4dsdev
Views: 1,609,223 Main | Rules/FAQ | Memberlist | Active users | Last posts | Calendar | Stats | Online users | Search 11-21-24 11:23 AM
Guest:

0 users reading Wifi SPI FLASH myth solved | 1 bot

Main - Reverse-engineering - Wifi SPI FLASH myth solved Hide post layouts | New reply


nocash
Posted on 03-28-18 03:25 AM Link | #1120
I think that I've solved the Wifi SPI FLASH myth. Either that, or I am making a fool of myself.

Newer DSi's and 3DS's are having a smaller SPI FLASH chip on the wifi board. From what I got told, the chip capacity is exactly the amount of writeable memory needed for storing settings & calibration data. If that's true then Nintendo has somehow manufactured a custom FLASH chip with NDS-compatible 24bit address bus and 3.75Kbyte capacity for cost-down reasons.

Might be so. But the theory always smelled like bad research to me. One known thing is that the newer SPI FLASH chips have different package & pinout than older chips. Now I've recently discovered that the new pinout does match-up with W25D40 chips, and that those 25xxx chips are using different SPI write commands (and do also require additional erase commands, which wasn't needed on the 45xxx chips used in NDS and early DSi's).

So the new theory is: Nobody has ever successfully written any data to the new FLASH chips, hence making it impossible to know whether the chip capacity is 3.75Kbytes, or if it's 128Kbytes, or even 512Kbytes, or the like.

To prove that I am wrong isn't possible. The problem is that even old NDS titles from 2005 appear to be made forwards compatible with 25xxx FLASH chips (though maybe very early titles from 2004 aren't, which would make them unable to store Wifi access point settings on consoles with 25xxx FLASH chips). The only other option would be examining the actual hardware, ie. to try to write to the FLASH memory, or to read its chip ID. But I suspect that the DSi and 3DS homebrew scenes aren't yet remotely able to accomplish such things. Or well - you can prove that I am wrong on that part : )

nocash
Posted on 03-29-18 11:47 PM Link | #1121
Guess I made a fool of myself : )

DSi launcher 1.4E does support 25xxx chips on ARM7 side:
0376D0A0 EA00000C b 376D0D8h ;@@spi_flash_func_00h_write_enable
0376D0A4 EA00000D b 376D0E0h ;@@spi_flash_func_01h_write_disable
0376D0A8 EA00000E b 376D0E8h ;@@spi_flash_func_02h_get_status
0376D0AC EA000010 b 376D0F4h ;@@spi_flash_func_03h_read_data
0376D0B0 EA00001F b 376D134h ;@@spi_flash_func_04h_fast_read_data
0376D0B4 EA00002E b 376D174h ;@@spi_flash_func_05h_write_45xxx_cmd_0Ah
0376D0B8 EA00003F b 376D1BCh ;@@spi_flash_func_06h_write_25xxx_cmd_02h
0376D0BC EA000050 b 376D204h ;@@spi_flash_func_07h_erase_100h
0376D0C0 EA00005D b 376D23Ch ;@@spi_flash_func_08h_erase_10000h
0376D0C4 EA00006A b 376D274h ;@@spi_flash_func_09h_enter_deep_power_down
0376D0C8 EA00006B b 376D27Ch ;@@spi_flash_func_0Ah_release_deep_power_down
0376D0CC EA00006C b 376D284h ;@@spi_flash_func_0Bh_erase_whole_chip
0376D0D0 EA000078 b 376D2B8h ;@@spi_flash_func_0Ch_get_jedec_chip_id
0376D0D4 EA00007A b 376D2C4h ;@@spi_flash_func_0Dh ... padding?
But, ARM9 side seems to use only a few of those functions:
026C27D6 4905 ldr r1,=3002000h ;IPC for "@@spi_flash_func_00h_write_enable"
026C27F2 4905 ldr r1,=3002100h ;IPC for "@@spi_flash_func_01h_write_disable"
026C2810 4913 ldr r1,=2002200h ;IPC for @@spi_flash_func_02h_get_status
026C2876 4923 ldr r1,=2002300h ;IPC for "@@spi_flash_func_03h_read_data"
026C291A 491D ldr r1,=2002500h ;IPC for "@@spi_flash_func_05h_write_45xxx_cmd_0Ah"
026C2996 4905 ldr r1,=3002D00h ;IPC for "@@spi_flash_func_0Dh ... padding?"
So the 25xxx code seems to be just garbage where they've linked in some library containing several unused functions.

Going by the photos on http://dsibrew.org/wiki/WiFi_Module the flash chip is marked "5A32", if there's any meaning behind it then the "5" might translate to 25xxx, 45xxx, or 95xxx flash/eeprom families. And the "32" might refer to 32Kbits (=4Kbytes) or 32Mbits (=4Mbytes). The latter one would be nice - but it's quite unlikely that they've used a chip with that capacity.


Main - Reverse-engineering - Wifi SPI FLASH myth solved Hide post layouts | New reply

Page rendered in 0.017 seconds. (2048KB of memory used)
MySQL - queries: 25, rows: 62/62, time: 0.005 seconds.
[powered by Acmlm] Acmlmboard 2.064 (2018-07-20)
© 2005-2008 Acmlm, Xkeeper, blackhole89 et al.