I read the paper long ago and I continue to think it's too difficult but if you want to try... be my guest :)
JD. On 05/10/2007, MsTiFtS <[EMAIL PROTECTED]> wrote: > You only need to find the first 3 pins, if you have got these you'll see > what the 4th is. > And with level tests, you can simply rule out all these VCC and GND pins > and further reduce the number of pins you need to test. > Have a closer look at the PDF presentation of the JTAG finder site, it's > all described there. > > JD schrieb: > > I take a look on that JTAG finder, it's a good tool to find out JTAG > > pins when you know where the pins are (but you don't know pin order). > > The problem with level test is other chips may got the same level > > characteristcs than a JTAG signal. > > And there a permutation of 4 pins in 15 pads is more around 30000 > > possibilities. > > > > JD. > > > > On 05/10/2007, MsTiFtS <[EMAIL PROTECTED]> wrote: > > > >> Well, IF there are ONLY 15 pads (I could not make out any on the scans, > >> where the heck are they?), you can probably reduce them to about 10 with > >> signal level tests, so there are only about 110 or 1000 possibilities to > >> go, depending what scheme you use. That's done withing a few seconds > >> using that JTAG finder. Who has a dissected nano to try it out? ;) > >> > >> JD schrieb: > >> > >>> Of course there is a way to put binaries on the devices but I don't > >>> think we can find how without the original documentation, mainly > >>> because: > >>> > >>> 1. There is no proof that JTAG is used here. > >>> Only the ARM got a JTAG interface on our board and the main JTAG > >>> feature is daisy chaining multiple chips on a single bus. Maybe the > >>> in2g is initially programmed by an other protocol / bus, even by an > >>> homemade simple serial bus. > >>> But okay if I have to bet I choose JTAG. > >>> > >>> 2. The JTAG pins aren't clearly defined, that doesn't mean there are > >>> no pins on our board but maybe the pins are one of the many board pads > >>> ( approximatly 15 pads and 4 JTAG pins -> impossible to guess even > >>> with signal level tests (maybe I'm wrong but even if it's possible > >>> this will take a very very long time)). > >>> > >>> I really think there is no hope about JTAG without proper schematics / > >>> boards layout. > >>> > >>> JD. > >>> > >>> On 04/10/2007, MsTiFtS <[EMAIL PROTECTED]> wrote: > >>> > >>> > >>>> I doubt there are JTAG pins anywhere accessible on the board. I am > >>>> wondering how they loaded the initial code to these devices, but I can't > >>>> see any way to do this except before the chips where soldered to the > >>>> boards. There is simply nothing on this board you cold make a quick > >>>> connection to except the dock port, but I doubt that JTAG is in there > >>>> somewhere. That JTAG finder just helps to get the pinout if you have a > >>>> dozen touchpoints on the board. Whe have the exact opposite problem: > >>>> Nothing to hook up to. (Well, at least nothing I can see on the various > >>>> PCB scans, I didn't get my fingers on a dissected iPod yet.) > >>>> > >>>> mat h schrieb: > >>>> > >>>> > >>>>> http://www.c3a.de/wiki/index.php/JTAG_Finder ? > >>>>> > >>>>> On 9/28/07, *mat h* < [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> > >>>>> wrote: > >>>>> > >>>>> just an idea what chip is the ram? Alot of chips have debugging > >>>>> pins on them ( JTAG etc) does the ram chip? > >>>>> > >>>>> > >>>>> On 9/28/07, *Jeremy Prater* < [EMAIL PROTECTED] > >>>>> <mailto:[EMAIL PROTECTED]>> wrote: > >>>>> > >>>>> Hmmm, im going to stop my hunt then, I searched 19% of the > >>>>> keyspace, but it sounds like im wasting time here. Has anyone > >>>>> had any luck or ideas on how to dump the 256mbit/ 8meg ram? > >>>>> Ive got no ideas on even trying to get the ram out of there. > >>>>> Hehe except with a hammer... ok later im going to keep at it. > >>>>> -- Jeremy > >>>>> > >>>>> -----Original Message----- > >>>>> From: Emmanuel Fleury [mailto:[EMAIL PROTECTED] > >>>>> <mailto:[EMAIL PROTECTED]>] > >>>>> Sent: Thursday, September 27, 2007 10:20 PM > >>>>> To: Hardware and developpement mailing list. > >>>>> Subject: Re: [Linux4nano-dev] Update to rc4 key search > >>>>> (optimized) > >>>>> > >>>>> mat h wrote: > >>>>> > ok, just give me a bell if you need cpu power. > >>>>> > > >>>>> > Anyway what makes you so sure that the key is RC4? > >>>>> > >>>>> It's not. We have some good clues against it. > >>>>> > >>>>> Comparing several consecutive encrypted firmwares show us that > >>>>> the same > >>>>> key is used each time. > >>>>> > >>>>> In the case of an RC4 (or any stream cipher scheme), it would > >>>>> mean that > >>>>> we could have some statistical properties poping out when > >>>>> XORing of two > >>>>> encrypted firmwares (namely we should see something similar to > >>>>> the > >>>>> statistical property of an ARM binary... As Serpilliere did > >>>>> mention it, > >>>>> ARM binaries have very specific statistical properties (on the > >>>>> 'command' > >>>>> part)). > >>>>> > >>>>> We tried and nothing came out from this, which means that it's > >>>>> very > >>>>> likely a block cipher scheme (with a fixed key). > >>>>> > >>>>> Regards > >>>>> -- > >>>>> Emmanuel Fleury > >>>>> > >>>>> I do not fear computers. I fear the lack of them. > >>>>> -- Isaac Asimov > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> _______________________________________________ > >>>>> Linux4nano-dev mailing list > >>>>> [email protected] <mailto:[email protected]> > >>>>> https://mail.gna.org/listinfo/linux4nano-dev > >>>>> http://www.linux4nano.org > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> -- > >>>>> We explore... and you call us criminals. > >>>>> We seek after knowledge... and you call us criminals. > >>>>> We exist without skin color, without nationality, without > >>>>> religious bias... and you call us criminals. > >>>>> You build atomic bombs, you wage wars, you murder, cheat, and lie > >>>>> to us and try to make us believe it's for our own good... > >>>>> ....yet we're the criminals. > >>>>> > >>>>> ____________WAUSHARE ROX ______________ > >>>>> Join the dark side we've got cheese > >>>>> Annoying people since 1992 > >>>>> If you hate me, I love you too. It ain't my fault I'm better than > >>>>> you > >>>>> Save Water, Drink Beer > >>>>> God Made Women First, Then He Had A Better Idea. > >>>>> If Barbie is soo popular...how come you have to buy her friends? > >>>>> Don't play stupid with me... I'm better at it! > >>>>> You were so cute when you were a baby...What happened? > >>>>> My folks were always asking me to wear underpants. What am I, the > >>>>> pope? > >>>>> I'm calling the police!... Right after I flush some tings. > >>>>> Join the army, see the world, meet interesting people, and kill > >>>>> them. > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> -- > >>>>> We explore... and you call us criminals. > >>>>> We seek after knowledge... and you call us criminals. > >>>>> We exist without skin color, without nationality, without religious > >>>>> bias... and you call us criminals. > >>>>> You build atomic bombs, you wage wars, you murder, cheat, and lie to > >>>>> us and try to make us believe it's for our own good... > >>>>> ....yet we're the criminals. > >>>>> > >>>>> ____________WAUSHARE ROX ______________ > >>>>> Join the dark side we've got cheese > >>>>> Annoying people since 1992 > >>>>> If you hate me, I love you too. It ain't my fault I'm better than you > >>>>> Save Water, Drink Beer > >>>>> God Made Women First, Then He Had A Better Idea. > >>>>> If Barbie is soo popular...how come you have to buy her friends? > >>>>> Don't play stupid with me... I'm better at it! > >>>>> You were so cute when you were a baby...What happened? > >>>>> My folks were always asking me to wear underpants. What am I, the pope? > >>>>> I'm calling the police!... Right after I flush some tings. > >>>>> Join the army, see the world, meet interesting people, and kill them. > >>>>> ------------------------------------------------------------------------ > >>>>> > >>>>> _______________________________________________ > >>>>> Linux4nano-dev mailing list > >>>>> [email protected] > >>>>> https://mail.gna.org/listinfo/linux4nano-dev > >>>>> http://www.linux4nano.org > >>>>> > >>>>> > >>>> _______________________________________________ > >>>> Linux4nano-dev mailing list > >>>> [email protected] > >>>> https://mail.gna.org/listinfo/linux4nano-dev > >>>> http://www.linux4nano.org > >>>> > >>>> > >>>> > >>> _______________________________________________ > >>> Linux4nano-dev mailing list > >>> [email protected] > >>> https://mail.gna.org/listinfo/linux4nano-dev > >>> http://www.linux4nano.org > >>> > >>> > >>> > >> _______________________________________________ > >> Linux4nano-dev mailing list > >> [email protected] > >> https://mail.gna.org/listinfo/linux4nano-dev > >> http://www.linux4nano.org > >> > >> > > > > _______________________________________________ > > Linux4nano-dev mailing list > > [email protected] > > https://mail.gna.org/listinfo/linux4nano-dev > > http://www.linux4nano.org > > > > > > > _______________________________________________ > Linux4nano-dev mailing list > [email protected] > https://mail.gna.org/listinfo/linux4nano-dev > http://www.linux4nano.org > _______________________________________________ Linux4nano-dev mailing list [email protected] https://mail.gna.org/listinfo/linux4nano-dev http://www.linux4nano.org
