Well, this is exactly the thing we were talking about. If you are experienced with these AVRs and have a programmer lying around, what about building such a finder? Then try to get your hands at a nano with a broken display etc. to have a cheap nano to play around with and find out the pinout.
serpilliere schrieb: > http://www.hackaday.com/2007/09/29/automatic-jtag-pinout-detection/ > > it uses an avr (atmega RUlez) to automaticly detect jtag pin amount 30 > pin : > it seems to use some jtag behavior (from jtag normal automata) to detect > each jtag pin > > it has been presented at ph neutral 06 (http://hunz.org/jtag.pdf) > > > and erf, it seems to work! > My personnal experience with atmega is humm quite good so maybe such > system is feseable:) > > + > serpilliere > > > > MsTiFtS wrote: > >> Well, a PIC programmer for a serial port is nothing more than 4 or 5 >> resistors, some connectors and a power supply. At least for legacy >> serial ports. A programmer for AVRs is a little more complex, it >> requires an IC as far as I read. I never had an AVR, too, but I'm pretty >> used to fiddling around with PICs. >> >> mat h schrieb: >> >> >>> I tried to build a programmer for a pic i failed miserably and in the >>> process destroyed 3 pics at 9.95 each! Never again. Ill stick to the >>> software side thanks >>> >>> On 10/5/07, * MsTiFtS* <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> wrote: >>> >>> Come on, building programmers is a lot easier than building that JTAG >>> finder and these Mega32s aren't that expensive... >>> >>> mat h schrieb: >>> > If I had an ATMega32 and a prgrammer for it I would attempt building >>> > one but since I dont I wont. ;( >>> > >>> > On 10/5/07, *MsTiFtS* < [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> >>> <mailto:[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>>> wrote: >>> > >>> > Sorry, I have neither a dissected iPod nor an ATMega32 lying >>> > around here :( >>> > In the presentation they stated that they found the JTAG >>> ones out >>> > of 30 >>> > pads in a few hours using that finder. With 15 pins it will take >>> > 1/8 of >>> > the time. If can rule out a bunch of pads because they are >>> tightly >>> > connected to ground or VCC (not pullable through 330R >>> resistors), you >>> > can probably reduce the pad count to about 10 pads. That's >>> 1/27 of the >>> > time they needed for their 30 pins. So I think it's worth a >>> try, >>> > but as >>> > I said, I won't open my nano to do that. If I manage to get >>> one with a >>> > broken display/battery/etc. I'll do it. >>> > >>> > JD schrieb: >>> > > I read the paper long ago and I continue to think it's too >>> > difficult >>> > > but if you want to try... be my guest :) >>> > > >>> > > JD. >>> > > >>> > > On 05/10/2007, MsTiFtS <[EMAIL PROTECTED] >>> <mailto:[EMAIL PROTECTED]> <mailto:[EMAIL PROTECTED] >>> <mailto:[EMAIL PROTECTED]>>> >>> > wrote: >>> > > >>> > >> You only need to find the first 3 pins, if you have got these >>> > you'll see >>> > >> what the 4th is. >>> > >> And with level tests, you can simply rule out all these >>> VCC and >>> > GND pins >>> > >> and further reduce the number of pins you need to test. >>> > >> Have a closer look at the PDF presentation of the JTAG finder >>> > site, it's >>> > >> all described there. >>> > >> >>> > >> JD schrieb: >>> > >> >>> > >>> I take a look on that JTAG finder, it's a good tool to find >>> > out JTAG >>> > >>> pins when you know where the pins are (but you don't >>> know pin >>> > order). >>> > >>> The problem with level test is other chips may got the >>> same level >>> > >>> characteristcs than a JTAG signal. >>> > >>> And there a permutation of 4 pins in 15 pads is more around >>> > 30000 possibilities. >>> > >>> >>> > >>> JD. >>> > >>> >>> > >>> On 05/10/2007, MsTiFtS <[EMAIL PROTECTED] >>> <mailto:[EMAIL PROTECTED]> >>> > <mailto: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>>> wrote: >>> > >>> >>> > >>> >>> > >>>> Well, IF there are ONLY 15 pads (I could not make out >>> any on >>> > the scans, >>> > >>>> where the heck are they?), you can probably reduce them to >>> > about 10 with >>> > >>>> signal level tests, so there are only about 110 or 1000 >>> > possibilities to >>> > >>>> go, depending what scheme you use. That's done withing >>> a few >>> > seconds >>> > >>>> using that JTAG finder. Who has a dissected nano to try it >>> > out? ;) >>> > >>>> >>> > >>>> JD schrieb: >>> > >>>> >>> > >>>> >>> > >>>>> Of course there is a way to put binaries on the >>> devices but >>> > I don't >>> > >>>>> think we can find how without the original >>> documentation, mainly >>> > >>>>> because: >>> > >>>>> >>> > >>>>> 1. There is no proof that JTAG is used here. >>> > >>>>> Only the ARM got a JTAG interface on our board and the >>> main >>> > JTAG >>> > >>>>> feature is daisy chaining multiple chips on a single bus. >>> > Maybe the >>> > >>>>> in2g is initially programmed by an other protocol / bus, >>> > even by an >>> > >>>>> homemade simple serial bus. >>> > >>>>> But okay if I have to bet I choose JTAG. >>> > >>>>> >>> > >>>>> 2. The JTAG pins aren't clearly defined, that doesn't mean >>> > there are >>> > >>>>> no pins on our board but maybe the pins are one of the >>> many >>> > board pads >>> > >>>>> ( approximatly 15 pads and 4 JTAG pins -> impossible to >>> > guess even >>> > >>>>> with signal level tests (maybe I'm wrong but even if it's >>> > possible >>> > >>>>> this will take a very very long time)). >>> > >>>>> >>> > >>>>> I really think there is no hope about JTAG without proper >>> > schematics / >>> > >>>>> boards layout. >>> > >>>>> >>> > >>>>> JD. >>> > >>>>> >>> > >>>>> On 04/10/2007, MsTiFtS < [EMAIL PROTECTED] >>> <mailto:[EMAIL PROTECTED]> >>> > <mailto:[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>>> wrote: >>> > >>>>> >>> > >>>>> >>> > >>>>> >>> > >>>>>> I doubt there are JTAG pins anywhere accessible on the >>> > board. I am >>> > >>>>>> wondering how they loaded the initial code to these >>> > devices, but I can't >>> > >>>>>> see any way to do this except before the chips where >>> > soldered to the >>> > >>>>>> boards. There is simply nothing on this board you >>> cold make >>> > a quick >>> > >>>>>> connection to except the dock port, but I doubt that >>> JTAG >>> > is in there >>> > >>>>>> somewhere. That JTAG finder just helps to get the >>> pinout if >>> > you have a >>> > >>>>>> dozen touchpoints on the board. Whe have the exact >>> opposite >>> > problem: >>> > >>>>>> Nothing to hook up to. (Well, at least nothing I can >>> see on >>> > the various >>> > >>>>>> PCB scans, I didn't get my fingers on a dissected >>> iPod yet.) >>> > >>>>>> >>> > >>>>>> mat h schrieb: >>> > >>>>>> >>> > >>>>>> >>> > >>>>>> >>> > >>>>>>> http://www.c3a.de/wiki/index.php/JTAG_Finder >>> > <http://www.c3a.de/wiki/index.php/JTAG_Finder> ? >>> > >>>>>>> >>> > >>>>>>> On 9/28/07, *mat h* < [EMAIL PROTECTED] >>> <mailto:[EMAIL PROTECTED]> >>> > <mailto:[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> >>> <mailto:[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> >>> > <mailto: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>>>> wrote: >>> > >>>>>>> >>> > >>>>>>> just an idea what chip is the ram? Alot of chips >>> have >>> > debugging >>> > >>>>>>> pins on them ( JTAG etc) does the ram chip? >>> > >>>>>>> >>> > >>>>>>> >>> > >>>>>>> On 9/28/07, *Jeremy Prater* < >>> [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> >>> > <mailto:[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> >>> > >>>>>>> <mailto: [EMAIL PROTECTED] >>> <mailto:[EMAIL PROTECTED]> >>> > <mailto:[EMAIL PROTECTED] >>> <mailto:[EMAIL PROTECTED]>>>> wrote: >>> > >>>>>>> >>> > >>>>>>> Hmmm, im going to stop my hunt then, I searched >>> > 19% of the >>> > >>>>>>> keyspace, but it sounds like im wasting time >>> here. >>> > Has anyone >>> > >>>>>>> had any luck or ideas on how to dump the >>> 256mbit/ >>> > 8meg ram? >>> > >>>>>>> Ive got no ideas on even trying to get the >>> ram out >>> > of there. >>> > >>>>>>> Hehe except with a hammer... ok later im >>> going to >>> > keep at it. >>> > >>>>>>> -- Jeremy >>> > >>>>>>> >>> > >>>>>>> -----Original Message----- >>> > >>>>>>> From: Emmanuel Fleury [mailto: >>> [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> >>> > <mailto:[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> >>> > >>>>>>> <mailto: [EMAIL PROTECTED] >>> <mailto:[EMAIL PROTECTED]> <mailto:[EMAIL PROTECTED] >>> <mailto:[EMAIL PROTECTED]>>>] >>> > >>>>>>> Sent: Thursday, September 27, 2007 10:20 PM >>> > >>>>>>> To: Hardware and developpement mailing list. >>> > >>>>>>> Subject: Re: [Linux4nano-dev] Update to rc4 >>> key search >>> > >>>>>>> (optimized) >>> > >>>>>>> >>> > >>>>>>> mat h wrote: >>> > >>>>>>> > ok, just give me a bell if you need cpu power. >>> > >>>>>>> > >>> > >>>>>>> > Anyway what makes you so sure that the key >>> is RC4? >>> > >>>>>>> >>> > >>>>>>> It's not. We have some good clues against it. >>> > >>>>>>> >>> > >>>>>>> Comparing several consecutive encrypted >>> firmwares >>> > show us that >>> > >>>>>>> the same >>> > >>>>>>> key is used each time. >>> > >>>>>>> >>> > >>>>>>> In the case of an RC4 (or any stream cipher >>> > scheme), it would >>> > >>>>>>> mean that >>> > >>>>>>> we could have some statistical properties poping >>> > out when >>> > >>>>>>> XORing of two >>> > >>>>>>> encrypted firmwares (namely we should see >>> > something similar to >>> > >>>>>>> the >>> > >>>>>>> statistical property of an ARM binary... As >>> > Serpilliere did >>> > >>>>>>> mention it, >>> > >>>>>>> ARM binaries have very specific statistical >>> > properties (on the >>> > >>>>>>> 'command' >>> > >>>>>>> part)). >>> > >>>>>>> >>> > >>>>>>> We tried and nothing came out from this, which >>> > means that it's >>> > >>>>>>> very >>> > >>>>>>> likely a block cipher scheme (with a fixed key). >>> > >>>>>>> >>> > >>>>>>> Regards >>> > >>>>>>> -- >>> > >>>>>>> Emmanuel Fleury >>> > >>>>>>> >>> > >>>>>>> I do not fear computers. I fear the lack of >>> them. >>> > >>>>>>> -- Isaac Asimov >>> > >>>>>>> >>> > >>>>>>> >>> > >>>>>>> >>> > >>>>>>> >>> > >>>>>>> _______________________________________________ >>> > >>>>>>> Linux4nano-dev mailing list >>> > >>>>>>> [email protected] >>> <mailto:[email protected]> >>> > <mailto:[email protected] >>> <mailto:[email protected]>> <mailto:[email protected] >>> <mailto:[email protected]> >>> > <mailto:[email protected] <mailto:[email protected]>>> >>> > >>>>>>> https://mail.gna.org/listinfo/linux4nano-dev >>> <https://mail.gna.org/listinfo/linux4nano-dev> >>> > >>>>>>> http://www.linux4nano.org >>> > >>>>>>> >>> > >>>>>>> >>> > >>>>>>> >>> > >>>>>>> >>> > >>>>>>> -- >>> > >>>>>>> We explore... and you call us criminals. >>> > >>>>>>> We seek after knowledge... and you call us >>> criminals. >>> > >>>>>>> We exist without skin color, without >>> nationality, without >>> > >>>>>>> religious bias... and you call us criminals. >>> > >>>>>>> You build atomic bombs, you wage wars, you murder, >>> > cheat, and lie >>> > >>>>>>> to us and try to make us believe it's for our >>> own good... >>> > >>>>>>> ....yet we're the criminals. >>> > >>>>>>> >>> > >>>>>>> ____________WAUSHARE ROX ______________ >>> > >>>>>>> Join the dark side we've got cheese >>> > >>>>>>> Annoying people since 1992 >>> > >>>>>>> If you hate me, I love you too. It ain't my >>> fault I'm >>> > better than you >>> > >>>>>>> Save Water, Drink Beer >>> > >>>>>>> God Made Women First, Then He Had A Better Idea. >>> > >>>>>>> If Barbie is soo popular...how come you have to buy >>> > her friends? >>> > >>>>>>> Don't play stupid with me... I'm better at it! >>> > >>>>>>> You were so cute when you were a baby...What >>> happened? >>> > >>>>>>> My folks were always asking me to wear underpants. >>> > What am I, the >>> > >>>>>>> pope? >>> > >>>>>>> I'm calling the police!... Right after I flush >>> some tings. >>> > >>>>>>> Join the army, see the world, meet interesting >>> people, >>> > and kill them. >>> > >>>>>>> >>> > >>>>>>> >>> > >>>>>>> >>> > >>>>>>> >>> > >>>>>>> -- >>> > >>>>>>> We explore... and you call us criminals. >>> > >>>>>>> We seek after knowledge... and you call us criminals. >>> > >>>>>>> We exist without skin color, without nationality, >>> without >>> > religious >>> > >>>>>>> bias... and you call us criminals. >>> > >>>>>>> You build atomic bombs, you wage wars, you murder, >>> cheat, >>> > and lie to >>> > >>>>>>> us and try to make us believe it's for our own good... >>> > >>>>>>> ....yet we're the criminals. >>> > >>>>>>> >>> > >>>>>>> ____________WAUSHARE ROX ______________ >>> > >>>>>>> Join the dark side we've got cheese >>> > >>>>>>> Annoying people since 1992 >>> > >>>>>>> If you hate me, I love you too. It ain't my fault I'm >>> > better than you >>> > >>>>>>> Save Water, Drink Beer >>> > >>>>>>> God Made Women First, Then He Had A Better Idea. >>> > >>>>>>> If Barbie is soo popular...how come you have to buy her >>> > friends? >>> > >>>>>>> Don't play stupid with me... I'm better at it! >>> > >>>>>>> You were so cute when you were a baby...What happened? >>> > >>>>>>> My folks were always asking me to wear underpants. >>> What am >>> > I, the pope? >>> > >>>>>>> I'm calling the police!... Right after I flush some >>> tings. >>> > >>>>>>> Join the army, see the world, meet interesting >>> people, and >>> > kill them. >>> > >>>>>>> >>> > >>> ------------------------------------------------------------------------ >>> > >>>>>>> >>> > >>>>>>> _______________________________________________ >>> > >>>>>>> Linux4nano-dev mailing list >>> > >>>>>>> [email protected] >>> <mailto:[email protected]> <mailto: [email protected] >>> <mailto:[email protected]>> >>> > >>>>>>> https://mail.gna.org/listinfo/linux4nano-dev >>> > >>>>>>> http://www.linux4nano.org >>> > >>>>>>> >>> > >>>>>>> >>> > >>>>>>> >>> > >>>>>> _______________________________________________ >>> > >>>>>> Linux4nano-dev mailing list >>> > >>>>>> [email protected] >>> <mailto:[email protected]> <mailto: [email protected] >>> <mailto:[email protected]>> >>> > >>>>>> https://mail.gna.org/listinfo/linux4nano-dev >>> > >>>>>> http://www.linux4nano.org <http://www.linux4nano.org> >>> > >>>>>> >>> > >>>>>> >>> > >>>>>> >>> > >>>>>> >>> > >>>>> _______________________________________________ >>> > >>>>> Linux4nano-dev mailing list >>> > >>>>> [email protected] <mailto:[email protected]> >>> <mailto:[email protected] <mailto:[email protected]>> >>> > >>>>> https://mail.gna.org/listinfo/linux4nano-dev >>> > >>>>> http://www.linux4nano.org >>> > >>>>> >>> > >>>>> >>> > >>>>> >>> > >>>>> >>> > >>>> _______________________________________________ >>> > >>>> Linux4nano-dev mailing list >>> > >>>> [email protected] <mailto:[email protected]> >>> <mailto:[email protected] <mailto:[email protected]>> >>> > >>>> https://mail.gna.org/listinfo/linux4nano-dev >>> > <https://mail.gna.org/listinfo/linux4nano-dev> >>> > >>>> http://www.linux4nano.org >>> > >>>> >>> > >>>> >>> > >>>> >>> > >>> _______________________________________________ >>> > >>> Linux4nano-dev mailing list >>> > >>> [email protected] <mailto:[email protected]> >>> <mailto:[email protected] <mailto:[email protected]>> >>> > >>> https://mail.gna.org/listinfo/linux4nano-dev >>> <https://mail.gna.org/listinfo/linux4nano-dev> >>> > >>> http://www.linux4nano.org >>> > >>> >>> > >>> >>> > >>> >>> > >> _______________________________________________ >>> > >> Linux4nano-dev mailing list >>> > >> [email protected] <mailto:[email protected]> >>> <mailto:[email protected] <mailto:[email protected]>> >>> > >> https://mail.gna.org/listinfo/linux4nano-dev >>> > >> http://www.linux4nano.org >>> > >> >>> > >> >>> > > >>> > > _______________________________________________ >>> > > Linux4nano-dev mailing list >>> > > [email protected] <mailto:[email protected]> >>> <mailto:[email protected] <mailto:[email protected]>> >>> > > https://mail.gna.org/listinfo/linux4nano-dev >>> > > http://www.linux4nano.org >>> > > >>> > > >>> > >>> > >>> > _______________________________________________ >>> > Linux4nano-dev mailing list >>> > [email protected] <mailto:[email protected]> >>> <mailto:[email protected] <mailto:[email protected]>> >>> > https://mail.gna.org/listinfo/linux4nano-dev >>> <https://mail.gna.org/listinfo/linux4nano-dev> >>> > http://www.linux4nano.org <http://www.linux4nano.org> >>> > >>> > >>> > >>> > >>> > -- >>> > We explore... and you call us criminals. >>> > We seek after knowledge... and you call us criminals. >>> > We exist without skin color, without nationality, without religious >>> > bias... and you call us criminals. >>> > You build atomic bombs, you wage wars, you murder, cheat, and >>> lie to >>> > us and try to make us believe it's for our own good... >>> > ....yet we're the criminals. >>> > >>> > ____________WAUSHARE ROX ______________ >>> > Join the dark side we've got cheese >>> > Annoying people since 1992 >>> > If you hate me, I love you too. It ain't my fault I'm better >>> than you >>> > Save Water, Drink Beer >>> > God Made Women First, Then He Had A Better Idea. >>> > If Barbie is soo popular...how come you have to buy her friends? >>> > Don't play stupid with me... I'm better at it! >>> > You were so cute when you were a baby...What happened? >>> > My folks were always asking me to wear underpants. What am I, >>> the pope? >>> > I'm calling the police!... Right after I flush some tings. >>> > Join the army, see the world, meet interesting people, and kill >>> them. >>> > >>> ------------------------------------------------------------------------ >>> > >>> > _______________________________________________ >>> > Linux4nano-dev mailing list >>> > [email protected] <mailto:[email protected]> >>> > https://mail.gna.org/listinfo/linux4nano-dev >>> > http://www.linux4nano.org >>> >>> >>> _______________________________________________ >>> Linux4nano-dev mailing list >>> [email protected] <mailto:[email protected]> >>> https://mail.gna.org/listinfo/linux4nano-dev >>> http://www.linux4nano.org >>> >>> >>> >>> >>> -- >>> We explore... and you call us criminals. >>> We seek after knowledge... and you call us criminals. >>> We exist without skin color, without nationality, without religious >>> bias... and you call us criminals. >>> You build atomic bombs, you wage wars, you murder, cheat, and lie to >>> us and try to make us believe it's for our own good... >>> ....yet we're the criminals. >>> >>> ____________WAUSHARE ROX ______________ >>> Join the dark side we've got cheese >>> Annoying people since 1992 >>> If you hate me, I love you too. It ain't my fault I'm better than you >>> Save Water, Drink Beer >>> God Made Women First, Then He Had A Better Idea. >>> If Barbie is soo popular...how come you have to buy her friends? >>> Don't play stupid with me... I'm better at it! >>> You were so cute when you were a baby...What happened? >>> My folks were always asking me to wear underpants. What am I, the pope? >>> I'm calling the police!... Right after I flush some tings. >>> Join the army, see the world, meet interesting people, and kill them. >>> ------------------------------------------------------------------------ >>> >>> _______________________________________________ >>> Linux4nano-dev mailing list >>> [email protected] >>> https://mail.gna.org/listinfo/linux4nano-dev >>> http://www.linux4nano.org >>> >>> >> _______________________________________________ >> Linux4nano-dev mailing list >> [email protected] >> https://mail.gna.org/listinfo/linux4nano-dev >> http://www.linux4nano.org >> >> >> > > > _______________________________________________ > Linux4nano-dev mailing list > [email protected] > https://mail.gna.org/listinfo/linux4nano-dev > http://www.linux4nano.org > > _______________________________________________ Linux4nano-dev mailing list [email protected] https://mail.gna.org/listinfo/linux4nano-dev http://www.linux4nano.org
