Sean Murphy duckythescientist

eMMC reballing

The same technique should work well with other (bigger) ball sizes too, however there are rarely issues when handling bigger packages and less care is usually needed there.

The technique uses premade solder balls, not solder paste.

Equipment:

Solder balls of correct size (0.3mm for eMMC)
Stencil to hold the balls with correct configuration for the package eg eMMC 153/169 standard stencil

For direct image URL, the image quality is much lower than the original upload (the resolution and size of the original upload can be found in the right sidebar). This is not the case few years ago when the original image was accessible through right click, but on 2017, Wix acquired DeviantArt, and has been migrating the images to their own image hosting system from the original DeviantArt system. They linked most of the direct images to a stripped-down version of the original images; hence the bad image quality. Below are the three different formats of direct image URLs I found:

URL with /v1/fill inside: this means that the image went through Wix's encoding system and is modified to a specific size and quality. In this case, you remove ?token= and its values, add /intermediary in front of /f/ in the URL, and change the image settings right after /v1/fill/ to w_5100,h_5100,bl,q_100. The definitions of the values can be found in [Wix's Image Service](https://support.wi

The Digilent JTag uses FT2232, but its configuration EEPROM contains secrete data needed to be recoginzed by Xilinx ISE/Vivado. The following method only works on linux (tested on Ubuntu16.04), but the patched FT2232 doggle also works on Windows. Since WSL1 does not provide USB device access, the following method will not work for WSL1.

DONT use FT_Prog on offical Digilent cable, as it can trash the firmware! The offical eeprom contains secrete data that cannot be handled correctly by FT_Prog.

Here are steps to create a Digilent-like Jtag that can be used in Xilinx ISE and Vivado

Install softwares: sudo apt-get install libftdi1 ftdi-eeprom
Create a file "flash_digilent.conf" with the following content:

	Given the following program:

	```
	#include <stdio.h>
	#include <stdlib.h>
	#include <string.h>

	#define BUFFERSIZE 200
	#define TRUE 1
	#define FALSE 0

	// Copyright (C) 2019, Dan Ravensloft
	// SPDX-License-Identifier: GPL-3.0-or-later
	library(74series) {
	// 7400 quad 2-input NAND gate
	cell(7400_4xNAND2) {
	area: 3;
	pin(A) { direction: input; }
	pin(B) { direction: input; }
	pin(Y) { direction: output; function: "(A*B)'"; }
	}

	from binaryninja import (Architecture, RegisterInfo, InstructionInfo,
	InstructionTextToken, InstructionTextTokenType, InstructionTextTokenContext,
	BranchType,
	LowLevelILOperation, LLIL_TEMP,
	LowLevelILLabel,
	FlagRole,
	LowLevelILFlagCondition,
	log_error,
	CallingConvention,
	interaction,

	from Crypto.Cipher import AES
	from SocketServer import ThreadingMixIn
	from BaseHTTPServer import HTTPServer, BaseHTTPRequestHandler
	import sys
	import random
	import os

	class Hasher:
	def __init__(self):
	self.aes = AES.new('\x00'*16)

	// (*) All in the spirit of open-source and open-hardware
	// Janost 2016 Sweden

	// The Tiny-TS Touch Synthesizer
	// https://janostman.wordpress.com/the-tiny-ts-diy-touch-synthesizer/

	// Copyright 2016 DSP Synthesizers Sweden.
	//
	// Author: Jan Ostman
	//

	/*
	* (un)comment correct payload first (x86 or x64)!
	*
	* $ gcc cowroot.c -o cowroot -pthread
	* $ ./cowroot
	* DirtyCow root privilege escalation
	* Backing up /usr/bin/passwd.. to /tmp/bak
	* Size of binary: 57048
	* Racing, this may take a while..
	* /usr/bin/passwd overwritten