[Tiptoi] Tiptoi hacking

[Matthias Weber]

Hi Björn and all,

(hard to cope with all those emails in my inbox).

Bjoern wrote:
> When I read out the NAND directly by a Raspberry Pi, the data was not
> really reliable because some bits always toggled.

What do you mean? Did you check your data against the error correction
codes in the spare region? Do you understand the checksum?

> Is your reading method giving accurate, reproducable results or are
> toggled bits an inherent effect of reading raw data from NANDs (hence
> using ECC is mandatory) or ?

Unfortunately, I could not find my actual unsoldered NAND flash device
at the CCC. Either I didn't bring it or somebody removed it. I need to
look for it or unsolder a different one. The dump should be pretty
accurate (as it was hell slow).

> I have meanwhile managed to enter the BIOS of the TT. This BIOS offers
> the following commands:
> - download
> - setvalue
> - go
> - dump
> 
> From what I could see so far, only two memory sections contain data:
> section 1:    0x0000'0000 - 0x0000'FFFF
> section 2:    0x0800'0000 - 0x0802'FFFF

That really does sound very interesting. How did you find this out?

Cheers
Matthias