Skip to content

A tool for passive data capture and reconnaissance of serial flash chips. It is used in conjunction with a Saleae logic analyzer to reconstruct flash memory contents and extract contextual information about device operations.

License

Notifications You must be signed in to change notification settings

alainiamburg/sniffROM

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

98 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

NOTE: Saleae Logic version 2 breaks the built-in SPI analyzer export feature, meaning sniffROM currently only works with data exported from Logic version 1.x

As of 12/6/2023 it is unknown when this will be fixed.

sniffROM

A tool for passive data capture and reconnaissance of serial flash chips. It is used with a Saleae logic analyzer to reconstruct flash memory contents and extract contextual information about device operations.

  • Supports SPI and I²C flash chips.
  • Preserves the actual memory addresses of captured data.
  • Generates a visual map of the reconstructed binary image.
  • Generates a timing plot of reads/writes to memory addresses.
  • Recognizes 100+ (and currently parses 12) SPI flash commands from the following manufacturers:
    • Atmel
    • Eon
    • Fidelix
    • GigaDevice
    • Macronix
    • Numonyx
    • Spansion
    • SST
    • Winbond

See the Wiki for documentation

usage: sniffROM_new.py [-h] [--addrlen [{2,3,4}]] [--endian [{msb,lsb}]]
                       [--filter [{r,w}]] [-o [O]] [--summary] [--data-map]
                       [--timing-plot] [-v]
                       input_file

sniffROM - Reconstructs flash memory contents and extracts other data from
passively sniffed commands in a Saleae logic analyzer capture file. Currently
supports SPI and I2C flash chips.

positional arguments:
  input_file            Saleae Logic SPI or I2C Analyzer Export File (.csv)

optional arguments:
  -h, --help            show this help message and exit
  --addrlen [{2,3,4}]   set length of SPI memory address in bytes (default: 3)
  --endian [{msb,lsb}]  set endianness of SPI memory bytes (default: msb)
  --filter [{r,w}]      analyze only Read or Write commands (default: both)
  -o [O]                flash image output file name (default: output.bin)
  --summary             print summary of sniffed commands and metadata
  --data-map            show visual data map
  --timing-plot         show timing analysis
  -v                    increase verbosity (up to -vvv)

About

A tool for passive data capture and reconnaissance of serial flash chips. It is used in conjunction with a Saleae logic analyzer to reconstruct flash memory contents and extract contextual information about device operations.

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages