Extracting and Modifying Firmware with JTAG

Awesome video!! Could you do something with STM chips that are locked sometime soon? My vaguest of vague understanding is that you can sometimes do something with pulling boot select pins low to get it into a debug mode regardless of other configurations, but I don't have the first clue how to actually do that irl. Keep up the great videos m8!

jc

Great video! Minor vim note: at @17:30, you can use capital R to enter Replace mode. That way you won't have to count anything. Just make sure you only modify ASCII characters.

toadtws

Where is a repository link to PCB files of that badge? Looks like a nice little capacitive keyboard.

OMNI_INFINITY

So cool! What are you going to push to it next, if anything?

mattp

Hi Matt. What would be your recommended JTAG model brand?

daixtr

How did you know to use the SI form of Mbit and not the binary form of Mbit?

Finrow

Can you do the Huawei H112-372? how to get UART and JTAG.

michaelmclardy

Why not just hook up to the SPI NOR flash and dump that way? flashrom, ftw.

RussellSenior

I dislike that connector style so much. The cable is expensive and the pins will bend easily.

XenoTravis

Oh my god, just found this channel and it's an absolute goldmine :-) thanks for all the awesome content!

PeterBagel-tixw

Hi Matt, very Informative video. Is there any way to convert the binary dump to source code or to understand it better ?

goutham

Minor correction to the video - video title states using JTAG to extract firmware, while Matt used SWD instead. JTAG is an industry standard interface, while SWD is more vender specific. Apart from showing the JTAGulator Matt does not actually use it :-(

slincolne

I recently came across your channel and I love your videos. If you ever have a project where you gain practical functionality of a device by hacking it, that would make a great video. Like the security camera sending the stream to a self hosted storage server or other ideas you may have.

sammay

Hall Karen Hernandez Christopher Jones Jose

marvinesvancese

Man I keep seeing JTAG written on different boards


I'm still a rookie, got a long waaay to go

a-listercrowley

Very informative, great info! Thank you for making this. BTW your audio is really low.

robertbauer

Dear sir I have a problem that the mcu has tooll0 pin reset pin vcc and ground .
How I can extract firmware from the mcu

rajivsingh

Trying to learn all of this and very overwhelmed. Are you able to access the jtag state machine this way? And command the actual registers? I’m reading how to do that, but nobody ever explains how they gain access to do that… and what they are typing the commands on/through…. Sorry if this is a stupid question

ggNotSuree

I just got a bus pirate 3.6a and, I'm wanting to connect to a device using JTAG. The available pins on it are:

TDO, TDI, TMS, TCK, GND, RESET

Do I just connect it the same named pin, as from the bus pirate to the device? (Like TDO - TDO, TDI - TDI...etc etc for all of them). Years ago, I used uart but, I'm not seeing those connections on the board I'm trying to mess around with. I just can't seem to find a guide / tutorial that explains how to set it up for newbs.

woolfy

I am all for IOT companies not disabling JTAG. Just keep them away from evil maids, and you're all good.

JamesColeman