I have a success rate of 1 out of 12 for decoding jtag interfaces. My success was a DVD player and when I got a command shell it was worth all the learning and effort. I do like your method of mapping the interface and trying to find a match. I have one in process now, and I will let you know how it goes.
Dear Ing. di Giampietro, I've bumped in this video looking for how the mass production devices are programmed. I found an incredibly well explained video and interesting channel that I'll explore deeper for sure. Thank you very much for it !
I've been looking for you forever. You didn't have to share your knowledge but you did and that is incredibly generous. I... and others like me are very grateful.
Excellent work! I was looking for info on the JTAG interface for a specific router and came across this video. Although irrelevant to what I was originally looking for, I stayed and watched it through. Very good presentation and detailed. I must say I learned something new today. Thank you sir. Greetings from a fellow engineer. Keep up the good work!
I played with hacking the SB5100 series modems using a parallel to JTAG interface. I was merely following a tutorial, but now I have a much better understanding of A) How cool it was for the guy to have found the pins to get at the hardware and B) the fact that he wrote his own firmware is freakin awesome. Thanks for the video, both instructional and fun
I like to close my eyes and listen to you @TheSevonne, TEACHING YOUR KNOLODGE IN ITALIAN as much as he does in English. I hope you learned a thing or two from this page. I know I have. I been JTAGING (AVR) for years and I didn't know how to find the JTAG points with a multimeter.
I just discover your channel ! You remind me one of my BEST teacher when I was in college. Your explanation are very clear and structured. Thank you very much, subscribed + ring bell ;-)
I am so glad I stumbled onto your channel! This is the BEST information and presentation of that information I've ever found. I've shared your content with serval of my friends and have subscribed for more. Thank you so much for this priceless content you are making and for sharing your very deep knowledge!
Loved the video, Valerio! I learned a bunch of things. Thank you. I’ve ordered a Jtagulator to solder its components myself and I’m looking forward to putting these lessons to practice
A part all passive components and some mosfet and interface Ic , it doesn't the controller IC P8X32A-Q44 require programming? or is ready to use once purchased ?, Thank you
This video is excellent! Using the multimeter resistance and voltage measurement method, I managed to successfully deduce the JTAG pinout of a Samsung SPH-A700 cell phone by doing this on that phone along with a Samsung SPH-A880 that already had a known JTAG pinout (Since the A880 is very similar in terms of hardware to the A700).
Video interessante, complimenti. è sempre bello sentire di tanto in tanto un italiano, in questa piattaforma prevalentemente popolata da nativi anglofoni
Hello Friendly Hardware Hacking Neighbor!!! I absolutely LOVE your videos. I love your accent too, sometimes it's hard to understand but I am able to if I concentrate. I like to tinker with electronics stuff and I don't remember how I came across your videos but I am fascinated. I am already tearing apart old routers and wifi extenders and mini spy-cams. I am waiting for my FTDI from amazon and can't wait to use some of the tools you are showing me to hack into some of these things. Thank you SO MUCH for taking the time to make these videos! I have a question please...? For a beginner what would you recommend as for products on your list to purchase where a noob could get into this without spending a fortune. Like, those debug probes are expensive, do I need that right away or will it be ok to start out with the JTagulator and go from there? I look forward to hearing back from you and once again, THANK YOU!
This is an amazing series. I am barely new to electronics, but your videos have me immersed into hardware hacking. I just bought a rice maker, for 39.00 dollars to setup as my first project. Following along!!! Amazing again!
Excellent video and thank you for sharing. As you mentioned in the beginning of the video, it would be even possible to "debrick" a device with the help of JTAG by flashing the right firmware to the EEPROM. I ran exactly into this problem. I'v got a osziloscope with a Samsung S3C2416XH connected to an EEPROM Samsung K9F1G08U0D. Both components are quite popular. My measurements are nearly the same, but the order of the of pins the JTAG are a bit different on the board (I think it's a proprietary one). In my case I got *5* pins with R(gnd) and R(vcc) and V > 0. How could I find out with pins are right one without buying JTAGuator? Any hints?
Thank you very much for such a detailed video. Really appreciate the hard work you have put in to explain these concepts. Looking forward to learn more. Hope you are safe and sound in Italy amidst this pandemic time. May God bless and keep you and your family safe. Greetings from India 🙏🏼. Subscribed 🙂
Hello Zubin Bhathena, thank you for your appreciation and support. I and my family are safe, we stay at home, we try to anyway enjoy our time at home. Now the situation in Italy is slightly improving, in the last days we had decreasing number of deaths, of hospitalised peoples and of patients in intensive care.
I just got a bus pirate 3.6a and, I'm wanting to connect to a device using JTAG. The available pins on it are: TDO,TDI,TMS,TCK,GND,RESET Do I just connect it the same named pin, as from the bus pirate to the device? (Like TDO - TDO, TDI - TDI...etc etc for all of them). Years ago, I used uart but, I'm not seeing those connections on the board I'm trying to mess around with. I just can't seem to find a guide / tutorial that explains how to set it up, for newbs.
On some boards there are no pads for JTAG or UART. In which case you can scrape the trace lines and attach 0.1mm wire. You need a microscope for this but it works well.
if you have good eyes you dont need a microscope i have precise eyes because i am young but i understand some people have difficulties with soldering it, you need a fine tip not specialy a microscope
First of all, thanks a lot! I have a question for you: at 18:40, how did you hook up the headers to these spots? these were not classical pads as we often see in JTAG/UART? (subscribed, big kudos)
Hi Omer, thank you for your appreciation and for your question. The pads are for a surface mount 2x5, 2.54mm pitch connector (like this one: www.aliexpress.com/i/32915471614.html ), I didn't have that connector available, so I replaced it with a couple of PTH (not SMD!) female headers soldering them in an "unusual way".
Does a mini body camera (no wifi) have aa jtag? I just want to hack into the firmware in order to try and change the recording mode. Somehow its hardwired to record 3 minute increments only and no option for continous recording.
Thank you very much 🙂 ,Valerio..... Your video is excellent and full of knowledge..... Can i ask some question about JTAG [i search in google but i cannot find the exact answer].... 1) is JTagulator's function only to find the pin corresponding to JTAG? or can it be use as like of "BUS PIRATE/SHIKRA"? 2) Can i use the same "JTAG debug probe" for different ic like "AMD","ARM"....etc [i dont wnat to buy multiple Jtag probes for each ic type]? 3) Can you recommend me some good Jtag debug probe which cost around $20-$40?..... because JTagulator is costly for me
Hi Nongin, thank you for your appreciation and your question! 1. my understanding is that JTagulator's function is only to find the corresponding JTAG pin and not to be used as a "JTag probe"; 2. an excellent and low-cost probe, in my opinion, is the Segger J-Link Edu mini, it is perfect for ARM-based chips, but works also with other architectures, and it is supported by the excellent Segger software. It's not open-source hardware or open-source software, but it can be used for non-commercial purposes with free of charge Segger software. It costs around 17/30 dollars. There are also very cheap, pirated clones, but I don't recommend them because you are never sure that they will work. Another low-cost probe is Bus Bluster, to be used with OpenOCD. or Bus Pirate. Bus Pirate is, perhaps more versatile but it is very slow. 3. You can use the above probes to interact with the JTag interface; to automatically identify JTag pinout a cheap alternative to JTagulator is to use an Arduino board with the freely available JTAGenum software, but you have to pay attention because JTagulator does voltage conversion (3.3V 5V) and input protection, Arduino does not. So, maybe, you have to use some 3.3V based Arduino and, maybe, you have to use some low-value resistors to protect inputs.
@10:28 vicino al processore mi è sembrato di vedere un grosso connettore bianco UART, qual è il vantaggio nell'usare JTAG rispetto alla comoda UART? In queste schede la memoria non è nemmeno nascosta e con un programmatore universale si può leggere
You could use the mcu jtag pins directly - might require some soldering or micro clips attached to the pins. If your test board has jtag pins, can you trace them back to the mcu? The Jtagulator is helpful to identify pins at a connector or grouping of pins, but not required. Sometimes, it's easier to work with pins at a connector or pad group, then tapping the mcu pins which are often tiny.
Hello Sir, I have utilized the JTAGulator and have identified all but one pin. TDI is showing N/A but others are showing as: TD0: 3, TCK: 0, TMS: 1, TRST: 7. I'm using channels 0-7. Device ID is showing 0x502BF17F. How would you advise to discern TDI? Thank you so much for your video tutorials.
Great video! thanks for sharing your knowledge and time. BTW. In general I'd recommend to make videos not longer than 15 minutes if possible. Long video can be discouraging to watch, 15 minutes is optimal time for a video. liveoverflow youtuber had a huge success with video not longar than 15 minutes.
Hi MarKac, thank you for your support and your suggestion. My original goal was to have shorter videos, about 15/20 minutes, of self-contained espisode with arguments introduced and resolved within the same episode. I am still learning how to plan an episode that is both self-contained and shorter, because you are right that longer videos can be discouraging to watch.
@@MakeMeHack I have to disagree with MarKac, when a individual is interested in this type of information as it's hard to come by it really doesn't matter on how long an episode is this subject is really helpful, I would devote some time to watch and learn some techniques. I subscribed as well of course, thank you for your time and effort to share you knowledge, take care.
Hi. I wanna hack a TV box with NAGRA OS and I don't know how can I find JTAG pinout. The processor is a STI7141BKWB and can't find pinout in datasheet. In this case, why can I found this pinout?
this is so weird looking at Putty on a linux machine where you have so much cli tools to connect serial port. stty, cu, or basically all application which could work with basic file io....
![Felix "Unfair" | [Stray Kids : SKZ-PLAYER]](http://i.ytimg.com/vi/Oswujxm2Ag0/mqdefault.jpg)
Didn't know a multimeter could be used to identify the different jtag pins, this is awesome, thank you.
Thanks Valerio for doing this in English. (So many indian videos I can't understand) Your english is clear :)
I have a success rate of 1 out of 12 for decoding jtag interfaces. My success was a DVD player and when I got a command shell it was worth all the learning and effort. I do like your method of mapping the interface and trying to find a match. I have one in process now, and I will let you know how it goes.
Dear Ing. di Giampietro, I've bumped in this video looking for how the mass production devices are programmed. I found an incredibly well explained video and interesting channel that I'll explore deeper for sure. Thank you very much for it !
I've been looking for you forever. You didn't have to share your knowledge but you did and that is incredibly generous. I... and others like me are very grateful.
Thanks bro finally someone who isn't posting malware or fake stuff, you deserve my subscribe!
i just watched the introduction and I wanted to thank you already
Hello Ramzi rabah hazila, thank you for your appreciation!.
I watched the full video several times. Its like a college JTAG class. GRACIAS!
Excellent work! I was looking for info on the JTAG interface for a specific router and came across this video. Although irrelevant to what I was originally looking for, I stayed and watched it through. Very good presentation and detailed. I must say I learned something new today. Thank you sir. Greetings from a fellow engineer. Keep up the good work!
Hello Μανούσος Πουλινάκης, thank you for your compliment and for your encouraging appreciation and support.
I played with hacking the SB5100 series modems using a parallel to JTAG interface. I was merely following a tutorial, but now I have a much better understanding of A) How cool it was for the guy to have found the pins to get at the hardware and B) the fact that he wrote his own firmware is freakin awesome. Thanks for the video, both instructional and fun
close your eyes and imagine count dracula is teaching you. Best accent ever 💯 10/10 👏🏻 👏🏻👏🏻👏🏻
If Count Dracala was Italian.
I like to close my eyes and listen to you @TheSevonne, TEACHING YOUR KNOLODGE IN ITALIAN as much as he does in English. I hope you learned a thing or two from this page. I know I have. I been JTAGING (AVR) for years and I didn't know how to find the JTAG points with a multimeter.
Dracula was Transylvanian and Sr. Giampietro is Italian... Oh wait! You're right
1. 2. 3eeeeee. 3 torials per day. Bwahahaha
I just discover your channel ! You remind me one of my BEST teacher when I was in college. Your explanation are very clear and structured. Thank you very much, subscribed + ring bell ;-)
I am so glad I stumbled onto your channel! This is the BEST information and presentation of that information I've ever found. I've shared your content with serval of my friends and have subscribed for more. Thank you so much for this priceless content you are making and for sharing your very deep knowledge!
Loved the video, Valerio! I learned a bunch of things. Thank you.
I’ve ordered a Jtagulator to solder its components myself and I’m looking forward to putting these lessons to practice
Instablaster...
A part all passive components and some mosfet and interface Ic , it doesn't the controller IC P8X32A-Q44 require programming? or is ready to use once purchased ?, Thank you
Very good voice. Intonation like a singer! Pleasant to pay attention to.
This video is excellent! Using the multimeter resistance and voltage measurement method, I managed to successfully deduce the JTAG pinout of a Samsung SPH-A700 cell phone by doing this on that phone along with a Samsung SPH-A880 that already had a known JTAG pinout (Since the A880 is very similar in terms of hardware to the A700).
after a long time i found some thing interesting to learn further. thanks a lot.
Subscribed instantly and liked immediately. Great content. Keep it coming.
God bless you dude. These videos contain the most solid information i have ever found. I will be studying these very much😊
Hi Harrison, thank you for your appreciation an support!
Valeu!
Amazing video! Very helpful! Subscribed right away! :)
Keep it coming, i love your videos!
Greetings from Northern Italy ;)
Amazing content and amazing channel. Thank you so much for all the hard work you put into it. I'm learning a lot!
Hello Luis A. Gomez, thank you for your appreciation and glad you enjoyed it.
first video I've watched and I already love the channel!
Video interessante, complimenti.
è sempre bello sentire di tanto in tanto un italiano, in questa piattaforma prevalentemente popolata da nativi anglofoni
Estoy de acuerdo, pero no solamente leen los los anglos, esto, tambien los latinos.
Thank you again. Very nice explanation. You should have been my lecturer.
Love this channel sir and bow down to you
Hy Kimg, take this 👑, you had dropped it
Hello Friendly Hardware Hacking Neighbor!!! I absolutely LOVE your videos. I love your accent too, sometimes it's hard to understand but I am able to if I concentrate. I like to tinker with electronics stuff and I don't remember how I came across your videos but I am fascinated. I am already tearing apart old routers and wifi extenders and mini spy-cams. I am waiting for my FTDI from amazon and can't wait to use some of the tools you are showing me to hack into some of these things. Thank you SO MUCH for taking the time to make these videos! I have a question please...? For a beginner what would you recommend as for products on your list to purchase where a noob could get into this without spending a fortune. Like, those debug probes are expensive, do I need that right away or will it be ok to start out with the JTagulator and go from there? I look forward to hearing back from you and once again, THANK YOU!
Hardware hacking friend! I hope you are well. Thanks for the inspiration to take apart all my electronics!! Please create new content ❤️❤️❤️
Thank you Sir, truly appreciate, beautifully explained, memory stacks, layers mode select
Thanks for the great content :) very helpful and well structured tutorial
I know you mention to take measurements against VCC. What is the purpose for measuring jtag pins against VCC?
This is an amazing series. I am barely new to electronics, but your videos have me immersed into hardware hacking. I just bought a rice maker, for 39.00 dollars to setup as my first project. Following along!!! Amazing again!
Many many best this vedio in youtube warld , i m very impressed. God bless you sir 🙏 . How much price JTag NT4.0
Maestro! Quanto avrei voluto averla come maestro fin dall infanzia per imparare ste cose!!posso aiutarla con l inglese se lei m aiuta con l hacking!
Excellent video and thank you for sharing. As you mentioned in the beginning of the video, it would be even possible to "debrick" a device with the help of JTAG by flashing the right firmware to the EEPROM. I ran exactly into this problem. I'v got a osziloscope with a Samsung S3C2416XH connected to an EEPROM Samsung K9F1G08U0D. Both components are quite popular.
My measurements are nearly the same, but the order of the of pins the JTAG are a bit different on the board (I think it's a proprietary one). In my case I got *5* pins with R(gnd) and R(vcc) and V > 0.
How could I find out with pins are right one without buying JTAGuator? Any hints?
Thank you very much for such a detailed video. Really appreciate the hard work you have put in to explain these concepts. Looking forward to learn more.
Hope you are safe and sound in Italy amidst this pandemic time. May God bless and keep you and your family safe. Greetings from India 🙏🏼. Subscribed 🙂
Hello Zubin Bhathena, thank you for your appreciation and support. I and my family are safe, we stay at home, we try to anyway enjoy our time at home. Now the situation in Italy is slightly improving, in the last days we had decreasing number of deaths, of hospitalised peoples and of patients in intensive care.
Valerio Thank you. I will have to watch your video a few more times but the information is good
Thank you for the video. I have question how did you find locate the reference vcc pin to check against the header, the steps were not clear to me?
25:58 I would think in this case, you could simply replace the SOC with a new SOC chip which doesn't have the fuse blown?
يا اخي تستاهل جنة ، شكرا
I just got a bus pirate 3.6a and, I'm wanting to connect to a device using JTAG. The available pins on it are:
TDO,TDI,TMS,TCK,GND,RESET
Do I just connect it the same named pin, as from the bus pirate to the device? (Like TDO - TDO, TDI - TDI...etc etc for all of them). Years ago, I used uart but, I'm not seeing those connections on the board I'm trying to mess around with. I just can't seem to find a guide / tutorial that explains how to set it up, for newbs.
On some boards there are no pads for JTAG or UART. In which case you can scrape the trace lines and attach 0.1mm wire. You need a microscope for this but it works well.
if you have good eyes you dont need a microscope i have precise eyes because i am young but i understand some people have difficulties with soldering it, you need a fine tip not specialy a microscope
First of all, thanks a lot! I have a question for you: at 18:40, how did you hook up the headers to these spots? these were not classical pads as we often see in JTAG/UART?
(subscribed, big kudos)
Hi Omer, thank you for your appreciation and for your question.
The pads are for a surface mount 2x5, 2.54mm pitch connector (like this one: www.aliexpress.com/i/32915471614.html ), I didn't have that connector available, so I replaced it with a couple of PTH (not SMD!) female headers soldering them in an "unusual way".
@@MakeMeHack thanks!! really appreciate this! Wish you all the best
The JTAGulator is very old (and expensive).
Is it still supported?
Is it still updated with new features?
Is it still worth buying?
Thank you very much for explaining so very clearly.
Nice work 👍👍
Signore grazie mille . Stavo cercando una spiegazione cosi simplice. ..
Grazie dei complimenti!
Excellent, completely excellent.
Very good explanation. Thanks.
Does a mini body camera (no wifi) have aa jtag? I just want to hack into the firmware in order to try and change the recording mode. Somehow its hardwired to record 3 minute increments only and no option for continous recording.
Hi and thanks for your awesome videos. Can you recommend a different JTAG programmer? Bus Blaster seems currently out of stock.
Very good, it's is extremely helpful.
Thank's for sharing!
Do you know which Intel based motherboards come with JTAG pins? Thank you.
PCBite kit with 2x SP200 and 4x SP10 probes might work for getting to those small pins.
Thank you very much 🙂 ,Valerio..... Your video is excellent and full of knowledge.....
Can i ask some question about JTAG [i search in google but i cannot find the exact answer]....
1) is JTagulator's function only to find the pin corresponding to JTAG? or can it be use as like of "BUS PIRATE/SHIKRA"?
2) Can i use the same "JTAG debug probe" for different ic like "AMD","ARM"....etc [i dont wnat to buy multiple Jtag probes for each ic type]?
3) Can you recommend me some good Jtag debug probe which cost around $20-$40?..... because JTagulator is costly for me
Hi Nongin, thank you for your appreciation and your question!
1. my understanding is that JTagulator's function is only to find the corresponding JTAG pin and not to be used as a "JTag probe";
2. an excellent and low-cost probe, in my opinion, is the Segger J-Link Edu mini, it is perfect for ARM-based chips, but works also with other architectures, and it is supported by the excellent Segger software. It's not open-source hardware or open-source software, but it can be used for non-commercial purposes with free of charge Segger software. It costs around 17/30 dollars. There are also very cheap, pirated clones, but I don't recommend them because you are never sure that they will work. Another low-cost probe is Bus Bluster, to be used with OpenOCD. or Bus Pirate. Bus Pirate is, perhaps more versatile but it is very slow.
3. You can use the above probes to interact with the JTag interface; to automatically identify JTag pinout a cheap alternative to JTagulator is to use an Arduino board with the freely available JTAGenum software, but you have to pay attention because JTagulator does voltage conversion (3.3V 5V) and input protection, Arduino does not. So, maybe, you have to use some 3.3V based Arduino and, maybe, you have to use some low-value resistors to protect inputs.
@@MakeMeHack Thank You very much 🙂
@@MakeMeHack I've recently found this... which might give us a cheap Arduino-based JTAGulator alternative. github.com/dxa4481/inputProtectionShield
Very nice information Sir
AWESOME EXPLANATION
Very interesting and detailed information
This accent is awesome!
@10:28 vicino al processore mi è sembrato di vedere un grosso connettore bianco UART, qual è il vantaggio nell'usare JTAG rispetto alla comoda UART? In queste schede la memoria non è nemmeno nascosta e con un programmatore universale si può leggere
what if I have the datasheet for the processor and it shows which pins are TDI, TDO, TCK and TMS? I don't need to use JTagulator right?
You could use the mcu jtag pins directly - might require some soldering or micro clips attached to the pins. If your test board has jtag pins, can you trace them back to the mcu? The Jtagulator is helpful to identify pins at a connector or grouping of pins, but not required. Sometimes, it's easier to work with pins at a connector or pad group, then tapping the mcu pins which are often tiny.
Thank you very much for the detailed information. I just subscribe to your channel.
Bel video Valerio, grazie mille.
Glad I found you! Thank you for sharing.
Thank you! So cool 😎
Buona sera!
Molto interessante, Bravo!
Salute sir very knowledgeable video
God bless you brother. God bless you.
sir, can you help to find jtag pinout of NVME, please
Is security skipped in the JTAG architecture?
Hello Sir, I have utilized the JTAGulator and have identified all but one pin. TDI is showing N/A but others are showing as: TD0: 3, TCK: 0, TMS: 1, TRST: 7. I'm using channels 0-7. Device ID is showing 0x502BF17F. How would you advise to discern TDI? Thank you so much for your video tutorials.
thanks a lot ...keep on please
em controlador embarcado de laptop com interface jtag, como o nuvoton 288/388 e funciona mec1609, 16xx ???
you are fantastic man! thanks a lot!
Grazie! Greetings from Russia)
"My name is Velerio Di Giampietro. But everybody calls me Giampetro."
thankyou for this more tutorial to come please.
Благодарю за видео 👍👍👍
Hi How are you Sir i need to know can i jag EchoLife huawei Router Model HG8546M with Rt 809h programmer
please explain me Thanks
Learning By Yourself Is Sometimes Best.
Best thanks from 🇨🇭
Great Video!
Great, thanks a lot. 👍🏼🇧🇷
Is there a open-source tool you can download free to use with a jtag interface?
Great video! thanks for sharing your knowledge and time. BTW. In general I'd recommend to make videos not longer than 15 minutes if possible. Long video can be discouraging to watch, 15 minutes is optimal time for a video. liveoverflow youtuber had a huge success with video not longar than 15 minutes.
Hi MarKac, thank you for your support and your suggestion. My original goal was to have shorter videos, about 15/20 minutes, of self-contained espisode with arguments introduced and resolved within the same episode. I am still learning how to plan an episode that is both self-contained and shorter, because you are right that longer videos can be discouraging to watch.
@@MakeMeHack I have to disagree with MarKac, when a individual is interested in this type of information as it's hard to come by it really doesn't matter on how long an episode is this subject is really helpful, I would devote some time to watch and learn some techniques. I subscribed as well of course, thank you for your time and effort to share you knowledge, take care.
Hi,@@ducky0069thank you for your support and for your opinion!
How to usb dongle protection software bypass by using Reverse Engineer ?
Hello ARYAN SUPPORT, thank you for your comment. Unfortunately, I have not been involved yet in this kind of reverse engineering, so I cannot help.
fantastic-fantastic-fantastic
Salve per le centraline Blu&me delle auto mi sa dire qualcosa?
Sei un grande
Hi. I wanna hack a TV box with NAGRA OS and I don't know how can I find JTAG pinout. The processor is a STI7141BKWB and can't find pinout in datasheet. In this case, why can I found this pinout?
AMAZING...thanks a lot
Thanks for sharing!
Sir how can I copy a program from Gd32f150c8t6 arm giga device
this is so weird looking at Putty on a linux machine where you have so much cli tools to connect serial port. stty, cu, or basically all application which could work with basic file io....
Teacher..how to read ECU data ? Please make video about it 🙏🙏
Thank you.
I hope you are alive 🙏
thank you !
AWESOME
Fantastico graziee
Thank you.