+- Haxorware Forums (http://www.haxorware.com/forums)
+-- Forum: General (http://www.haxorware.com/forums/forumdisplay.php?fid=6)
+--- Forum: Off topic (http://www.haxorware.com/forums/forumdisplay.php?fid=8)
+--- Thread: video-blackbox-jtag-reverse-engineering (/showthread.php?tid=2677)
video-blackbox-jtag-reverse-engineering - drewmerc - 27-07-2013
http://dangerousprototypes.com/2013/07/27/video-blackbox-jtag-reverse-engineering/
interesting
RE: video-blackbox-jtag-reverse-engineering - dragonlord7791 - 29-07-2013
yes
RE: video-blackbox-jtag-reverse-engineering - slave - 29-07-2013
this kind of technics i know for about 3 years ago and was tested success on hd sattelite receiver
there is a test-mode supervisor implemented on new d3 jtag host
this isnt new security and also isnt good security
firmware bootloader disable the jtag host itself after boot so by using default poke/peek commands you cannot manipulate on flash also ram
to open access you need to use services scripts which allow you to pool the modem to the test mode after you can bypass and open connection
i do not know the test-mode commands for d3 modems i just know them for sat receivers also as i say this is poor low-level old security
in new secure devices jtag is keyed.... you need to enter a password being on test mode which allow you to use jtag properly
password is generated by some algo and its addicted by cpu seriall