-
Notifications
You must be signed in to change notification settings - Fork 92
HydraFW OpenOCD guide
Benjamin Vernoux edited this page Sep 8, 2023
·
12 revisions
This guide is updated towards development firmware
OpenOCD can be used with the same protocol as the bus pirate.
- It is recommended to use OpenOCD v0.10 or more (see http://openocd.org)
- HydraBus HydraFW natively support OpenOCD BusPirate JTAG or SWD mode using BBIO_JTAG for JTAG and BBIO_RAWWIRE for SWD
- For more details on HydraFW BBIO_JTAG see following links:
-
https://github.com/hydrabus/hydrafw/blob/master/src/hydrabus/hydrabus_bbio.c see
"case BBIO_JTAG:"in code -
https://github.com/hydrabus/hydrafw/blob/master/src/hydrabus/hydrabus_mode_jtag.c see
jtag_enter_openocd()
-
https://github.com/hydrabus/hydrafw/blob/master/src/hydrabus/hydrabus_bbio.c see
- For more details on HydraFW BBIO_RAWWIRE see https://github.com/hydrabus/hydrafw/blob/master/src/hydrabus/hydrabus_bbio_rawwire.c
- For more details on how it is supported in OpenOCD see https://repo.or.cz/openocd.git/blob/HEAD:/src/jtag/drivers/buspirate.c
- For more details on HydraFW BBIO_JTAG see following links:
Example OpenOCD configuration :
source [find interface/buspirate.cfg]
buspirate_mode open-drain
buspirate_pullup 1
buspirate_port /dev/ttyACM0
transport select jtag
If you know the target JTAG pins, connect them on the default pins and run OpenOCD with your configuration file.
It is possible to discover the JTAG pins and use them without changing the wiring :
- Use the
brutecommands to discover the pins. - Once the pins are discovered, validate them using
bypassandidcodecommands. - Run the
openocdcommand - Leave the Hydrabus terminal
- Run OpenOCD with your configuration file
Hydrabus can also be used as an SWD interface to connect to various devices.
| Hydrabus PIN | SWD Signal |
|---|---|
| PB3 | SWDCLK |
| PB4 | SWDIO |
| PC4 | nRST |
An example configuration can be found in utils/openocd/hydrabus_swd_host.cfg
Hydrabus can be debugged using an external SWD interface on the debug pins using the OpenOCD configuration found in utils/openocd/hydrabus_target.cfg
-
Kudelski Security Research SWD (HydraBus) by Nicolas Oberli
- SWD – ARM’s alternative to JTAG: https://research.kudelskisecurity.com/2019/05/16/swd-arms-alternative-to-jtag
- SWD part 2 the MEM-AP: https://research.kudelskisecurity.com/2019/07/31/swd-part-2-the-mem-ap
- SWD part 3 SWO and nRST: https://research.kudelskisecurity.com/2020/04/15/swd-part-3-swo-and-nrst
- SWD Bonus MEM-AP security: https://research.kudelskisecurity.com/2020/06/15/swd-bonus-mem-ap-security
-
Kudelski Security Research JTAG by Sylvain Pelissier
- JTAG debugging with Bus pirate and OpenOCD: https://research.kudelskisecurity.com/2014/05/01/jtag-debugging-made-easy-with-bus-pirate-and-openocd
- CHANGELOG
- Console commands
- Binary mode guide
-
NFC/HydraNFC v1 guide
- Read UID of an ISO/IEC_14443 Tag
- Read UID and data of a MIFARE Ultralight Tag
- Read UID of an ISO/IEC 15693 Tag
- Emul ISO14443a Tag
- Emul MIFARE Ultralight Tag
- Emul Mifare Classic Tag
- Unique NFC sniffer design
- Launch NFC sniffer from console
- Sniffer ISO14443A wireshark pcap
- Autonomous/stand-alone sniffer mode
- Sniffer ISO14443A real-time infinite trace mode
- HydraFW-HydraNFC-v1.x-TRF7970A-Tutorial