Sorry, I have neither a dissected iPod nor an ATMega32 lying around here :( In the presentation they stated that they found the JTAG ones out of 30 pads in a few hours using that finder. With 15 pins it will take 1/8 of the time. If can rule out a bunch of pads because they are tightly connected to ground or VCC (not pullable through 330R resistors), you can probably reduce the pad count to about 10 pads. That's 1/27 of the time they needed for their 30 pins. So I think it's worth a try, but as I said, I won't open my nano to do that. If I manage to get one with a broken display/battery/etc. I'll do it.
JD schrieb: > I read the paper long ago and I continue to think it's too difficult > but if you want to try... be my guest :) > > JD. > > On 05/10/2007, MsTiFtS <[EMAIL PROTECTED]> wrote: > >> You only need to find the first 3 pins, if you have got these you'll see >> what the 4th is. >> And with level tests, you can simply rule out all these VCC and GND pins >> and further reduce the number of pins you need to test. >> Have a closer look at the PDF presentation of the JTAG finder site, it's >> all described there. >> >> JD schrieb: >> >>> I take a look on that JTAG finder, it's a good tool to find out JTAG >>> pins when you know where the pins are (but you don't know pin order). >>> The problem with level test is other chips may got the same level >>> characteristcs than a JTAG signal. >>> And there a permutation of 4 pins in 15 pads is more around 30000 >>> possibilities. >>> >>> JD. >>> >>> On 05/10/2007, MsTiFtS <[EMAIL PROTECTED]> wrote: >>> >>> >>>> Well, IF there are ONLY 15 pads (I could not make out any on the scans, >>>> where the heck are they?), you can probably reduce them to about 10 with >>>> signal level tests, so there are only about 110 or 1000 possibilities to >>>> go, depending what scheme you use. That's done withing a few seconds >>>> using that JTAG finder. Who has a dissected nano to try it out? ;) >>>> >>>> JD schrieb: >>>> >>>> >>>>> Of course there is a way to put binaries on the devices but I don't >>>>> think we can find how without the original documentation, mainly >>>>> because: >>>>> >>>>> 1. There is no proof that JTAG is used here. >>>>> Only the ARM got a JTAG interface on our board and the main JTAG >>>>> feature is daisy chaining multiple chips on a single bus. Maybe the >>>>> in2g is initially programmed by an other protocol / bus, even by an >>>>> homemade simple serial bus. >>>>> But okay if I have to bet I choose JTAG. >>>>> >>>>> 2. The JTAG pins aren't clearly defined, that doesn't mean there are >>>>> no pins on our board but maybe the pins are one of the many board pads >>>>> ( approximatly 15 pads and 4 JTAG pins -> impossible to guess even >>>>> with signal level tests (maybe I'm wrong but even if it's possible >>>>> this will take a very very long time)). >>>>> >>>>> I really think there is no hope about JTAG without proper schematics / >>>>> boards layout. >>>>> >>>>> JD. >>>>> >>>>> On 04/10/2007, MsTiFtS <[EMAIL PROTECTED]> wrote: >>>>> >>>>> >>>>> >>>>>> I doubt there are JTAG pins anywhere accessible on the board. I am >>>>>> wondering how they loaded the initial code to these devices, but I can't >>>>>> see any way to do this except before the chips where soldered to the >>>>>> boards. There is simply nothing on this board you cold make a quick >>>>>> connection to except the dock port, but I doubt that JTAG is in there >>>>>> somewhere. That JTAG finder just helps to get the pinout if you have a >>>>>> dozen touchpoints on the board. Whe have the exact opposite problem: >>>>>> Nothing to hook up to. (Well, at least nothing I can see on the various >>>>>> PCB scans, I didn't get my fingers on a dissected iPod yet.) >>>>>> >>>>>> mat h schrieb: >>>>>> >>>>>> >>>>>> >>>>>>> http://www.c3a.de/wiki/index.php/JTAG_Finder ? >>>>>>> >>>>>>> On 9/28/07, *mat h* < [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> >>>>>>> wrote: >>>>>>> >>>>>>> just an idea what chip is the ram? Alot of chips have debugging >>>>>>> pins on them ( JTAG etc) does the ram chip? >>>>>>> >>>>>>> >>>>>>> On 9/28/07, *Jeremy Prater* < [EMAIL PROTECTED] >>>>>>> <mailto:[EMAIL PROTECTED]>> wrote: >>>>>>> >>>>>>> Hmmm, im going to stop my hunt then, I searched 19% of the >>>>>>> keyspace, but it sounds like im wasting time here. Has anyone >>>>>>> had any luck or ideas on how to dump the 256mbit/ 8meg ram? >>>>>>> Ive got no ideas on even trying to get the ram out of there. >>>>>>> Hehe except with a hammer... ok later im going to keep at it. >>>>>>> -- Jeremy >>>>>>> >>>>>>> -----Original Message----- >>>>>>> From: Emmanuel Fleury [mailto:[EMAIL PROTECTED] >>>>>>> <mailto:[EMAIL PROTECTED]>] >>>>>>> Sent: Thursday, September 27, 2007 10:20 PM >>>>>>> To: Hardware and developpement mailing list. >>>>>>> Subject: Re: [Linux4nano-dev] Update to rc4 key search >>>>>>> (optimized) >>>>>>> >>>>>>> mat h wrote: >>>>>>> > ok, just give me a bell if you need cpu power. >>>>>>> > >>>>>>> > Anyway what makes you so sure that the key is RC4? >>>>>>> >>>>>>> It's not. We have some good clues against it. >>>>>>> >>>>>>> Comparing several consecutive encrypted firmwares show us that >>>>>>> the same >>>>>>> key is used each time. >>>>>>> >>>>>>> In the case of an RC4 (or any stream cipher scheme), it would >>>>>>> mean that >>>>>>> we could have some statistical properties poping out when >>>>>>> XORing of two >>>>>>> encrypted firmwares (namely we should see something similar to >>>>>>> the >>>>>>> statistical property of an ARM binary... As Serpilliere did >>>>>>> mention it, >>>>>>> ARM binaries have very specific statistical properties (on the >>>>>>> 'command' >>>>>>> part)). >>>>>>> >>>>>>> We tried and nothing came out from this, which means that it's >>>>>>> very >>>>>>> likely a block cipher scheme (with a fixed key). >>>>>>> >>>>>>> Regards >>>>>>> -- >>>>>>> Emmanuel Fleury >>>>>>> >>>>>>> I do not fear computers. I fear the lack of them. >>>>>>> -- Isaac Asimov >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Linux4nano-dev mailing list >>>>>>> [email protected] <mailto:[email protected]> >>>>>>> https://mail.gna.org/listinfo/linux4nano-dev >>>>>>> http://www.linux4nano.org >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> We explore... and you call us criminals. >>>>>>> We seek after knowledge... and you call us criminals. >>>>>>> We exist without skin color, without nationality, without >>>>>>> religious bias... and you call us criminals. >>>>>>> You build atomic bombs, you wage wars, you murder, cheat, and lie >>>>>>> to us and try to make us believe it's for our own good... >>>>>>> ....yet we're the criminals. >>>>>>> >>>>>>> ____________WAUSHARE ROX ______________ >>>>>>> Join the dark side we've got cheese >>>>>>> Annoying people since 1992 >>>>>>> If you hate me, I love you too. It ain't my fault I'm better than >>>>>>> you >>>>>>> Save Water, Drink Beer >>>>>>> God Made Women First, Then He Had A Better Idea. >>>>>>> If Barbie is soo popular...how come you have to buy her friends? >>>>>>> Don't play stupid with me... I'm better at it! >>>>>>> You were so cute when you were a baby...What happened? >>>>>>> My folks were always asking me to wear underpants. What am I, the >>>>>>> pope? >>>>>>> I'm calling the police!... Right after I flush some tings. >>>>>>> Join the army, see the world, meet interesting people, and kill >>>>>>> them. >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> We explore... and you call us criminals. >>>>>>> We seek after knowledge... and you call us criminals. >>>>>>> We exist without skin color, without nationality, without religious >>>>>>> bias... and you call us criminals. >>>>>>> You build atomic bombs, you wage wars, you murder, cheat, and lie to >>>>>>> us and try to make us believe it's for our own good... >>>>>>> ....yet we're the criminals. >>>>>>> >>>>>>> ____________WAUSHARE ROX ______________ >>>>>>> Join the dark side we've got cheese >>>>>>> Annoying people since 1992 >>>>>>> If you hate me, I love you too. It ain't my fault I'm better than you >>>>>>> Save Water, Drink Beer >>>>>>> God Made Women First, Then He Had A Better Idea. >>>>>>> If Barbie is soo popular...how come you have to buy her friends? >>>>>>> Don't play stupid with me... I'm better at it! >>>>>>> You were so cute when you were a baby...What happened? >>>>>>> My folks were always asking me to wear underpants. What am I, the pope? >>>>>>> I'm calling the police!... Right after I flush some tings. >>>>>>> Join the army, see the world, meet interesting people, and kill them. >>>>>>> ------------------------------------------------------------------------ >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Linux4nano-dev mailing list >>>>>>> [email protected] >>>>>>> https://mail.gna.org/listinfo/linux4nano-dev >>>>>>> http://www.linux4nano.org >>>>>>> >>>>>>> >>>>>>> >>>>>> _______________________________________________ >>>>>> Linux4nano-dev mailing list >>>>>> [email protected] >>>>>> https://mail.gna.org/listinfo/linux4nano-dev >>>>>> http://www.linux4nano.org >>>>>> >>>>>> >>>>>> >>>>>> >>>>> _______________________________________________ >>>>> Linux4nano-dev mailing list >>>>> [email protected] >>>>> https://mail.gna.org/listinfo/linux4nano-dev >>>>> http://www.linux4nano.org >>>>> >>>>> >>>>> >>>>> >>>> _______________________________________________ >>>> Linux4nano-dev mailing list >>>> [email protected] >>>> https://mail.gna.org/listinfo/linux4nano-dev >>>> http://www.linux4nano.org >>>> >>>> >>>> >>> _______________________________________________ >>> Linux4nano-dev mailing list >>> [email protected] >>> https://mail.gna.org/listinfo/linux4nano-dev >>> http://www.linux4nano.org >>> >>> >>> >> _______________________________________________ >> Linux4nano-dev mailing list >> [email protected] >> https://mail.gna.org/listinfo/linux4nano-dev >> http://www.linux4nano.org >> >> > > _______________________________________________ > Linux4nano-dev mailing list > [email protected] > https://mail.gna.org/listinfo/linux4nano-dev > http://www.linux4nano.org > > _______________________________________________ Linux4nano-dev mailing list [email protected] https://mail.gna.org/listinfo/linux4nano-dev http://www.linux4nano.org
