PM3 & JTAG using a Blackcat USB hardware flasher

asper · 2015-03-17 09:20:32

Using this hardware can someone explain me the pinout to eventually re-flash proxmark3 via JTAG interface ? Is it possible ?

Flasher:

Flasher Manual

Last edited by asper (2015-03-17 09:21:47)

asper · 2015-03-17 13:22:44

I tested PM3 jtag pins 5-7-9-13 +GND and 5-7-11-13 + GND connecting them to the correspondig pins on the blackcat hardware:

PM3 JTAG Pinout:

PM3 - BlackCat
5(TDI) - TDI
7(TMS) - TMS
9(TCLK) - TCK
13(TDO) - TDO
20(GND) - GND

5(TDI)- TDI
7(TMS)- TMS
11(RTCK)- TCK
13(TDO)- TDO
20(GND) - GND

but with both configurations pm3 was not found... any help ?

Last edited by asper (2015-03-17 13:45:54)

thefkboss · 2015-03-17 15:10:05

the pm3 (atmel) need power, so don´t forget to plug usb connetor ( to your pm3)

Last edited by thefkboss (2015-03-17 15:10:35)

asper · 2015-03-17 15:28:13

I connected pm3 to USB but when I open the BlackCat flashing software it says no device connected (BlackCat is recognized but not the jtag connection).

Is the pinout connection correct ?

Last edited by asper (2015-03-17 15:29:18)

thefkboss · 2015-03-17 19:43:35

this one
PM3 - BlackCat
5(TDI) - TDI
7(TMS) - TMS
9(TCLK) - TCK
13(TDO) - TDO
20(GND) - GND
maybe you need Test Reset...(is not necessary.....but...)
3(TRST)- TRST

in the software do you select the correct micro? and the correct clock for jtag??

AT91SAM7S256 or AT91SAM7S128 and 5khz??

thefkboss · 2015-03-17 19:49:58

I have read the manual....
Have you upload to your black cat this firm BCUSB.6.01.EJTAG.hex and not this BCUSB.1.05.SPI.hex??

asper · 2015-03-17 20:01:22

No luck. Unfortunately I cannot specify anything in the blackcat software interface, here are some screenshots:

I just noticed one thing: with my 1st and your jtag configuration, after some seconds (almost 15-20) pm3 auto-rests itself.

Maybe I need to make a script ? Here are some examples inside the software /script folder.

I read that blackcat is something similar to a teensy... maybe someone with teensy experience can help out.

Any other suggestion ?

Last edited by asper (2015-03-17 20:04:32)

asper · 2015-03-17 20:24:03

Also should I use 3.3 or 5V ?

thefkboss · 2015-03-17 20:53:05

asper wrote:

Also should I use 3.3 or 5V ?

for???

you don´t need power on the jtag becuase when you plug the pm3 usb the atmel is powered foR that reason you need the pm3 usb connected.

I think is 3.3 the atmel vcc but....I have to look the datasheet
I´m going to look the script examples

thefkboss · 2015-03-17 21:03:10

on the scripts are only the memory position, nothing related with clock, frecuency......I don´t know if is going to work, because first you need to detect the atmel and then run the script to write the memory position.
but if you don´t detect the atmel there is nothing to write

asper · 2015-03-17 21:13:46

Maybe BlackCat is not suitable for those kind of processors...

thefkboss · 2015-03-17 22:41:01

I think this is the problem

http://electronics.stackexchange.com/questions/94018/what-is-the-difference-between-jtag-and-ejtag

asper · 2015-03-18 08:58:06

Thanks for pointing that out. Maybe you are right.

What hardware is the cheapest one to perform jtag operation and has a free good software for windows systems?

thefkboss · 2015-03-18 10:21:26

J-LINK segger (clones) the originals are to expensive.
clones (15-20 dollars)

but with clones be carefull:
you have to used old version of program from 2013 and disconect from internet because:
1 they used invalid serial numbers and you get blacklisted
2 some stupid, change in the frimware a line, and is possible detect that line, and you get blacklisted again
3 the new soft detec false ftdi http://hackaday.com/2014/10/22/watch-that-windows-update-ftdi-drivers-are-killing-fake-chips/ and reprogram frimware

advise: if you are going to use DON´T CONECT TO INTERNET AND USE ALL VERSIONS FROM 2013

IF YOU DON´T FOLLOW THIS ADVISE.
1 you must know IDA
2 have another programmer to re-program segger

Last edited by thefkboss (2015-03-18 10:21:59)

asper · 2015-03-18 13:36:50

Windows update removed the bricking driver: http://www.ftdichipblog.com/?p=1053

Brick can be resolved, see the step by steb guide for win and linux; software is also available (you need ft_prog software and win drivers).

I paste here the procedure if the above article from reddit will become unavailbale:

Solution to reset the PID with windows 8.1
- Download FT_Prog http://www.ftdichip.com/Support/Utilities.htm
- Download the VCP Drivers http://www.ftdichip.com/Drivers/VCP.htm
- Extract and edit the ftdibus.inf file and change all PID values from 6001 to 0000
- Activate loading of unsigned drivers (corner of the screen -> change pc settings -> Updates -> Restore Windows -> Advanced Start -> Restart now -> Troubleshoot -> Choose advanced options -> Disable driver signature enforcement
restart
- load the modified driver in the hardware manager
- Start FT_Prog
- Scan
- Change the device descriptor to 6001
- flash

Here you can find already signed win drivers (not tested).

I just bought a clone from ebay, it will arrive in some weeks. Software should be this, if you want to take a look and inform others IF IT IS GOOD it will be a good thing: software

Last edited by asper (2015-03-18 14:17:35)

thefkboss · 2015-03-18 21:17:12

https://www.segger.com/j-link-older-versions.html

is not a really windows problem..
segger rewrite the frimware when you install a new version if they detect that yours is a clone they corrupt the flash and the ftdi so unless you make reversing of the software and the firm.
1º DON´T CONNECT TO INTERNET WITH CLONE PLUG IT IN
2º DON´T USED NEW VERSION (UNLESS YOU PATCHED IT WITH IDA)
I don´t remember but i think 4.20 was right

asper · 2015-04-02 17:07:29

Thank you for the further explanations !

Proxmark3 community

Announcement

#1 2015-03-17 09:20:32

PM3 & JTAG using a Blackcat USB hardware flasher

#2 2015-03-17 13:22:44

Re: PM3 & JTAG using a Blackcat USB hardware flasher

#3 2015-03-17 15:10:05

Re: PM3 & JTAG using a Blackcat USB hardware flasher

#4 2015-03-17 15:28:13

Re: PM3 & JTAG using a Blackcat USB hardware flasher

#5 2015-03-17 19:43:35

Re: PM3 & JTAG using a Blackcat USB hardware flasher

#6 2015-03-17 19:49:58

Re: PM3 & JTAG using a Blackcat USB hardware flasher

#7 2015-03-17 20:01:22

Re: PM3 & JTAG using a Blackcat USB hardware flasher

#8 2015-03-17 20:24:03

Re: PM3 & JTAG using a Blackcat USB hardware flasher

#9 2015-03-17 20:53:05

Re: PM3 & JTAG using a Blackcat USB hardware flasher

#10 2015-03-17 21:03:10

Re: PM3 & JTAG using a Blackcat USB hardware flasher

#11 2015-03-17 21:13:46

Re: PM3 & JTAG using a Blackcat USB hardware flasher

#12 2015-03-17 22:41:01

Re: PM3 & JTAG using a Blackcat USB hardware flasher

#13 2015-03-18 08:58:06

Re: PM3 & JTAG using a Blackcat USB hardware flasher

#14 2015-03-18 10:21:26

Re: PM3 & JTAG using a Blackcat USB hardware flasher

#15 2015-03-18 13:36:50

Re: PM3 & JTAG using a Blackcat USB hardware flasher

#16 2015-03-18 21:17:12

Re: PM3 & JTAG using a Blackcat USB hardware flasher

#17 2015-04-02 17:07:29

Re: PM3 & JTAG using a Blackcat USB hardware flasher

Board footer