eMMC sudden death research

Oranav

Senior Member
Oct 9, 2010
53
262
0
We ready to test your theory ;) Please answer in AIM
We have done vendor boot size change with CMD62 on VYL00M

Command 62 (ARG: 0xEFAC62EC)
Command 62 (ARG: 0x00CBAEA7)
Command 62 (ARG: bla bla)

But none of "low-level wipe happened"
If you're feeling adventurous, you can try a command (I found during the firmware reversing) which should low level format your chip:
CMD62 (ARG: 0xEFAC62EC)
CMD62 (ARG: 0xFAC0021)

Note that it will delete all the chip metadata (incl. wear leveling state and bad block info) and probably everything in it... Your responsibility :)
 

Product F(RED)

Senior Member
Sep 6, 2010
9,887
2,102
0
Brooklyn, NY
If you're feeling adventurous, you can try a command (I found during the firmware reversing) which should low level format your chip:
CMD62 (ARG: 0xEFAC62EC)
CMD62 (ARG: 0xFAC0021)

Note that it will delete all the chip metadata (incl. wear leveling state and bad block info) and probably everything in it... Your responsibility :)
This will also wipe your bootloader and partitions. I don't recommend it. Nothing short of a JTAG will fix it.

Sent from my SGH-i337 using Tapatalk
 

vim1

Senior Member
May 7, 2006
67
38
0
37
If you're feeling adventurous, you can try a command (I found during the firmware reversing) which should low level format your chip:
CMD62 (ARG: 0xEFAC62EC)
CMD62 (ARG: 0xFAC0021)

Note that it will delete all the chip metadata (incl. wear leveling state and bad block info) and probably everything in it... Your responsibility :)

It doesnt wipe any bad block info , bcoz state in smart report didnt change ;) that confirmed. Wipe erases regions, user, boot1, boot2 , most possible rpmb and also reset extcsd boot config and wipes write protection flags.
 
  • Like
Reactions: E:V:A

Oranav

Senior Member
Oct 9, 2010
53
262
0
It doesnt wipe any bad block info , bcoz state in smart report didnt change ;) that confirmed. Wipe erases regions, user, boot1, boot2 , most possible rpmb and also reset extcsd boot config and wipes write protection flags.
Cool... Did it fix SDS though?
If the smart report wasn't changed I worry that it doesn't fix SDS.
 

vim1

Senior Member
May 7, 2006
67
38
0
37
Cool... Did it fix SDS though?
If the smart report wasn't changed I worry that it doesn't fix SDS.
It dosnt fixed SDS on fully bricked devices ( eMMC name == 000000 )
Reason if very simple - all they have early revision of eMMC firmware and have not
factory reset command handler , any way if they even have it it is not enough
Need to write custom code for accessing internal NAND and recover wear leveling table. There is some ARM6 guru ? We can access card even fully dead mode
Ome thing we need to make custom code for eeprom recovery


Отправлено из моего iPad используя Tapatalk HD
 

Mashed_Potatoes

Senior Member
Oct 26, 2012
738
127
0
Guys sorry for going off topic, but can we replace the dead emmc chip? my friend had SDS and he found a broken note 2 with working emmc chip. can it be replaced?
 

Entropy512

Senior Recognized Developer
Aug 31, 2007
14,095
25,085
0
Owego, NY
Guys sorry for going off topic, but can we replace the dead emmc chip? my friend had SDS and he found a broken note 2 with working emmc chip. can it be replaced?
Not without special soldering equipment. I think Josh at MobileTechVideos did purchase such equipment. However I think some people are pretty close to being able to resurrect these with JTAG.
 

Mashed_Potatoes

Senior Member
Oct 26, 2012
738
127
0
Not without special soldering equipment. I think Josh at MobileTechVideos did purchase such equipment. However I think some people are pretty close to being able to resurrect these with JTAG.
Well he has been told that the repair would cost him 150 dollars minus the replacement eMMC chip.

Is that a rip-off? We've seen guys replace and solder the new eMMC in like 20 minutes on youtube.
 

Product F(RED)

Senior Member
Sep 6, 2010
9,887
2,102
0
Brooklyn, NY
You guys are seriously better off just buying a new phone at this point if your phone is dead. It's just not worth it. Sell it for parts (the screen w/assembly alone will get sell for around the cost of a new S3). Sell the SIM/MicroSD card reader combination. Sell the body of the phone. You might be able to sell the mobo for parts to someone who has experience. Just list it all on eBay and then buy yourselves a new phone with the money.
 

adfree

Senior Member
Jun 14, 2008
9,023
5,281
243
Stupid question...

Someone checked Tizen stuff?

Test device RD-PQ has I9300 pba inside...
Not sure if Live Demo Unit... but I9300A visible on Label...

Maybe checkout s-boot-mmc.bin ca. 290 KB...
http://download.tizen.org/releases/system/

Sources for uboot are here:
ftp://ftp.denx.de/pub/u-boot/

For instance u-boot-2014.04-rc1.tar.bz2

Samsung folder inside...
TRATS is S2 related...
TRATS2 is I9300 related...

I think RD-PQ is 16 GB variant...
Partition table is inside u-boot-mmc.bin
Attached...
IS unsigned or I have not seen Signature...

I9300 retail ignored this PIT...
I think because missing Sig...

Please, I am new to I9300 :eek:
And I have only 1 damaged device with damaged Display, so I can't see nor Touch working...
So I was not able yet to dump few first Bytes from eMMC...

My obsolete knowledge about 512 Byte MBR + partition table... is from S8500/I9000...

For instance S8500 has 512 MB OneNAND and 1960 MB moviNAND... something similar like eMMC...

OS stores additional info into this MBR...
Code:
2NDFORMATCOMPLETED
2NDRSTORECOMPLETED
[B]PRODUCTCODEINVALID[/B]
If NAND/Headerinfo is alive in OneNAND...
Instead text PRODUCTCODEINVALID is Unique number written...
sysinfo related...

I can not find I9300 dump to compare.
Maybe someone can help me to find Link or maybe someone can upload please first 512 Byte for study.

Thanx in advance.

Best Regards
 

Attachments

.NetRolller 3D

Senior Member
Jul 15, 2012
335
166
63
Budapest
I wonder if the previously mentioned eMMC low-level format command can be used to remove Knox from the i9305 (& possibly the i9505 as well)... ;)

EDIT: Suggested procedure:
-Make a full Nandroid of all accessible partitions (including EFS).
-Prepare SD card for bootloader repair. (Does this still work if the entire eMMC is wiped, or does some boot partition need to be preserved? If not, use JTAG.)
-Do a low-level format.
-Restore the bootloader from SD card or JTAG.
-Flash param.bin, and restore EFS, ROM and user data.
 
Last edited:

ryanbg

Inactive Recognized Developer
Jan 3, 2008
855
1,735
123
movr0.com
I wonder if the previously mentioned eMMC low-level format command can be used to remove Knox from the i9305 (& possibly the i9505 as well)... ;)

EDIT: Suggested procedure:
-Make a full Nandroid of all accessible partitions (including EFS).
-Prepare SD card for bootloader repair. (Does this still work if the entire eMMC is wiped, or does some boot partition need to be preserved? If not, use JTAG.)
-Do a low-level format.
-Restore the bootloader from SD card or JTAG.
-Flash param.bin, and restore EFS, ROM and user data.
I think this would work. SDC3 fuse is burned, so it should boot fine as long as the GPT and properly signed images/partitions are in place.
 
Last edited:

jerryspring

Senior Member
Feb 18, 2018
1,934
168
0
what does it mean when it says -104687000 bytes free? it shows that when i look at phone on the pc. does that mean an emmc fail? asking cuz roms wont flash to my note 2. they are stuck in boot animation