This article shows the way how to extract all data from TSOP48, LGA52, and BGA132/152 Sandisk memory chips when the configuration and dump size are correct, but half of the dump is still empty.
Usually, if a NAND memory chip has 2 or 4 crystals, after readout with VNR we get 2 or 4 dumps. But with Sandisk chips, it can be different. The Sandisk chips may have 2 or 4 physical crystals connected to one CE0 pin and with a common addressing space. That means that if the first crystal ends on the m address, then the next crystal will start from m+1, but not from 0, like other vendor chips. As a result, we get one big dump with all 2 or 4 crystals inside going one after the other with a single address capacity. This is typical for monolithic Sandisk devices.
However, Sandisk raw NAND chips (TSOP48, LGA52, BGA132/152) with the same IDs may behave even more strangely. They have each physical crystal on its own CE pin, but at the same time, they keep the common address capacity for all crystals.
In the next example, the chip with ID 453C96937E has 4 planes by 9568518144 Bytes. It looks like there is only one crystal there because CE0 shows ID only, but as we'll see later this is wrong, CE1 doesn't show ID but still has half of the data.
In the middle of the dump where the third plane is supposed to be starting, there is no data.
The reason why it looks like this is the way mentioned above about how the Sandisk memory addresses pages. All physical crystalls are addressed as one but each crystal still has its own CE so to get the rest of the data it is necessary to check CE1.
To do so we should switch the "Current crystal" to CE1 in the Reader parameters:
And as is shown the missing planes (planes 2 and 3) are in CE1, starting right after the middle of the dump.
To read CE1 without ID it is necessary to follow the next instruction:
At first, we should add the "Physical image" element to the workspace.
Then the following parameters are necessary to set:
The chip name is "Chip0" same as for CE0
In the Crystal section, it is necessary to set CE1
Data Bus 0.
Before reading CE1 it is necessary to assign an existing file as a physical image.
In the VNR case directory, it is necessary to create a simple text file.
The name here should be changed to Chip0_1_0.dmp (it is necessary to remove ".txt" to change the file extension.
Explanation of dump file name:
Chip0_1_0 - chip Label
Chip0_1_0 - CE number
Chip0_1_0 - Data Bus
After creating the empty dump file, the CE1 Physical image element should be pointed to the Chip0_1_0.dmp file:
After assigning the new file to the Physical image element it is necessary to click the "Read dump from reader" button.
VNR will check the ID and show the notification that the ID is wrong. We know the reason why it happened so the message should be ignored and the "Continue" button should be pressed. During the Reread passes the same message will be shown and should be ignored too.
When the dumps have been read, data should be extracted from them (the empty space should be skipped).
To extract the necessary area the option "Extract area" is used.
In the first dump, the first half is the data, so the settings of offsets will be:
the area size is full dump area, the start address is 0 and the length is half the size of the dump.
In the next dump, the first half is empty and should be skipped. So the Start address with the Length will be equal to the half size of the dump.
After the Offsets situation looks like this:
Then the solution chain is standard and depends on the controller of the device.
As is shown, all data is available. It is not the standard situation, but if half of the dump in the SanDisk chip is showing only stripes, then this article explains what is happening, and what is necessary to do to get all data.