Protocols
Protocols¶
Asynchronous Serial¶
- Uses 2 data wires
- RX
- TX
- No signal acts at a defined baud rate
Common baud rates:
- 115200
- 57600
- 38400
- 19200
- 9600
Synchronous Serial¶
- Uses 3 data wires
I2C¶
- Uses 2 data wires
Serial Peripheral Interface (SPI)¶
- Uses 4 data wires
- Commonly used to communicate with EEPROMs
UART¶
Hardware Tools:
- Using a Raspberry Pi for UART
- Attify Badge - UART, SPI, I2C, JTAG, GPIO and so on.
Software Tools:
- OpenOCD
Pins¶
- TX
- RX
- Ground
- VCC
Finding Pins¶
Using Jtagulator:
1. Find the ground pin by using a continuity check on the input ground from the power plug and the possoble headers
2. Measure the voltage of the target system by testing the pins for the highest voltage.
3. Set the target system voltage using Jtagulator
4. Use the Identify UART pinout command with the number of channels.
5. Set the Jtagulator to UART passthrough mode and use the UART connection
6. Check the different baud rates for information on receiving data
Dump addresses with Console Access¶
END_RANGE=0x8000000
STEP_RANGE=0x200000
for ((i=0;i<=END_RANGE;i+=STEP_RANGE)); do
nand dump $(printf '%#X' $i) >> nand_dump.bin
#Returns 1 page of data (2k)
done
JTAG¶
Hardware tools:
- JTAGulator - JTAG/IEEE 1149.1, UART/asynchronous serial
- Attify Badge - UART, SPI, I2C, JTAG, GPIO and so on.
- Bus Blaster v4 - Compatible with 'jtagkey', 'KT-link' programmer settings in OpenOCD, urJTAG, and more
Software Tools:
Pins¶
- Voltage
- Ground
- Data In (TDI)
- Data Out (TDO)
- Clock (TCLK)
- Mode Select (TMS)
- Test Reset (TRST)
ARM 10-PIN Interface:
-------------------------
| 1 (VCC) | 2 (TMS) |
| 3 (GND) | 4 (TCLK) |
| 5 (GND) | 6 (TDO) |
| 7 (RTCK) | 8 (TDI) |
| 9 (GND) | 10 (RESET) |
-------------------------
ST 14-PIN Interface:
--------------------------
| 1 (/JEN) | 2 (/TRST) |
| 3 (GND) | 4 (N/C) |
| 5 (TDI) | 6 (TSTAT) |
| 7 (VCC) | 8 (/RST) |
| 9 (TMS) | 10 (GND) |
| 11 (TCLK) | 12 (GND) |
| 13 (TDO) | 14 (/TERR) |
--------------------------
OCDS 16-PIN Interface:
----------------------------
| 1 (TMS) | 2 (VCC) |
| 3 (TDO) | 4 (GND) |
| 5 (CPUCLK) | 6 (GND) |
| 7 (TDI) | 8 (RESET) |
| 9 (TRST) | 10 (BRKOUT) |
| 11 (TCLK) | 12 (GND) |
| 13 (BRKIN) | 14 (OCDSE) |
| 15 (TRAP) | 16 (GND) |
----------------------------
ARM 20-PIN Interface:
-------------------------
| 1 (VCC) | 2 (VCC) |
| 3 (TRST) | 4 (GND) |
| 5 (TDI) | 6 (GND) |
| 7 (TMS) | 8 (GND) |
| 9 (TCLK) | 10 (GND) |
| 11 (RCLK) | 12 (GND) |
| 13 (TDO) | 14 (GND) |
| 15 (RESET) | 16 (GND) |
| 17 (N/C) | 18 (GND) |
| 19 (N/C) | 20 (GND) |
-------------------------
Identifying JTAG Pins¶
Jtagulator:
1. Find the ground pin by using a continuity check on the input ground from the power plug and the possoble headers
2. Measure the voltage of the target system by testing the pins for the highest voltage.
3. Set the target system voltage using Jtagulator
4. Use the IDCode Scan with the number of pins
5. Use the retrieve ID code command and enter the pins from the previous scan
6. Getting all of the correct tags can be done with a longer scan using the bypass scan. This can be used to see how many different devices are in the JTAG chain
From the Chip DataSheet:
1. Look for a part number on the chip
2. https://smd.yooneed.one/
3. Find the datasheet Online
4. Look at the pinouts and trace them to possible pinouts
Using openocd¶
:
sudo openocd -f /usr/share/openocd/scripts/interface/ftdi/tumpa-lite.cfg -f /usr/share/openocd/scripts/target/feroceon.cfg