Blackbox JTAG Reverse Engineering
نویسنده
چکیده
JTAG’s IEEE 1149.1 standard is a well-known method to access on-chip scan chains for testmode functionality. But a large part of the accessible test-modes are usually not documented. It will be shown that often these testmodes can be reverse-engineered by looking at the JTAG inputs and outputs. Undocumented test-modes can be pretty powerful tools in gaining “back door” access to a system.
منابع مشابه
A visual approach to interpreting NAND flash memory
The research described in this paper proposes methods for visually interpreting the content of raw NAND flash memory images into higher level visual artefacts of assistance in reverse engineering and interpreting flash storage formats. A novel method of reverse engineering the structure and layout of individual memory locations within NAND flash images, based on injecting a known signal into a ...
متن کاملBreakthrough Silicon Scanning Discovers Backdoor in Military Chip
This paper is a short summary of the first real world detection of a backdoor in a military grade FPGA. Using an innovative patented technique we were able to detect and analyse in the first documented case of its kind, a backdoor inserted into the Actel/Microsemi ProASIC3 chips for accessing FPGA configuration. The backdoor was found amongst additional JTAG functionality and exists on the sili...
متن کاملReverse Engineering of Parametric Behavioural Service Performance Models from Black-Box Components
Integrating heterogeneous software systems becomes increasingly important. It requires combining existing components to form new applications. Such new applications are required to satisfy non-functional properties, such as performance. Design-time performance prediction of new applications built from existing components helps to compare design decisions before actually implementing them to the...
متن کاملReverse Engineering Anti-Virus Emulators through Black-box Analysis
Anti-virus (AV) programs have traditionally used signature matching in order to detect malware. Malware authors try to evade signature matching by encrypting and compressing malware, also known as packing. Packed malware will be unintelligible on disk, but will unpack itself at run-time to return to its original form. AV’s attempt to exploit this by emulating the malware. AV emulators step thro...
متن کاملA Symbolic Debugger for Powerpc-based Hardware, Using the Engineering Support Processor (esp)
For debugging PowerPC-based hardware systems, there is a tool named the Engineering Support Processor (ESP) that accesses and controls the chip via the JTAG interface. With the ESP, a user can debug a target system by starting and stopping it, accessing registers and memory, and so on. However, with ESP alone, it is di cult to symbolically debug programs written in high-level languages such as ...
متن کامل