Link to this headingProtocols

Link to this headingAsynchronous Serial

  • Uses 2 data wires
    • RX
    • TX
  • No signal acts at a defined baud rate

Common baud rates:

  • 115200
  • 57600
  • 38400
  • 19200
  • 9600

Link to this headingSynchronous Serial

  • Uses 3 data wires

Link to this headingI2C

  • Uses 2 data wires

Link to this headingSerial Peripheral Interface (SPI)

  • Uses 4 data wires
  • Commonly used to communicate with EEPROMs

Link to this headingUART

Hardware Tools:

Software Tools:

  • OpenOCD

Link to this headingPins

  • TX
  • RX
  • Ground
  • VCC

Link to this headingFinding Pins

Using Jtagulator:

  1. Find the ground pin by using a continuity check on the input ground from the power plug and the possoble headers
  2. Measure the voltage of the target system by testing the pins for the highest voltage.
  3. Set the target system voltage using Jtagulator
  4. Use the Identify UART pinout command with the number of channels.
  5. Set the Jtagulator to UART passthrough mode and use the UART connection
  6. Check the different baud rates for information on receiving data

Link to this headingDump addresses with Console Access

END_RANGE=0x8000000 STEP_RANGE=0x200000 for ((i=0;i<=END_RANGE;i+=STEP_RANGE)); do nand dump $(printf '%#X' $i) >> nand_dump.bin #Returns 1 page of data (2k) done

Link to this headingJTAG

Using JTAG with arduino

Hardware tools:

  • JTAGulator - JTAG/IEEE 1149.1, UART/asynchronous serial
  • Attify Badge - UART, SPI, I2C, JTAG, GPIO and so on.
  • Bus Blaster v4 - Compatible with ‘jtagkey’, ‘KT-link’ programmer settings in OpenOCD, urJTAG, and more

Software Tools:

Link to this headingPins

  • Voltage
  • Ground
  • Data In (TDI)
  • Data Out (TDO)
  • Clock (TCLK)
  • Mode Select (TMS)
  • Test Reset (TRST)

ARM 10-PIN Interface:

-------------------------
| 1 (VCC)  | 2  (TMS)   |
| 3 (GND)  | 4  (TCLK)  |
| 5 (GND)  | 6  (TDO)   |
| 7 (RTCK) | 8  (TDI)   |
| 9 (GND)  | 10 (RESET) |
-------------------------

ST 14-PIN Interface:

--------------------------
| 1  (/JEN) | 2  (/TRST) |
| 3  (GND)  | 4  (N/C)   |
| 5  (TDI)  | 6  (TSTAT) |
| 7  (VCC)  | 8  (/RST)  |
| 9  (TMS)  | 10 (GND)   |
| 11 (TCLK) | 12 (GND)   |
| 13 (TDO)  | 14 (/TERR) |
--------------------------

OCDS 16-PIN Interface:

----------------------------
| 1  (TMS)    | 2  (VCC)    |
| 3  (TDO)    | 4  (GND)    |
| 5  (CPUCLK) | 6  (GND)    |
| 7  (TDI)    | 8  (RESET)  |
| 9  (TRST)   | 10 (BRKOUT) |
| 11 (TCLK)   | 12 (GND)    |
| 13 (BRKIN)  | 14 (OCDSE)  |
| 15 (TRAP)   | 16 (GND)    |
----------------------------

ARM 20-PIN Interface:

-------------------------
| 1  (VCC)   | 2  (VCC) |
| 3  (TRST)  | 4  (GND) |
| 5  (TDI)   | 6  (GND) |
| 7  (TMS)   | 8  (GND) |
| 9  (TCLK)  | 10 (GND) |
| 11 (RCLK)  | 12 (GND) |
| 13 (TDO)   | 14 (GND) |
| 15 (RESET) | 16 (GND) |
| 17 (N/C)   | 18 (GND) |
| 19 (N/C)   | 20 (GND) |
-------------------------

Link to this headingIdentifying JTAG Pins

Jtagulator:

  1. Find the ground pin by using a continuity check on the input ground from the power plug and the possoble headers
  2. Measure the voltage of the target system by testing the pins for the highest voltage.
  3. Set the target system voltage using Jtagulator
  4. Use the IDCode Scan with the number of pins
  5. Use the retrieve ID code command and enter the pins from the previous scan
  6. Getting all of the correct tags can be done with a longer scan using the bypass scan. This can be used to see how many different devices are in the JTAG chain

From the Chip DataSheet:

  1. Look for a part number on the chip
  2. https://smd.yooneed.one/
  3. Find the datasheet Online
  4. Look at the pinouts and trace them to possible pinouts

Link to this headingUsing openocd

:

sudo openocd -f /usr/share/openocd/scripts/interface/ftdi/tumpa-lite.cfg -f /usr/share/openocd/scripts/target/feroceon.cfg