Get that low melt solder, mix it in. Won’t have to get nearly aggressive with the heat. Some chips won’t tolerate that. Good video brother, stay in the game !

I actually believe that the error message that you got was correct. I copied your method, including the placement of the flash ship in the socket and got the same error message. However, it wouldn't even produce a binary in my case. After some troubleshooting and continuity testing I managed to identify that the top 8 pins in the TSOP socket are actually connected to the cables and not the pins. Therefore, the flash should actually be placed 4 rows down. I did this and it worked fine with no error messages. I believe that this placement is also ilustrated in the newer XGecu software. Otherwise, Thank you for this educational video.

Interested in: Bin Dump Analysis. Partition mounting. Changing files. Building partitions in firmware dump.

Nice, you’re very good at this, lots of patience. I’m trying to learn this.

I'm not an expert but I think that with this size chip you should use a bigger tip on your hot air. It should make it a bit easier to take off the chip. Also, maybe heating a general area around the chip to increase the temperature of the ground plane could help as well. Overall I've just found your channel, I really like what you do, keep it up!

The flux goes onto the pins, since it helps the solder melt, it does no good on top of the plastic of the package. Heat the PCB, not the chip using a circular motion and consider using Kapton tape to protect other surrounding components from the heat. I wouldn't disable pin detect, its a quick way to ensure you have a good electrical connection on all pins, before you try and read, thus it ensures you get a reliable read or write. This is particularly important on parallel devices, where the data may look OK as many of the pins read OK, but you will end up reading the wrong addresses, or missing some bits on the data pins. All of which will not help in your reverse engineering later. I find it best to check the pins for remaining solder, similarly to how you did with the braid, but not putting any sideways pressure on the pins, since they will bend, which make reading and reassembly more difficult. Secondly, once the chip has cooled, clean its top and bottom with some isopropyl Alcohol, to remove any contaminants and the flux from the pins. A small toothbrush and some IPA and a gentle brushing action from the chip centre to the outside is the best way. I'll often use paper towel under the IC, so it can absorb all the contamination rather than just brushing it around. Once done, you will get a high probability of the pin check passing, you also won't contaminate your adapters with flux. The device ID test fails for the same reason, one or more missing pins means that the ID will not read properly as the badly connected pins corrupt the data. Finally, if you get an XGeku T56, which is needed for the larger memory devices, then don't forget to connect the ribbon from the top port to the header on the adapter, since this provides the extra pins needed to support the higher pin count devices. I'm not sure if the T48 works in the same way, so thats worth checking too. This is generally shown on the device layout, but its not immediately clear what they mean, so its caught me out a couple of times.

I'm definitely subscribing I seen a dude desolder a BIOS chip that wasn't posting and he manually flashed it and it booted so I'm curios

Hi Matt, Great videos - going to watch some more. My recommendation: You need less flux (first amount was more than enough) - more heat (buy the org. amtech flux - you got a fake one) Qianli iNeezy Tweezers fx-03 so you don't loose grip Please use nitrile gloves - you don't want to touch all the nasty chemicals/Lead with bare hands ! Did you have an extractor ? Don't want chemicals in you lungs. Ultrasonic cleaner - optional

Very cool video thank you. Maybe a quick look into one of the inexpensive laser measures at some point 😀?

Another way is to change the solder material from the pins with o lower melting point material so everything goes smoother.

Thnaks for the video and info

I think most of the videos are showing firmware extraction on NOR flash, this is the first video showing NAND flash

You shouldn't be heating the chip like that mate. Grab some lead solder and put a bunch of it on the pins and wick it off to dilute the lead free stuff. The chip will come off a lot easier. If it's particularly large, use a bismuth based solder like quick chip.

good job man , keep goin

Done this on some devices in the past, trouble is, wanted to make changes and couldn't figure out where the CRC checksum values were stored for the firmware.

You DON'T NEED hot air to desolder these chips : Flood all leads on all sides of chip, allowing time for cooling between sides. Lift one side at a time, allow cooling time. Wick excess solder from leads.

Yeah, those are tough chips to desolder. I would say your nozzle is too small for that chip. As others have said, the best things to use are purpose made nozzles that blow air on both sides of the chip at once. However even just a larger diameter round nozzle would help. I also always add a fair amount of additional solder with a standard soldering iron before I start, as it makes it much easier to melt with the air gun, and it holds its heat and stays molten for longer so you can more easily get both sides molten at once.

Simple problems have become more complex

You should get an ultrasonic cleaner if you do hot air rework often

is there a way to program this nand flash directly from the board ???

how to connect the chip base with ST-LINK programmer to read its firmware , The chip is ATMEL microprocessor .

Is there any video tutorial on making Xgpro work on Linux? I tried following the github tutorial but it just opened and didn't detect the programmer, and if I put the setupapi.dll (I used both what was provided and what I compiled) file in the XGpro folder it doesn't open anymore. can you help? (I'm trying to make it work on Raspberry pi OS, so far I've only successfully managed to get the CH341a.)

very cool video! I would also love to learn how the device and software you used, works under the hood so to speak

That work is really grate. But in my case, I use MX30LF2G18AC and MX35LF2G14AC memory and extract firmware file by off-chip. I'm using RT809H programmer, and it shows me a some amount of bytes verification are inconsistence. I can't use that extracted firmware if that inconsistence bytes are missing. Have you ever been encounter with that kind of problem?

If you wanted, would you be able to save this firmware and write it to another tsop-48 with the same model number? Im thinking more along the lines if the firmware became corrupt on another device would you be able to write this firmware to another chip?

the UFPI programmer is much better + ecc corrections available

Hey Matt, great video. I'm starting out. I don't have the hardware you have introduced in these videos. So far I have a cheap 8 channel Logic Analyzer, a CP2102 UART dongle, ST-Link v2 dongle, a CH341A, and a Bus Pirate. I plan to expand as I go. I have a tv here with a shattered screen that I'm experimenting with. It has a Winbond W25Q32JV bios chip. Is it possible for you to do a video with the Bus Pirate? I've found a LOT of information on the net about it, but a lot of it just confuses me. I love your style of explaining everything. So wondering if you can help make sense of it. Thanks man! You've helped explain a lot so far.

can you show some tricks on breaking encrypted firmware using side channel or other techniques ?

Removing the NAND chip is completely unnecessary in many cases. Look into 360-clips.

Hey Matt, I just bricked an expensive router FW. Is it possible to contact with you? Of course not for free :)

Can you do a video on rebuilding the firmware and writing it? Also is it possible to dump the firmware without removing the chip and using clips?

you need some low melt

What heat gun do you use?

What is the purpose of the flux in desoldering?

Not inclined to buy from china if I can possibly avoid it, and no way in hell am I gonna run windoze, or wine for that matter. If they can't provide software that runs under linux, I'll deal with somebody else.

when you have old solder just flood it with good solder until it comes off then wick it

how to read hex from pic mcu which is locked??

Hello mr matt i need some help from you regarding top28 flag memory and t56 programer