VoidStar Security Wiki
- Clips / Jumpers / Probes
- Conclusion
- Fault Injection
- Flash Readers
- VSS: Beginners Guide to Building a Hardware Hacking Lab
- JTAG / Debug Adapters
- Logic Analyzers
- Microscopes/Magnification
- Multimeters
- Oscilloscopes
- Extending Ghidra Part 1: Setting up a Development Environment
- Introduction to Embedded Reverse Engineering
- Intro to Embedded RE: UART Discovery and Firmware Extraction via UBoot
- Replicant: Reproducing a Fault Injection Attack on the Trezor One
- On the Road: Our first onsite training of the year
JTAG / Debug Adapters
Perhaps during your teardown, you discovered a set of test points or debug headers that you believe might be for hardware-level debugging, such as JTAG or SWD. If you’re trying to get hardware-level debugging working on a target, it is always a good idea to see what OEM tools are available. I’ve compiled a list below of some of the more generic tools I keep in my toolbox. Most of these are ARM-focused, as many other JTAG tooling for different architectures will often involve purchasing specific hardware/software or utilizing OpenOCD.
| Item | Price | Link | Usage |
|---|---|---|---|
| FT2232H Breakout Board | $14.95 | Link | Generic interface board, capable of SPI, I2C, UART, etc |
| STLink | $22.16 | Link | Easy to work with, largely focused on STM32, but can be used as a generic SWD adapter with OpenOCD |
| Tigard | $49.00 | Link | Open source FT2232H-based, multi-protocol, multi-voltage tool for hardware hacking. |
| Black Magic Probe | $74.95 | Link | Open source JTAG probe, can be used with OpenOCD |
| JLink | $529.12 | Link | Extremely sound software support, supports a large amount of ARM chips, has built-in level shifting |
| Lauterbach | TBD | Link | Extremely powerful JTAG tooling that can be purchased with licenses targeting specific architectures/chipsets |
When attempting to utilize a hardware debug mechanism (especially from a black box perspective), there is no “one size fits all” tool. Whether you are accessing a JTAG tap or an SWD peripheral, there are two hurdles that you need to overcome:
- Can your hardware communicate with the TAP/DAP?
- Logic Levels, appropriate speeds, timings, etc
- Can your software properly enumerate and interact with the TAP/DAP?
- OpenOCD, UrJTAG, OEM Tools, etc
The right tools for the job is critical when looking at a new hardware-level debug peripheral. Make sure that you search for OEM software/hardware and always check the latest OpenOCD commits for similar targets.