Learning kit:


When you are pentesting IoT devices, you want to hack them, and not spend tons of time figuring out which pin/pad on the device is for what purpose.

Guess what - JTAGulator allows you to do exactly that. It can help you identify which are the UART and which are the JTAG pins on the device, as well as the individual pin functionalities, thus speeding up your pentest, and enabling you to exploit that device.

In the current day IoT devices where manufacturers and developers are getting smarter, they will use techniques such as scattering the pins/pads across the PCB. You’re in luck, if you have JTAGulator. You can connect all those various pins to the JTAGulator channels and get ready to JTAGulate!

JTAGulator is one of our favorite devices when it comes to Embedded Device Hacking. On-chip debug (OCD) interfaces can provide chip-level control of a target device and are a primary vector used by engineers, researchers, and hackers to extract program code or data, modify memory contents, or affect device operation on-the-fly.

Depending on the complexity of the target device, manually locating available OCD connections can be a difficult and time consuming task, sometimes requiring physical destruction or modification of the device.

Designed by Grand Idea Studio, JTAGulator is an open source hardware tool that assists in identifying OCD connections from test points, vias, or component pads on a target device.

If you are completely new to JTAG: 

  • Get our JTAG Exploitation learning kit with step-by-step manual to learn basics of JTAG and how to perform JTAG Exploitation (comes with videos, target board and FTDI devices)  - Select the option above that says JTAGulator with JTAG Exploitation Learning kit
  • You will learn:
    • Intro to JTAG from a security perspective 
    • Identifying JTAG pinouts 
    • Configuring OpenOCD to work with JTAG 
    • Debugging target device over JTAG 
    • Runtime manipulation of ARM code on the target device 
    • Bypassing authentication of a vulnerable application 

Key Features:

  • 24 I/O channels with input protection circuitry
  • Adjustable target voltage: 1.2 V to 3.3 V
  • Supported target interfaces (as of firmware v1.1): JTAG/IEEE 1149.1, UART/asynchronous serial
  • USB interface for direct connection to host computer (PC, Macintosh, or *nix)

Application Ideas:

  • Discover on-chip debug interfaces
  • Simple logic analyzer
  • Propeller development board

Note: Proper use of this tool requires basic electronics knowledge. To avoid damage to the JTAGulator or target circuitry, please take care to ensure the proper target voltage level is set. Some on-chip debug interfaces may not be detectable if password protection or other security mechanisms are implemented.