificial hardware and wait for it to arrive before I can experiment further.