Electrical analysis - cyphunk/JTAGenum GitHub Wiki
Electrical Analysis
Some notes from examining electrical characteristics of pins.
Procedure:
- Note ground pins GND while device off
- Note voltage of pins when device on
- Note resistance between pins and GND when device off
- Note resistance between pins and Vcc when device off, if Vcc pin is known
See notes in Embedded Analysis JTAG by hand section for expected pullups and resistance.
Reference
For copy+paste into project notes Dual row:
r2vcc r2gnd Volt Volt r2gnd r2vcc
* 1 2 *
* 3 4 *
* 5 6 *
* 7 8 *
* 9 10 *
* 11 12 *
* 13 14 *
* 15 16 *
* 17 18 *
* 19 20 *
(orientation: pin 1 nearest to..)
Single row:
Volt r2gnd r2vcc
1 *
2 *
3 *
4 *
5 *
6 *
7 *
8 *
9 *
10 *
11 *
12 *
(orientation: pin 1 nearerest to...)
Log
JTAG orientation success
Comparing the electrical characteristics of this target with a known common JTAG header layout found online gave us a few rules to make note of:
VCC Pin: Find the pin with the lowest resistance to others. Confirm by measuring operating voltage (typically 1.8V, 3.3V, or 5V) when the target is powered.
GND Pin: Locate the pin with zero resistance to the chassis or ground. Verify using a continuity test.
RESET Pin: Identify the pin with the highest resistance. It resets the target when pulled low and may have a pull-up to VCC.
TDO/TDI/TMS/TCK Pins: Pins showing a 1kΩ resistance to VCC are typically the JTAG communication lines:
TCK: Clock activity.
TMS: Mode control.
TDI/TDO: Data input/output.
Pin Behavior: Not all targets follow the expected JTAG behavior. A missing TDI pull-down could indicate that JTAG is disabled or repurposed.