JTAG access?
JTAG access?
Has anyone looked at using the JTAG port yet? it looks like the CPU is supported by OpenOCD I'm sure there are a few bricked units out there the could benefit from a JTAG. I'm going to start looking at it in the next couple weeks just curious if anyone has looked that this attack vector yet?
Re: JTAG access?
Are you referring to the JTAG SPI Flash SSP3 ? I investigated it quite a bit and ended up with the idea of using a BlackCat SPI flash programmer (of which I actually have already) or seeing if the xbox 360 SPI programmer could be used for reading&writing the wink flash. I think it should work in theory but I am not sure how I would go about determining the pinout between the BlackCat and the Wink Flash JTAG. I believe the flash chip is a 128MB Spansion S34ML01G100TF100 which is pretty well documented. Someone more knowledgeable than me in nand flash programming could probable fill in some blanks and make this happen.
-
- Posts: 1
- Joined: Wed Aug 26, 2015 12:40 am
Re: JTAG access?
I know this post is old, but I reverse engineered the CPU JTAG pinout:
http://jalderman.org/?p=318
I used this to dump a NAND image and root my hub.
http://jalderman.org/?p=318
I used this to dump a NAND image and root my hub.
Re: JTAG access?
translucent1 wrote:I know this post is old, but I reverse engineered the CPU JTAG pinout:
http://jalderman.org/?p=318
I used this to dump a NAND image and root my hub.
translucent1,
Ok, you impressed me! That's pretty awesome work.
FYI, I made you a site moderator. I encourage you to update us with any further findings! I appreciate your post.
-CloneNum3
Who is online
Users browsing this forum: No registered users and 1 guest