02:18.04 | *** join/#openjtag swinchen (n=swinchen@strongbad.eece.maine.edu) |
04:48.35 | *** join/#openjtag ka6sox (n=ka6sox@nslu2-linux/ka6sox) |
07:14.50 | *** join/#openjtag rd_ (n=redragon@segfault.net) |
07:15.07 | *** join/#openjtag rd_ (n=redragon@vnsecurity.net) |
07:27.52 | *** join/#openjtag aproemel (n=aproemel@p508ABE71.dip0.t-ipconnect.de) |
07:58.30 | *** join/#openjtag nm (n=hongtd@58.187.130.214) |
12:19.16 | *** join/#openjtag Trou (i=trou@valhalla.syscall.eu) |
12:19.27 | Trou | hello people |
12:19.56 | Trou | i was surveying available jtag hardware for reverse engineering and wondered if you could help me |
12:20.07 | Trou | i already built a wiggler clone which functions well |
12:20.11 | Trou | but it's awfully slwo |
12:20.27 | Trou | so I have checked some commercial offerings like usb2demon |
12:20.40 | Trou | which look faster but are not compatible with opensource tools and not documented |
12:21.07 | Trou | so I wondered if anyone had experiences with commercial jtags and could tell me if they are worth anything |
12:21.24 | Trou | or if i'd better go and get used to waiting with my wiggler cable |
12:21.35 | Trou | the main objective if flash reading / writing |
12:21.49 | Trou | like with hairydairymaid's utility |
12:22.29 | Trou | or if anyone understands FASTDATA in the EJTAG spec, i'd be glad to have a meaningul explanation ;) |
12:24.17 | drath | I'm mostly concerned with ARM based targets, and know little about MIPS |
12:25.24 | drath | The FT2232 from FTDI can be used as a JTAG interface - see openocd.berlios.de for an open source project using it for ARM debugging |
12:25.38 | drath | Which software are you using with the Wiggler? |
12:25.58 | Trou | hairydairymaid's |
12:26.26 | Trou | mainly used by openwrt users to debrick their linksys/MIPS based routers |
12:26.46 | Trou | i think i saw some things based on the FT2232 but I don't think they support MIPS |
12:27.09 | drath | no, they don't at the moment, but it's fully documented |
12:27.15 | Trou | at least openocd does not |
12:27.18 | Trou | hmm |
12:28.23 | drath | The major problem isn't going to be the JTAG hardware - the JTAG protocol is rather simple |
12:28.39 | drath | But the software site is difficult, i.e. what to send over JTAG to talk to your target |
12:29.01 | drath | s/site/side/ |
12:29.11 | Trou | yes |
12:29.16 | Trou | but atm this part is OK |
12:29.38 | drath | yeah - and I think you might be able to extend whatever JTAG tool you're currently using to make use of the FT2232 |
12:30.51 | Trou | the debrick utility uses processor access to access the flash to send the data to the JTAG |
12:30.51 | Trou | yeah OK |
12:30.51 | Trou | what's the speed difference between a wiggler and a JT2232 based cable ? |
12:30.51 | Trou | because atm it take 24h to dump the 16MB of flash of the router i'm working on :x |
12:30.51 | drath | the FT2232 can do up to 6mhz in theory, during ARM debug I get ~1.5mhz effective |
12:30.53 | drath | a wiggler does ~200kHz |
12:31.19 | drath | but it really depends on the target requirements, and i don't know mips enough |
12:31.30 | drath | do you have a link to 14:26 < Trou> hairydairymaid's |
12:31.51 | Trou | http://downloads.openwrt.org/utils/HairyDairyMaid_WRT54G_Debrick_Utility_v48.zip |
12:32.01 | Trou | it implements the EJTAG protocol |
12:34.03 | drath | hum, ok, guess it would require a major rewrite |
12:34.36 | drath | when using a parallelport, you just toggle the port pins when you want to |
12:34.45 | drath | but when using the USB, you have to queue larger command sequences |
12:34.59 | drath | to achieve reasonable throughput |
12:35.18 | Trou | hmm ok |
12:35.32 | Trou | maybe modifying openocd would be easier ? |
12:37.14 | Trou | looks like it probably would |
12:38.32 | drath | well, being the OpenOCD's author of course I'd like to see someone extend it to another architecture - but the OpenOCD aims to be a complete debugger, and probably requires you to implement a lot of stuff which you wouldn't need to just read/write flash |
12:38.59 | Trou | indeed |
12:39.06 | Trou | a full debugger wouldn't be bad |
12:39.20 | Trou | but I surely won't have the time to do this |
12:39.53 | Trou | my employer wouldn't like to see me working full time on this I bet :( |
12:39.56 | drath | ok, you could replace ReadWriteData from hairdydairymaid's with something using FT2232 quite easily |
12:40.21 | drath | but i'm not sure if that's enough to achieve a performance gain over a wiggler |
12:40.56 | drath | every USB read-write is going to take 2-10ms, so you could only do 100-500 32-bit accesses |
12:41.39 | drath | on the wiggler, scanning 32 bit should roughly take 100us |
12:42.06 | Trou | the difference is not really worth it |
12:42.19 | drath | no, it's actually 20x worse than a wiggler |
12:42.40 | Trou | I should probably implement the FASTDATA mechanism |
12:42.45 | Trou | ah yeah I read 100ms |
12:44.14 | Trou | thanks a lot for the info :) |
12:44.37 | drath | you're welcome |
13:38.57 | *** join/#openjtag prpplague (n=dave@mail.americanmicrosystems.com) |
14:10.45 | *** join/#openjtag gerdi__ (n=gerdi@dslb-084-059-130-239.pools.arcor-ip.net) |
22:29.51 | *** join/#openjtag drath_ (i=vmaster@p5B07D91B.dip.t-dialin.net) |
22:46.24 | *** join/#openjtag dwery (n=dwery@nslu2-linux/dwery) |
23:54.01 | flyback | http://www.youtube.com/watch?v=M7w5OUXwTZs <--- HOLY MOTHER OF CANUCK |
23:56.41 | flyback | j4k3 http://www.youtube.com/watch?v=M7w5OUXwTZs <--- YOU GO TO HELL AND YOU DIE |
23:57.07 | flyback | opps wrong /msg sorry |