Great video! Minor vim note: at @17:30, you can use capital R to enter Replace mode. That way you won't have to count anything. Just make sure you only modify ASCII characters.
Minor correction to the video - video title states using JTAG to extract firmware, while Matt used SWD instead. JTAG is an industry standard interface, while SWD is more vender specific. Apart from showing the JTAGulator Matt does not actually use it :-(
I see you vidéo is good thinks . I work in mcu mec1723 but in j link i cant found this serial i found mec170x how i can add mec1723 if not . I ts possible to connecte mec1723 with config of mec170x . Thinks
Awesome video!! Could you do something with STM chips that are locked sometime soon? My vaguest of vague understanding is that you can sometimes do something with pulling boot select pins low to get it into a debug mode regardless of other configurations, but I don't have the first clue how to actually do that irl. Keep up the great videos m8!
I recently came across your channel and I love your videos. If you ever have a project where you gain practical functionality of a device by hacking it, that would make a great video. Like the security camera sending the stream to a self hosted storage server or other ideas you may have.
Hi there, Could you help me out. I need to download the firmware from a working C49 controller on a miner, and upload it into a controller I played around with and erased the whole nand from the terminal. Any ideas? I have a JTAG DLC 10 programmer, for Xilinx chips. Many thanks.
I just got a bus pirate 3.6a and, I'm wanting to connect to a device using JTAG. The available pins on it are: TDO,TDI,TMS,TCK,GND,RESET Do I just connect it the same named pin, as from the bus pirate to the device? (Like TDO - TDO, TDI - TDI...etc etc for all of them). Years ago, I used uart but, I'm not seeing those connections on the board I'm trying to mess around with. I just can't seem to find a guide / tutorial that explains how to set it up for newbs.
Trying to learn all of this and very overwhelmed. Are you able to access the jtag state machine this way? And command the actual registers? I’m reading how to do that, but nobody ever explains how they gain access to do that… and what they are typing the commands on/through…. Sorry if this is a stupid question
The last command is not supported by jlink commander v7.88j, start here^[nmatt@ripper badge]$, ..savebin is only working , I am trying to extract stm32f103r8,,
Great video! Minor vim note: at @17:30, you can use capital R to enter Replace mode. That way you won't have to count anything. Just make sure you only modify ASCII characters.
Oh my god, just found this channel and it's an absolute goldmine :-) thanks for all the awesome content!
Minor correction to the video - video title states using JTAG to extract firmware, while Matt used SWD instead. JTAG is an industry standard interface, while SWD is more vender specific. Apart from showing the JTAGulator Matt does not actually use it :-(
You can extract it with JTAG, Matt mentioned that, he just used SWT option
I see you vidéo is good thinks . I work in mcu mec1723 but in j link i cant found this serial i found mec170x how i can add mec1723 if not . I ts possible to connecte mec1723 with config of mec170x . Thinks
Awesome video!! Could you do something with STM chips that are locked sometime soon? My vaguest of vague understanding is that you can sometimes do something with pulling boot select pins low to get it into a debug mode regardless of other configurations, but I don't have the first clue how to actually do that irl. Keep up the great videos m8!
Your channel is incredible!
I recently came across your channel and I love your videos. If you ever have a project where you gain practical functionality of a device by hacking it, that would make a great video. Like the security camera sending the stream to a self hosted storage server or other ideas you may have.
Hi Matt, very Informative video. Is there any way to convert the binary dump to source code or to understand it better ?
Where is a repository link to PCB files of that badge? Looks like a nice little capacitive keyboard.
Hi there,
Could you help me out. I need to download the firmware from a working C49 controller on a miner, and upload it into a controller I played around with and erased the whole nand from the terminal.
Any ideas? I have a JTAG DLC 10 programmer, for Xilinx chips.
Many thanks.
I just got a bus pirate 3.6a and, I'm wanting to connect to a device using JTAG. The available pins on it are:
TDO,TDI,TMS,TCK,GND,RESET
Do I just connect it the same named pin, as from the bus pirate to the device? (Like TDO - TDO, TDI - TDI...etc etc for all of them). Years ago, I used uart but, I'm not seeing those connections on the board I'm trying to mess around with. I just can't seem to find a guide / tutorial that explains how to set it up for newbs.
I would like to see the use of some software that can de-compile a firmware file.
Dear sir I have a problem that the mcu has tooll0 pin reset pin vcc and ground .
How I can extract firmware from the mcu
Trying to learn all of this and very overwhelmed. Are you able to access the jtag state machine this way? And command the actual registers? I’m reading how to do that, but nobody ever explains how they gain access to do that… and what they are typing the commands on/through…. Sorry if this is a stupid question
sir, can you help to find jtag pinout of NVME, please
Can you do the Huawei H112-372? how to get UART and JTAG.
Why not just hook up to the SPI NOR flash and dump that way? flashrom, ftw.
This video was specially to demo JTAG
Hi Matt. What would be your recommended JTAG model brand?
I am all for IOT companies not disabling JTAG. Just keep them away from evil maids, and you're all good.
Very informative, great info! Thank you for making this. BTW your audio is really low.
Thanks! Trying to find the sweet spot with the audio
How did you know to use the SI form of Mbit and not the binary form of Mbit?
Honestly I guessed 😅
Does the J-link support Atmega32u4 ?
What is the debugger model you are using?
xgecu tl866ii plus
Also have the newer xgecu t48
So cool! What are you going to push to it next, if anything?
might require some big time reverse engineering :D I wonder if they released the source code to the badge......
@@mattbrwn another question: can it run doom (just thought of this)
@@mattbrwn have you thrown it into Ghidra yet? Assuming it’s an ELF, Is the binary stripped?
Where I could buy the student version of the j link
Man I keep seeing JTAG written on different boards
I'm still a rookie, got a long waaay to go
Can we do it on Windows or we have to use Linux?
Yes the volume is very low on your end,
You could have added the part where you locate the h/w key to crack it 😛
And that was preety amazing
Great work 👌👏
Do u have epon firmware for Zte
what microscope do you use for videos?
AmScope
Very nice
I dislike that connector style so much. The cable is expensive and the pins will bend easily.
16 megabits is 2 megabytes, which is 0x200000... Converting 20000000 decimal to hex is not 2 megabytes.
Your video is flipped.
lol good catch. I thought I fixed that... I'm kinda new to OBS
White Donna Martinez Brenda Lee Scott
Now to find an old xbox 🤣
The last command is not supported by jlink commander v7.88j, start here^[nmatt@ripper badge]$, ..savebin is only working , I am trying to extract stm32f103r8,,
amazing man, thank you for the cool stuff , hacked by nmat😊
Hi matt, do you can read this ic for me?
Mb9af004bgl-g-103-ere1
Mb9af004bgl-g-103-k1ere1