It isn’t much trouble programming one of TI’s MSP430 chips, but outside of the official Flash Emulation Tool, TI doesn’t make programming one of these microcontrollers cheap. The most common way of programming an MSP430 is using a Launchpad Dev board, and [Vicente] has the best looking one yet.
The MSP430 series of chips can be programmed through JTAG or Spy-By-Wire, and the official, professional engineering tool from TI for these chips costs about $100. Those of us with more sense than money have another option – use one of the TI Launchpad dev boards as an MSP430 programmer.
[Vicente]’s project uses the MSP430G2 Launchpad, with just a few wires going to the proper connector found in the official programmer from TI. There are a few limitations; the programmer only works at 3.6V, so programming 1.8V devices might not be a good idea. Also, it only works with Spy-By-Wire and no JTAG support is available. Still, it’s a great looking project, and does exactly what it’s designed to.
[Lee] wrote in to tell us about a Set Top Box he hacked. Before the cable industry lawyers get out their flaming swords… he’s not stealing cable, or really doing much of anything. This is a hack just for the adventure and thrill of making someone else’s hardware design do your bidding without any kind of instructions.
He posted about the adventure in two parts. The first is finding the JTAG header and identifying the pins. Arduino to the rescue! No really, and this is the type of Arduino use we love. Using a package called JTAGenum the board becomes a quick tool for probing and identifying JTAG connections.
The image above shows a different piece of hardware. From looking at it we’re pretty sure this is a Bus Blaster which is specifically designed for JTAG debugging with ARM processors. This is the beginning of the second part of his documentation which involves code dumping and stepping through lines code (or instructions) using OpenOCD and GDB. It’s a chore to follow all that [Lee] discovered just to write his name to the display of the box. But we certainly found it interesting. The display has a convoluted addressing scheme. We assume that there are cascading shift registers driving the segments and that’s why it behaves the way it does. Take a look for yourself and let us know what you think in the comments.
About a decade ago, [Mansour] learned of the Linksys WRT54G, a wireless router that’s been shoved into just about every project under the sun. After learning of this device’s power, he decided a firmware upgrade was in order. Unfortunately, he accidentally bricked this router and left it sitting on a shelf for a few years.
Idle devices are the devil’s playthings, and when [Mansour] discovered a Samsung hard drive with a an SDRAM that was compatible with the WRT54G, he decided he would have a go at repairing this ancient router. There was only one problem: the most popular utility for programming the router through the JTAG header required a PC parallel port.
No problem, then, as [Mansour] had a Raspberry Pi on hand. The parallel port utility bit-banged the new firmware over to the router, something the GPIO port on the Pi could do in spades. By adding Pi support to the debricking utility, [Mansour] had a functional WRT54G with just a little bit of patience and a few wires connecting the GPIO and JTAG header.
[Joe Grand] has come up with a tool which we think will be useful to anyone trying to hack a physical device: The JTAGulator. We touched on the JTAGulator briefly during our DEF CON coverage, but it really deserves a more in-depth feature. The JTAGulator is a way to discover On Chip Debug (OCD) interfaces on unfamiliar hardware.
Open any cell phone, router, or just about any moderately complex device today, and you’ll find test points. Quite often at least a few of these test points are the common JTAG / IEEE 1149.1 interface.
JTAG interfaces have 5 basic pins: TDI (Test Data In), TDO (Test Data Out), TCK (Test Clock), and TMS (Test Mode Select), /TRST (Test Reset) (optional).
If you’re looking at a PCB with many test points, which ones are the JTAG pins? Also which test points are which signals? Sometimes the PCB manufacturer will give clues on the silk screen. Other times you’re on your own. [Joe] designed the JTAGulator to help find these pins.
Continue reading “JTAGulator Finds Debug Interfaces”
[Pesco] won one of Dangerous Prototypes’ PCB giveaways a few months ago. He opted for a CPLD breakout board. He just needed to put in a parts order and populate the components himself. But then what? He needed a JTAG programmer to work with the chip. Like any good autodidact he choose to make his own rather than buying one. He absorbed the JTAG specification and coded a bit banging programmer using an Arduino.
We’ve used JTAG many times to program ARM chips. But until now we never took the time to figure out how the specification works. If you’ve got an IEEE subscription you can download the whitepaper, but [Pesco] was also able to find one floating around on the interwebs. The flow chart on the left is the cheat sheet he put together based on his readings. From there he wrote the Arduino sketch which implements the programming standard, allowing him to interact with a chip through a minicom terminal window.
[via Dangerous Prototypes]
[Adarsh] needed a JTAG programmer to push code to a CPLD dev board he was working with. He knew he didn’t have a dedicated programmer but figured he could come up with something. Pictured above is his hack to use a Stellaris Evalbot as a programmer.
Long time readers will remember the Evalbot coupon code debacle of 2010. The kits were being offered with a $125 discount as part of a conference. We were tipped off about the code not know its restrictions, and the rest is history. We figure there’s a number of readers who have one collecting dust (except for people like [Adam] that used it as a webserver). Here’s your chance to pull it out again and have some fun.
A bit of soldering to test points on the board is all it takes. The connections are made on the J4 footprint which is an unpopulated ICDI header. On the software side [Adarsh] used OpenOCD with stock configuration and board files (specifics in his writeup) to connect to the white CPLD board using JTAG.
For day two of DEF CON, I checked out tamper evident devices, the contests area, and a few embedded talks. Read all about it after the break.
Continue reading “DEF CON: Tamper Evidence, Contests, and Embedded Talks”