A couple weeks ago Attify founder Aditya Gupta teamed up with Joe Grand to put on a free webinar about hardware hacking. I’ve been a fan of both of these guys work for a while now so when I saw it was happening I registered right away. One of their plans for the webinar was to giveaway the popular JTAGulator Joe Grand designed a couple years ago. To my surprise I got a tweet a couple hours after the webinar that I had WON! A Couple weeks later this awesome piece of hardware showed up on my doorstep!
Looks cool but WTF does it do?!?
If you’re even a little bit familiar with hardware hacking or embedded systems then you know JTAG and UART are arguably the most useful serial ports. Unfortunately there’s not always documentation available showing you the location of debug pinouts, and this is where the JTAGulator can save you a ton of time! So let’s say you have a new embedded device that you want to poke around on and see what it’s security is all about. If you’re anything like me the first thing you’re going to do is find a way to open it up and get access to the board to see what physical attack vectors are present. On most embedded devices their will be either UART and/or JTAG. However, The exact pin layout will not be labeled and this is where the JTAGulator comes into play. I’ll explain how to use the JTAGulator more in upcoming posts.
First Look & Firmware Update
So the first thing we’re going to do is just connect the JTAGulator VIA USB and print some version info about the JTAGulator. Since I’m on macOS I’ll be showing the specific commands/paths as they appear on my system. The first thing we’re going to need is install Screen so we can interface with the JTAGulator’s menu. Open up the terminal emulator of your choice and run
/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
/* Install screen */
brew install screen
Now let’s connect to the JTAGulator. You can find the location of your device simply by running ls /dev/tty.*
/* use "H" to see a list of commands and "J" to print the version info */
As long as everything is setup right you should see the following after running the help and version commands.
A brand new JTAGulator should come with firmware version 1.2.2 flashed. At the time of writing this however the current firmware version is 1.5, So we’re going to have to update to get all of the current features. First grab a copy of the Propeller Tool and install it on your system. As I mentioned earlier I’m doing this on macOS but to update the firmware we’ll need to use a Windows VM and Propeller Tool since there were complications when flashing on macOS with PropellerIDE. You’ll also need to download the JTAGulator Firmware from the GitHub repo. Once you’ve installed Propeller Tool connect the JTAGulator Via USB and open the JTAGulator.eeprom file. Click Load EEPROM and wait for it to finish.
Once the firmware is done flashing you can verify either using the built in Serial terminal or using screen like we did earlier. It’s important to note the commands have changed so instead of using “J” to print version information you can now use “I”.
I know we didn’t dive into much with this tutorial but I hope it gave you a little insight into the JTAGulator as well as helped when updating the firmware. In future posts we will actually use the JTAGulator to identify JTAG pinouts as well as UART. If you have any questions feel free to reach out to me on Twitter where I’ll also be tweeting whenever new blog posts are available.