As someone who's only dabbled lightly with electronics, maybe I was just doing it wrong, but I didn't have great luck with those Pomona SOIC test clips.
While doing in-circuit SPI flashing of several laptops for Coreboot, getting a good read or write was difficult. One of the many things I'd regularly try was to reseat the clip. Unfortunately, with the Pomona clips, this reseating would tend to catch and push in the pins of the clip, so they started making even poorer contact.
This pushing in was possible because there's not a single rigid pin straight through from the component to the test headers. The pin is 2 or 3 (I forget) parts, and a lower part can pop out of the plastic channel/groove it's in. You can disassemble the clip and push things back together, but it wasn't quite the same as before deformed.
I ended up having better luck with simpler clips that have a single physical pin straight through, such that the header pitch is the same as the component. Then I bent the pins to the side in an alternating pattern, to give enough room to attach my individual wires.
I love Pomona SOIC test clips, the other cheaper ones off of amazon are garbage though. :) I find when flashing hardware you might have to try a few times and if you get a good read/write going don't move, don't breathe, don't do anything until it is done.
> I ended up having better luck with simpler clips that have a single physical pin straight through, such that the header pitch is the same as the component. Then I bent the pins to the side in an alternating pattern, to give enough room to attach my individual wires.
I have had 100% the opposite experience :D. For whatever reason, the cheap clips quickly develop intermittent faults on some number of wires or the pin deforms hopelessly. You can tell the problem is getting worse when you have to maintain more pressure to hold the clip in place or do multiple reads and confirm that the sha1 hash of the dump file matches for the majority of reads!
Maybe I just had clumsy technique. I was usually attaching the clip with not much room to open it beyond the component, which I guess might've contributed to pushing in the component-side pins.
Was it Pomona or Pomona knockoff? IME the real ones are eye-wateringly expensive but they actually work, whereas the knockoffs are dirt cheap and tend to require even more effort than soldering (between making initial contact and discovering+fixing intermittency problems).
It was Pomona-branded. They were either genuine, or very convincing-looking counterfeits. I had a few of them, and the materials and build quality seemed good, other than pin migration up that my use/abuse of them seemed to cause.
If you didn't pay upwards of $20 per piece, they were likely fakes. I have had the same experience as all the other commenters here: Pomona clips are the only ones I've found that actually work well, while all the cheap clips are just about unusably bad.
I tried some BIOS flashing with an Arduino Uno I had, a level shifter to 3.3V, and a SOIC clip from AliExpress. I had tons of issues connecting to the chip, so I moved to an old RPi I had laying around, and it just worked flawlessly, every time. I assume it was the level shifter but I can't be sure
You can frequently avoid this by running at a lower voltage - SPI chips are often rated to run down to under 3V, and associated components will tend not to run with that much power
I tried to use something like this to read a flash on a car’s ECU. I even build a small probe station when the clip finally broke. I ended up having to desolder it. I don’t understand how hackers make in-circuit spi probing work on embedded systems. It always just magically works for them to clip a Pomona on and go. I don’t get it.
Side question. Does anyone have a good method of attaching 4 wires (say for a programmer) to the middle of a board, preferably without soldering any connector on the board? (Edge connectors are too bulky and inconvenient).
I'm thinking of something that locks through a hole in the board and then pushes 4 pins onto 4 pads on the board.
These take much less board space (especially when considering locking holes) and work much better than Tag-Connect with and especially without the locking holes (those pin lock things are available, but they suck)- I mean they are easy to insert and stay in place, very nice for firmware people to use. They seem ambiguous about which side of the board you can plug them into, but they are actually (barely) polarized.
The main disadvantage is the expense of the connector and expense of castellated holes on the edge of your board. If you can afford the BOM cost use a surface mount 10-pin 50-mil header, or if you can afford the footprint space and some holes, use the SKEDD connector.
BTW, for SPI-flash chips: an option is to use a socket for them.
A clever zero-cost alternative I've seen some manufacturers use is a 1xN PTH footprint with every other hole offset slightly (~20 mil) to the side. The misalignment is just enough to make a straight pin header get stuck in the holes.
There's an example of this on Digilent's Arty development board, at the top of the board between JB and JC:
Very nice alternative to Tag-connects. It looks like the PCB footprint is a little larger per pin but the connector is less fragile and the connection would be more robust. Great for having a debugger or logger attached during lifecycle testing especially in the prence of vibration. I also find their other suggested use - enabling expansion connections with no added cost to the base unit - very intriguing. "Options" are very typically higher margin than base products so having a way to enable adding them that does not add a connector to every unit has a lot of potential use cases.
For one-off things, since they (right now) require glue, and it's fiddly. But I like being able to churn out any number of pins quickly. Adding keys that stick out and attach to holes in the PCB, like the other examples mentioned in other comments, sounds nice.
Related to the article: There's also the possibility of using DIP sockets with flexible legs (not the lathed ones). By bending them in an S, you get a spring loaded contact. I made a housing for it, to be used as a non-intrusive snooper on DIP EEPROMs.
For some chips you can use test clips like these ones: [1]. You're using a tiny hook to attach wire to the chip pin (assuming that it's exposed a bit.
Another option is to use needles like [2]. You just put them wherever needed and wire makes sure that it sits there. It's fragile, but for some quick checks might be OK.
Seconding PCBite probes. They're weighted, the force comes from gravity not from flex/spring in the arm, which confuses a lot of people at first. But they work pretty well.
Yeah- I started being "flexible" with contractions in casual online speech years ago as a joke, but now it's just sort of part of my "dialect". That and cursed multiple contractions; at least I'ven't'd any problems with accidentally using either of those in formal speech.
That's really funny. I personally can't abide by flexible contractions but the multiple contractions are definitely up my alley and I deploy them whenever I can.
The "middle", as in you want to tap a trace and not a pin on a chip? You really can't without hacking at the board somehow, there is a plastic resist layer on all the traces. They're usually visible through it but without scratching a hole you can't get to it. And then of course the signals you actually care about are just as likely to be in middle layers you can't reach without destroying something above/below it.
I know some paytv satellite system hackers would read a TSOP flash chip by using a PLCC socket on a PCB that would fit upside down onto the MCU because the pins were easier to connect to. All of the flash pins went to the MCU, so this worked more conveniently.
Most of this knowledge has been lost (this was like 20 years ago), but wikipedia mentions the "sombrero de patel" (because it's like a PCB "hat" over the mainboard) here: https://en.wikipedia.org/wiki/Pirate_decryption
Since they only needed to extract a small key, it had 1-2x Atmel 8515s to do the work (which were used for other paytv applications, so not hard for people to scrounge once they build the board).
I'm probably shouldn't be that guy but I'll be him anyway.
If you're willing to go through hole then you can layout a 2 by X row header with the rows slightly too close together. So when you insert a header it will pinch the pins and make a good connection.
If you're willing to put a row of pins at the edge of the board you can place it so it pinches the pins between the holes and the edge of the board.
If anyone is interested, I made some improvements [1] when using this for ISP programming.
It should work notably faster (minute -> seconds) and has some ergonomic improvements like setting chip size without reprogramming and some additional commands for exploring flash.
I have also added some reliability improvement (IMO), but it may be more or less reliable for you.
“I’d especially like to thank three colleagues, Thor Simon, Viktor Dukhovni and Larry Rudolph for their assistance on this project.”
That’s Victor Duchovni, inventor of the Postfix MTA. Two Sigma, founded only back in 2001 (i.e. newer than Google), has certainly done well in retaining some incredible people on the software and computer security side. From what I’ve heard, it’s a fantastic place to work as an engineer. They give people lots of independence to work on things they consider to be important, which is really exemplified by this blog post.
I think many larger financial firms would just outsource their Apple security, but Two Sigma has an engineering poking around the hardware and making novel discoveries. That kind of thinking is how you actually get ahead in securing an enterprise, IMHO.
While doing in-circuit SPI flashing of several laptops for Coreboot, getting a good read or write was difficult. One of the many things I'd regularly try was to reseat the clip. Unfortunately, with the Pomona clips, this reseating would tend to catch and push in the pins of the clip, so they started making even poorer contact.
This pushing in was possible because there's not a single rigid pin straight through from the component to the test headers. The pin is 2 or 3 (I forget) parts, and a lower part can pop out of the plastic channel/groove it's in. You can disassemble the clip and push things back together, but it wasn't quite the same as before deformed.
I ended up having better luck with simpler clips that have a single physical pin straight through, such that the header pitch is the same as the component. Then I bent the pins to the side in an alternating pattern, to give enough room to attach my individual wires.