Toolset to learn and recover

Hardware Questions and Recommendations
1

Hello,

I want to know what toolset and knowhow (besides basic electronics knowledge) one should have if you want to recovery from bricked devices while learning along the way.

JTAG is one thing but then what JTAG adapter do you use and/or supports OpenOCD? J-Link EDU Mini seems a good one.

Thanks

2

Recovery methods very much depend on the hardware, but generally speaking, my list would include:

  • Serial connectivity via UART (typically a 3.3V TTL to USB adapter)
  • JTAG for some types of devices -- you can actually use a Raspberry Pi + OpenOCD (https://sysprogs.com/VisualKernel/tutorials/raspberry/jtagsetup/)
  • In some cases, an in-system programmer for the flash chip (CH341A or similar)
  • Linux OS on a computer (or a Pi/SBC)
  • And an Ethernet switch can be handy to keep a port "up" on the host even when the port may be flapping on the device in question.
2 Likes
3

Allow me to be blunt here, it's not meant to be dismissive or arrogant, but to actually provide some guidance.

Whenever the term 'JTAG' comes up on this forum, it means either one of two orthogonal things:

  • the user knows exactly what they're doing and they are pretty advanced specialists
    but those would usually ask a much more specific question.
    adding the term 'openocd' into the mix tends to raise the chances, but these days that might also be merely an ai artefact
  • the user has no idea what they are talking about and has no chance to succeed with JTAG

JTAG is only useful to you, if (all conditions must apply):

  • you have decent soldering equipment and are capable/ not afraid of SMD (micro-)soldering
  • own a microscope suited for this (stereo microscope or digital, attached to a screen) or have very good eyesight, a large (>12 cm diameter, >> 3x magnification factor) stationary magnifying glass and very good lighting, the later is not recommended, but maaay do
  • own a good multimeter
  • own a scope or digital signal analyzer
    doesn't need to be high-end, you don't need to be a specialist, but you (at least) need to be able to recognize (without any specifics):
    • DC
    • AC and signal form (sinus, rectangle)
    • voltage levels
    • frequencies and time spans
    • random noise
    • a reasonable clock signal
    • datagrams of some kind
  • have access to the SOC's pinout
  • are familiar with tracing lanes from BGA chips through 4-6 layer PCBs
  • know when/ where pullup resistors, capacitors, level shifters are needed
  • are able to reverse engineer missing electronic components (most vendors don't leave JTAG fully functional, but remove critical components and connectors in the signal path)
  • have serial console access in parallel
  • speak mips or arm assembler (depending on the device) fluently
  • have access to the SOC's confidential data sheets and fully understand the early boot process on an electrical (pinstrapping) level (and can at least approximately) verify it with the scope
  • have access to SOC specific boot scripts/ initvals and know how to operate openocd

...unless you can say confidently 'yes' to all of these bullet points, JTAG won't do jack shit for you. But in many cases there'd be much easier recovery means, requiring a fraction of the above (keywords: bootloader based tftp/ XOR ftp XOR httpd recovery, serial console access, mtk_uart/ kwboot/ cfg04/ ..., external spi-nor flashing and flash partitioning, still some soldering involved, however NOT JTAG). Which of these may apply, varies between SOC, the specific device model, its bootloader capabilities, the flash type - and what you did to break it.

There is no generic answer or approach, the details matter, down to dotting the i's and crossing the t's. But don't start with the big hammer, if a scalpel and some plaster will do - be aware that some data is not recoverable (without an rf lab, 6-figure measuring equipment and NDA'ed information && software from the chipset vendor). Realize that eMMC or -worse- NAND complicate things compared to SPI-NOR flash, again, the details matter. Know your limits, when to bail out, when buying a functioning device from the used markets is a more sensible option.

If you still continue from here on, still pursue your JTAG endeavours - hat's off, you have surpassed 98% of all participants of this forum.

Go to the city. Find somebody important. Tell them, I'm back. Tell them, I know what they did and I'm on my way. And if they ask you who I am, tell them I came the long way round.