Spun off from another thread.
Ah-ha. I haad never thought of reading 'other' Signature row bytes !Sure enough. I tried some chips (sig #0x0E - #0x17):
I whipped up a little program to read the signature bytes for all values of Z, and fed it through hexdump -C:
------------------------------------------------------------------------------- 00000000 1e a5 95 ff 0f c9 ff 26 ff 0a ff 17 ff ff 47 30 |.......&......G0| 00000010 33 35 33 34 ff 12 0a 19 17 01 12 01 13 01 ff ff |3534............| 00000020 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff |................| * 00000070 ff ff ff ff ff ff ff ff ff ff ff ff ff ff 2c 06 |..............,.|
These 128 bytes repeat until:
00007e00 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 |................| *
... and then the whole smash repeats again at 0x8000.
One sees the signature bytes at 0x00, 0x02, and 0x04, as well as the calibration byte at 0x01 as expected. The 96 bytes from 0x001E through 0x007D and some of the rest are all 0xFF and presumably 'empty', but the remainder of them appear to indeed contain consistently readable data which survives a reset and a power cycle, suggesting they are not the result of a random reset or power-up condition such as with SRAM.
Checking a second 328P:
00000000 1e a0 95 ff 0f ca ff 26 ff 0c ff 17 ff ff 58 32 |.......&......X2| 00000010 35 30 31 35 ff 15 21 06 17 02 12 06 13 06 ff ff |5015..!.........| 00000020 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff |................| * 00000070 ff ff ff ff ff ff ff ff ff ff ff ff ff ff 6e 03 |..............n.|
It gives similarly consistent results, but these additional bytes are by and large different from the first device.
Note that the first six bytes are human-readable.
The underside of the first 328P has the following markings:
0G5343-1 35473D 1-p1036 e3
The underside of the second 328P has the following markings:
2X0551-2 35473D 1-p1252 e3
Note that the first line with each character pair transposed matches the 'human readable' signature row bytes 0x000E through 0x0013 for both devices. A curious convolution.
I have no idea what anything means.
I have been unable to find details about precisely what the printing on the bottom of the package means. I can infer from correspondence with Atmel about the ATtiny85 that the first line is the fab and lot number, and the third line is a date code and revision, but I don't consider this to be gospel.
Does anyone know definitively what the bottom markings mean?
Here's a comparison of these extra bytes, not counting the block of 0xFF, nor the individual 0xFF, nor the already identified string of 6. Bottom markings are repeated for reference:
| 1st 328P | 2nd 328P | |------------|------------| | 0G5343-1 | 2X0551-2 | | 35473D | 35473D | | 1-p1036 e3 | 1-p1252 e3 | | | | addr | hex dec | hex dec | same speculation -------|------------|------------|----------------------- 0x0005 | C9 201 | CA 202 | ? 0x0007 | 26 38 | 26 38 | y ? 0x0009 | 0A 10 | 0C 12 | year 0x000B | 17 23 | 17 23 | y ? 0x0015 | 12 18 | 15 21 | ? 0x0016 | 0A 10 | 21 33 | ? 0x0017 | 19 25 | 06 6 | ? 0x0018 | 17 23 | 17 23 | y ? 0x0019 | 01 1 | 02 2 | 1st line suffix 0x001A | 12 18 | 12 18 | y ? 0x001B | 01 1 | 06 6 | ? 0x001C | 13 19 | 13 19 | y ? 0x001D | 01 1 | 06 6 | ? 0x007E | 2C 44 | 6E 110 | ? 0x007F | 06 6 | 03 3 | ?
I've indicated where the bytes are the same on both devices. Given that these two devices are probably from different fabs, and appear to have been manufactured more than 2 years apart, I might guess that those bytes which are the same on both devices are perhaps the same on all 328Ps. Of course, some of those bytes might be the MSB of a timestamp or unit number.
Some speculation, based solely on these two devices:
- byte 0x0009 is the year in the date code
- byte 0x0019 is the '-N' suffix of the first line.
And that's about all my brain can see.
Anyone have any thoughts? Is all of this rubbish? Has it already been deciphered and reported on years ago?
If anyone cares, I'd be curious what other members are able to find in 'signature space', and how it correlates to markings on the package, especially if anyone has several devices with identical markings. Also useful would be two more devices with identical markings except for the date code. I can post the program I used to generate the above output, but it's pretty simple.
A useful result would be if the revision of the device could be inferred from a byte in signature space. Another might be if we can be reasonably sure that the signature row or some part of it is indeed unique for each device.
I tried the same thing when reading the fuses and lock bits from software (i.e. against all values of Z). No hidden data was evident, only the same 4 bytes repeated.
I'll look at a few more 328Ps (and some ATtiny85s) later...
JJ