JTAG for dummies 31/01/2013 DCG #7812
Intro Defcon Russia (DCG #7812)2
A long time ago… Defcon Russia (DCG #7812)3 WTF?
WOOOT? Разработка – Прототипирование – Отладка Производство – Прошивка – Тестирование PCB и компонентов Сопровождение – Сервис-центры (восстановление/обновление) Defcon Russia (DCG #7812)4
JTAG from outside TCK (clock) TDI (data input) TDO (data output) TMS (mode select) [RTCK] (reverse clock) [RST] (reset) Defcon Russia (DCG #7812)5
Slide_name Defcon Russia (DCG #7812)6 Core JTAG
Defcon Russia (DCG #7812)7 A bit of theory
Defcon Russia (DCG #7812)8 A bit of theory
Defcon Russia (DCG #7812)9 What we can do with? Read / Write registers Read / Write memory Read / Write flash (!!!) Execution control } GOD Mode
But… ARM Code security Code protection fuses (AVR) PCB obfuscation and stuff Defcon Russia (DCG #7812)10
Get armed! Hardware emulators Debug software Helpful tools Defcon Russia (DCG #7812)11
Hardware : «Wiggler» Ultra low cost Easy to assemble Base features supported Defcon Russia (DCG #7812)12
Hardware : U-Link / J-Link Defcon Russia (DCG #7812)13 USB Dozens of features Open OCD support (J-Link) ~ $500 (original)* * ~ $12 from China with love ;-)
Software Keil uVision IAR Open OCD + Open source + Crossplatform + gdb / eclipse integration Defcon Russia (DCG #7812)14
JTAG In wild 10 x 2 7x2 5x2 etc… Defcon Russia (DCG #7812)15
JTAG In wild OR Defcon Russia (DCG #7812)16
Point detection Check datasheets Multimeter probing Logic analysers Special tools Defcon Russia (DCG #7812)17
Jtagenum Defcon Russia (DCG #7812)18 Automated JTAG scanner + open source + Arduino based + rs232 controlled + full-featured CLI
Questions? Defcon Russia (DCG #7812)19