Re: HiSense 65H6510G no boot

Good usb - uart (CP2102)
https://aliexpress.com/item/1005003238623602.html

Re: HiSense 65H6510G no boot

USB<->TTL UART Dongle

• Have 2 (old PL2303HXA, CH340G)
• Both work with terminal apps to receive SOC CPU log.
• mstv_tool not finding CH340G serial port. What driver do you use?
• DMM confirmed dongle TX/RX continuity to SOC UART ESD and 3.3v pull up resistor. Both paths are good.
• When PC transmits, dongle TX LED blink

mstv_tool and SOC Communication

• I guess maybe failed eMMC maybe doesn't give chance for communication.
• boot to eMMC error is < 1s (see time stamped log output)
• likely no mstv_tool and SOC CPU software rendezvous mechanism. eMMC error could be coded to not properly respond to UART RX interrupt in early boot phase. software would need to anticipate eMMC failure to properly respond to mstv_tool. Don't know for sure.
• probably boot need to not have eMMC error, try to fetch UBoot unsuccessfully (software probably planned for this), flash standby LED lights and wait for mstv_tool.

Security Keys on eMMC

Contacted pre-flashed eMMC seller. They said don't have and most stream apps and HDMI will not work without original eMMC. I guess many security keys are on eMMC. So dead eMMC = very limited board even if can be repaired.

Re: HiSense 65H6510G no boot

Wow, what complete BS, they need to quit using eMMC, they are the cheapest way to go for a reason, just since this thread, I have seen page after page of these junk chips messing everything up, also page after page of the Tesla debacle and a host of other vehicles of course.

Re: HiSense 65H6510G no boot

Yes, many companies are already making eMMC firmware (with keys), binding to the ID of the SOC itself, and if you write someone else's eMMC dump, we get a castrato (crippled). That's why they try to pull as much data and partitions out of eMMC as possible.

Re: HiSense 65H6510G no boot

Here is the emmc pinout if you want to read data from emmc via ISP through the programmer.
The main thing is not to heat it up! (will die completely), but try to freeze.

Re: HiSense 65H6510G no boot

I'm actually very familiar with these security design techniques (built content download consumer devices previously)

They put ID inside the biggest most advanced lithography chip. Avoid few pin old technology chip (can make clone mod chips) where pirates can make easily and teenager can solder. Some even bury high security keys under layers of lithographed metal plane on chip to cover it up. Some even make destructive if try to grind down chip and read.

They also often severely limit access to the list of SN to DeviceID to security key tables. Board manufacturers don't have them (piracy source) and designer evolved to the point where they don't even have them.

This put security in difficult to access locations effort is a forever evolving battle with pirates. Put in eMMC but if eMMC dies then system is bricked. eMMC evolution will surely address this (may already have) by adding more robust SLC NAND cells to store security keys. But software still need to do the right action and not cripple itself when reading lower reliability cells (MLC, TLC etc) where the first boot code is fail.

Re: HiSense 65H6510G no boot

haha nice find. Thanks! I got the eMMC datasheet pinout also.

I know can solder on cheap USB/eMMC reader, freeze and try to read. But latest eMMC itself contains multiple partitions and access security rights. I read 4pda post some people say its fantasy to achieve success... Do you know if actually possible?

Re: HiSense 65H6510G no boot

No, I haven't heard about it, it could be about UFS flash or about the encrypted firmware that Sony uses in some models.
Not everything can be read as a card reader with eMMC, in my opinion only the USER section and that's it.

Re: HiSense 65H6510G no boot

BTW, eMMC trend is unstoppable because it is the fast non volatile memory. It what is allowing super fast consumer devices after switching away from HDDs.

And cell write cycles keeps getting shorter (single level SLC -> Multi Level Cell (MLC which is what these TVs use) -> Triple Level Cell (TLC) -> QLC!) TLCs are already < 1000 cycles so it requires either vary large capacity to spread out the writes (wear leveling) or have very little writes.

Problem is software sees these eMMC as read/write file systems. So if the engineer doesn't always think about flash memory technology longevity. They can easily kill eMMC by wearing it out with too much writes.

Computer makers are the most advanced and have the fewest OS variations but cheap SSD makers will skip DRAM/SLC write caching and consumer has to accept poor longevity. Non computer makers is where many trial and error exist... Many devices, many operating systems and customizations. So more software engineers on many more HW/SW versions will make mistake. Probably every company will make same mistake in initial 1-2 product cycles. Also software consideration need to keep evolving as NAND cell write cycles keeps on reducing.

Anyway, looking through the table of contents on eMMC spec is quite interesting. There is huge amount of complexity inside. As much as basic CPU and GPUs. Its far from just a block of memory.

Re: HiSense 65H6510G no boot

And why does anyone need it, it’s not profitable for companies, the warranty (1-3 years) for these TVs has passed - eMMC has died, and the client either buys a new motherboard or runs to the store for a new TV.

Re: HiSense 65H6510G no boot

Probably a conspiracy, they think nobody is bright enough to see that they have put a lot of time and energy into the science of having these tvs go bad just out of warranty. I bet there's some that don't want to improve these chips just to sell more tvs.

Re: HiSense 65H6510G no boot

Just seems like they are going in reverse for reliability and longevity, I have a sharp tv from 2007, is used for 12 hours a day every day since new. Never a problem with it, no eMMC in this tv.

Re: HiSense 65H6510G no boot

https://www.partitionwizard.com/part...mc-vs-ufs.html

Re: HiSense 65H6510G no boot

Interesting, I've not been keeping up with flash memory IO spec. UFS is pretty standard IO speed evolution using higher transfer data rate technologies. DRAMs used these techniques awhile back and non volatile memory storage is now getting to this level.

But the memory block inside is still MLC/TLC/QLC/3D NAND flash with write wear limits. Here is some info

https://www.electronicspecifier.com/...bedded-storage

You can see they recognize the higher reliability needs of bootcode with pSLC. But I don't know the eMMC market segmentation and whether pSLC is more premium line that cheap TV manufacturers not willing to buy. Then there is Google reference platform, what kind of eMMC can they assume used by manufacturers and where to store the security keys? Natural path is towards lowest common denominator...

Re: HiSense 65H6510G no boot

One additional note on eMMC replacement to repair these Android TV

SONY eMMC replacement is possible

Looks like SONY XBR Android TVs also have frequent eMMC failures and possible to repair by replacing eMMC with new one that has boot code preflashed. Then use USB to install remaining firmware. There are many videos on youtube and a French company ( link ) that sells these eMMC with preflashed boot.

HiSense eMMC replacement can not solve security keys

This eMMC seller is the one I contacted asking about HiSense eMMC and he said will lose HDMI and many streaming apps.

Potential Differences?

HiSense SOC is MStar (Taiwan SOC maker) and SONY XBR is their own SOC (looks like X Reality PRO) SOC can include embedded flash ( probably more costly ) so presumably the SONY SOC is likely storing keys on SOC rather than eMMC.

====

Just a guess and wondering why pre-flashed eMMC seller sell SONY eMMC but not HiSense.

Re: HiSense 65H6510G no boot

Sony mainly puts MediaTek's SOC.

Re: HiSense 65H6510G no boot

there are no security keys at all.... the keys which should written within service menu and USB stick in case eMMC replace or blank MB installed
the keys are CI+ key in case on board there are CI+ socket
write MAC linkage
Write NETFLIX Key
write WIDEVINE Key
and HDCP 2.0 or 2.2

Re: HiSense 65H6510G no boot

Interesting. But install new eMMC + new firmware and can not read old dead eMMC. Then what keys put in service menu?

Here is SOC's service manual section on keys

Re: HiSense 65H6510G no boot

all these except MAC are licenses for Brand & specific Soc. all TV same Brand share the same LIC. there are no separated LIC. KEY will Generated according TV Model ESN

its the same to Android TV Box. Amlogic for example give each manufacture of brand LIC can be burned on all boxes.

Re: HiSense 65H6510G no boot

did you tried to have the MB solo and feed it 3.3V from yours TTL and see how the log will be