Hi all,
We are looking to carry out a chip off extraction on a blackberry device. We currently have a Superpro programmer which requires you to reball the chip prior to reading.
I was hoping for further information on any other chip programmers people have been using. I have heard there are chip programmers out there which do not require reballing. (This would be ideal, as all i would have to do is remove & clean the chip).
Does anyone recommend any other chip programmers?
Most probably you want actually a "test socket" (+ an adapter to your programmer), something similar to this
http//
with spring loaded "needles".
There are I believe, "needles" suitable to balled chips and "needles" suitable to non-balled chips
http//
I believe there are many makers for this kind of "test" sockets ?
Current technology is called seemingly “Probe and Spring”
http//
jaclaz
We are looking to carry out a chip off extraction on a blackberry device.
What is the make/model of the BlackBerry and also the Flash Memory Chip?
I have heard there are chip programmers out there which do not require reballing. (This would be ideal, as all i would have to do is remove & clean the chip).
If you rely on this, what will you do when you encounter an encrypted chipset and you are required to resit the BGA package on a PCB? This sounds interesting, however I believe most people (from my experience) tend to just reball the Chip and then place in the relevant adapter.
If the probe is not making clean contact with the Chip or/and the Chip is not sitting correctly in the adapter, then the connection will be poor and a successful extraction of the Flash Memory may not be 100% complete.
Thanks for the replies.
The model is a blackberry 9300. We have not started to work on the handset, therefore we are yet to identify the flash memory. I was hoping for some feedback on the route the others have taken. Or whether anyone else has carried out reads without reballing the chip.
DCS1094 - The reball route has always been plan A, and that is a very interesting point that you have raised regarding the encrypted chip. Plus if the reballing will result in a more 'reliable' connection, then it definitely seems the way to go!
How did you decide to do a chip-off versus JTAG?
BB 9300 Curve utilises 'POP' chipsets, therefore this changes things a little as it's not as simple as removing the NAND flash memory chip & cleaning it (like you would on a BB 9320 Curve for example). If you are going down the chip-off route, I suggest you get a few test devices in first before going straight for the real thing - if you are yet to examine this model that is.
JHUP - We do JTAGs on androids and windows devices, and was not really sure if these are enabled on Blackberry's? Going by your response, i take it they are? Is that the case for locked blackberry handsets too?
DCS1094 - Thanks for the information on the 'POP chipsets. I had read this last week-
http//
This confirms that the 9300 utilises 'POP' chipsets. And yes, i have ordered more than enough practice handsets (for me this is a must when carrying out this kind of work!) )
