What do you need to interface with JTAG?

[WaveyDipole]

I am interested in accessing equipent via JTAG etc. I have done some research and have found that a hardware interface like BusPirate and software library called OpenOCD would be the tools to use on a low budget.

For example:
http://blog.senr.io/blog/jtag-explained
http://www.fpga4fun.com/JTAG1.html

So, looking on eBay is an interface like this suitable:

http://www.ebay.co.uk/itm/BUS-Pirate-V3-6-clone-cable-with-probes-interface-analyzer-programmer/301988202855?ssPageName=STRK%3AMEBIDX%3AIT&_trksid=p2060353.m1438.l2649

or is it better to get something in a nicely package like this:

http://www.ebay.co.uk/itm/Bus-Pirate-v4-Universal-Interface-1-Wire-I2C-SPI-UART-etc-BPv4-Gadget/121432974048?ssPageName=STRK%3AMEBIDX%3AIT&_trksid=p2060353.m1438.l2649

Some listings for Buspirate I have seen for v4 interfaces state that they are still experimental. Is it better to stick with v3.6?
Is there any other interface I should consider on a low budget?

The cables and clips would be useful where there are pind on the PCB, but how does one access the port if there are only pads? Is there some kind of adapter or is it just a case of soldering wires to the pads?

Also if I want to take a firmware hex dump, is there an open source hex code editor/viewer that is recommended?

I understand that OpenOCD is the library to use to access various chips and devices but it runs on Linux. Is this the de-facto library to use, or is there anything else that one might consider? Is there a Windows port of this library?

[rstofer]

I don't think I would pay that much for a JTAG adapter although the second one isn't bad.
Read:
http://openocd.org/doc/html/Debug-Adapter-Hardware.html

Pay attention to the FTDI 2232H - it is the latest iteration but may require adaptive clocking per the link above.  There are MANY JTAG devices using this chip.

Eclipse is the answer!  Eclipse, as an IDE, runs on everything.  There are variants with the CDT plugin for C, C++ programmers and there is a plug-in for GNU Fortran.  In any event, it's pretty easy to add the OpenOCD plug-in and the GNU Toolchain (device specific).  You may want the x86 toolchain and perhaps an ARM or AVR toolchain.  You will get a version of GDB (the debugger) with each toolchain.  All of this runs on Windows or Linux.  The thing about Linux is that using the terminal windows tends to be easier than using CMD on Windows.

Once you use the OpenOCD dump command to read the device and write a file, here are a number of tools to display the file.  You really need to set up a c:\tools subdirectory for this kind of stuff and make sure it is in the PATH.  Otherwise it gets to be a PITA.

There's a reason that a lot of development work is done on Linux.  Mostly it has to do with a better command line experience.

JTAG is simply a method of communicating over a few pins.  The end device decides what commands it will execute and OpenOCD is the next layer up deciding which commands are used for which device.  The next layer up is GDB that provides a graphical way to debug programs by sending well known commands to OpenOCD.  But not every chip that supports JTAG has the same capability.  For example, you won't be able to read flash memory on some ARM devices where the code has been protected.

[chickenHeadKnob]

If you want to learn how to hack into unknown hardware using a JTAG interface that you suspect might be present on the board then I would direct you the Joe Grand's website for background viewing:
http://www.grandideastudio.com/jtagulator/

He built a somewhat expensive open source tool he calls a jtagulator:


If you just want to develop on a specific target use the tool chain recommended by the chip manufacturer to simplify your life.

[julian1]

Bus Pirate 3.6 is preferred. The firmware for v4 was never complete or widely adopted.

However the Bus Pirate is much better for SPI (and uart) and experimenting / protocol discovery of ICs that use SPI (eg ADCs and DACs) rather than JTAG (mcus and fpgas). Somewhere on the BusPirate website they allude to this, and suggest the jtag support/implementation is pretty basic.

OpenOCD software supports a bunch of different programmers. Work out what specific device you want to flash/debug/program and check what the vendor recommends for that device, and then check for tutorials and compatibility with OpenOCD. I've used OpenOCD with STM32 micros using SWD (similar to JTAG) with a $10 st-link/2 which is the preferred device for these arm mcus. The simplicity of basic cli tools that can be easily scripted is a big-win imho. linux helps too, in this respect and the fact that the tooling is much easier to install using apt-get. 

[WaveyDipole]

An eBay search on st-link returned a number of these:
http://www.ebay.co.uk/itm/ST-Link-V2-programmer-Debugger-STM8-STM32-STLink-with-DuPont-cables-UK-Seller-/132262022484?hash=item1ecb6e4d54:g:OxAAAOSwAuZX58Yb

But this talks about SWIM/SWD and Goggle returns nothing sensible when I search on these terms. Is this one only for STM hardware?

While searching I also came across these:

Altera:
http://www.ebay.co.uk/itm/altera-Mini-Usb-Blaster-Cable-For-CPLD-FPGA-NIOS-JTAG-Altera-Programmer-UK-/201715119952?hash=item2ef7287750:g:m~wAAOSwB09YJRjG

FlashCat:
http://www.ebay.co.uk/itm/FlashcatUSB-SPI-I2C-JTAG-CFI-Flash-Memory-Programmer-Flashcat-USB-Blackcat-/192037930661?hash=item2cb65a46a5:g:VPEAAOSwepJXZ75k

Ok, I know I didn't mention it earlier, but neither seem to support UART, which I think would be useful, so I'm not sure whether this is the way to go? I thought that FT2232 was the de facto USB to UART chip, but I see a lot of cheap CP2102 based adapters. Are these OK for interfacing with UART?

Finally I also came across this for just slightly more than one of the adapters mentioned in my first post:
Altera Development Board:

http://www.ebay.co.uk/itm/Altera-Cyclone-IV-C4E6-FPGA-development-board-USB-Blaster-JTAG-programmer-/182670400832?hash=item2a88011d40:g:SCcAAOSwnKFYRmgB

I am curious about that board and would be interested to do a little FPGA experimentation. Are they a useful experimentation tool or just a gimmick?

The JTagulator looks like an interesting board (thanks for the link to the video BTW), but seems rather expensive for what it is and unfortunately rather beyond my budget at the moment.

[bson]

You need only a very simple, basic JTAG dongle that's supported by OpenOCD to flash.  OpenOCD has a command line interface for most operations.

For development on embedded systems, especially non-Linux/Win ones, you want a unit that supports simultaneous reset and halt.  Otherwise if they can only be performed one at a time the CPU will be reset, which resets the hardware breakpoints, and come up running until the debugger can halt it and reinstall the breakpoints. As a result you won't be able to breakpoint on early startup code.  I use the Flyswatter 2 for development.  You'd also want one with a logic level (3.3V/5V switchable) serial port.  And, because of how flashing becomes part of the development cycle you want it to be snappy about it.  For development, OpenOCD has a GDB server and I usually run it on an Intel NUC running Linux that sits bolted to the underside of my bench, while I do work on either a desktop or laptop.  I'll grab the serial port using http://www.conserver.com/ running on the little Linux server - it can do everything you ever wanted for serial port systems management.  (If I use Win10 I'll just putty ssh in and run it there.)

[rstofer]

But sooner or later, you begin to see a pattern.  If you do development work, you better get good at Linux because it is just a whole lot easier.  That said, I use Win 10 for just about everything but when I get down to dealing with ARM bareboards, I start Linux.  Probably with Eclipse as the IDE although I often just use gedit and the command line.  Makefiles are the answer!

There are also some very nice platforms for Windows including Rowley Crossworks and their CrossConnect JTAG gadget just plain works.  The platform runs on both Linux and Windows although I have only used it on Win 7.

But these points are exactly on topic for the OPs questions.

[chickenHeadKnob]

It would be better if the original poster stated what his end goal is with greater specificity so we can home in on what he needs. I suspect he is harboring the assumption that one form of jtag is universal and one dongle can be applied to all cases. This is only a partial truth. The lowest layer of jtag is pretty much the same but the internal state machines built on top of jtag vary from chip to chip. Which means  you will want the adapter which has all the state machine kinks worked out by the manufacturer, and that is mostly software. SWD is a pincount/wire reduction of jtag that is specific to cortex arm processors but even here there are state machine specifics to each brand. For example I don't think a stlink-2 adapter can work on an lpc micro directly without fussing (could be wrong here). A close to universal solution would be a segger j-link or OCD with a ftdi2232h based adapter. These have the details worked out for many chips but I would still reach for the vendor specific adapter first. Ie, use an stlink2 for stm32 chips, pickit3 for pic32 ect.

Note the FTDI2232 is more capable than run of the mill usb2 to serial adapters, the general taxonomy:
for basic usb2 -> serial, ft232r ,cp2102 and others
for usb2 -> parallel fifo: ft245
the original altera bus byte blaster: usb2 -> ft245 + altera cpld then out to -> target fpga
some clone bus byte blasters: usb2 -> cypress usb express chip, or now a-days usb2-> stm32 chip!

The ft2232 has the equivalent of 2 FT245 fifo's + 2 spi/serial channels on board so it is all singing/all dancing


correction, I always conflate the names of altera's byte blaster with bus blaster designed by Ian Lesnet (dangerous prototypes).
The bus blaster is a FT2232 + xilinx CPLD jtag adapter if I recall correctly.

I wasn't suggesting you buy a jtagulator, it doesn't do what you want anyway. Or at least it didn't back when Joe made the video. You would still need a separate jtag adapter. Maybe current jtagulators have been upgraded. I just thought that the Joe Grand video was a fairly good intro into the steps required when reverse engineering.

[alm]

SWD is a pincount/wire reduction of jtag that is specific to cortex arm processors but even here there are state machine specifics to each brand. For example I don't think a stlink-2 adapter can work on an lpc micro directly without fussing (could be wrong here).

SWD is universal for pretty much all small ARM Cortex implementations. The reason why the LPC-Link does not work with STM32 is purely a limitation introduced by marketing (why would NXP subsidize STM32 programmers?). In the case of the ST-Link, I believe the limitation is just in software and you can program any ARM that supports SWD with it using software like OpenOCD.

Open-source implementations like CMSIS-DAP or the Black Magic Probe are pretty much universal. Target-specific code is pretty much limited to device IDs and RAM/ROM size. See this example from the BMP.

[Jeroen3]

The exciting bit isn't in the hardware. You pay big money for the software.
Search for software, then buy the hardware compatible.

[WaveyDipole]

It would be better if the original poster stated what his end goal is with greater specificity so we can home in on what he needs. I suspect he is harboring the assumption that one form of jtag is universal and one dongle can be applied to all cases. This is only a partial truth. The lowest layer of jtag is pretty much the same but the internal state machines built on top of jtag vary from chip to chip. Which means  you will want the adapter which has all the state machine kinks worked out by the manufacturer, and that is mostly software. SWD is a pincount/wire reduction of jtag that is specific to cortex arm processors but even here there are state machine specifics to each brand.

Yes I perhaps naiively thought that one hardware adapter fits all and the chipset specific stuff is in a library like OpenOCD. My goal is perhaps to explore unknown devices and dump/upload firmware. For example, I know it is possible to dump the firmware of my Rigol oscilloscope and I have a couple of other devices that I would like to explore - i.e. dump and examine the firmware.

I wasn't suggesting you buy a jtagulator, it doesn't do what you want anyway. Or at least it didn't back when Joe made the video. You would still need a separate jtag adapter. Maybe current jtagulators have been upgraded. I just thought that the Joe Grand video was a fairly good intro into the steps required when reverse engineering.

I appreciate you pointing it out and it was interesting. It did ocurr to me though that it should be possible to combine its functions into a general purpose JTAG or UART adapter. Its advantage is in being able to semi-automatically identify which pins are which but once that is done, then you would just want to be able to communicate with the device using the chosen driver library and software. It seems that my suspicions are confirmed and once the pins are identified I would need a separate adapter to communicate with the device.

Regarding Windows, I mentioned it simply because it is the most universal OS, but I have no problems with using Linux. In fact I am using MINT at the moment as I type this. I have recently ventured into this OS after getting increasigly frustrated and tired of Windows 10. I take on board the comments that Linux will be the better platform to work with.