Overview
Explore advanced techniques for discovering debug interfaces using the JTAGulator in this 43-minute Black Hat conference talk. Delve into the intricacies of JTAG, including its architecture, data registers, state machine, and instructions. Learn about software tools for ID code scanning, device identification, and bypass scanning. Witness practical demonstrations using various devices like Linksys WRT54G and Samsung products. Gain insights into UART specifications, asynchronous data transmission, and UART scanning techniques. Discover the limitations of current methods and potential future developments in the field. Acquire valuable resources for further information and engage in a Q&A session to deepen your understanding of debug interface discovery.
Syllabus
Intro
What is JTAG
What is cool about JTAG
What is interesting about JTAG
Fun slide
Architecture
Data Registers
State Machine
Instructions
Protection
Software Tools
ID Code Scan
Device ID
Bypass Scan
Timing with ID Code
Demo
LinksysWRT54G
Samsung
CplD
Samsung SCHI
JTAG Demonstration
UART Spec
TX RX
Asynchronous Data
The Scan
UART Scan Example
Speed
UARTs
Rootshell
USB to Serial
Limitations
Future Work
Where to Get Information
Questions
Taught by
Black Hat