Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Hi,
I spent a few hours on that so I decided to share the solution in case anyone else had such problem.
One of Chinese Proxmark clones does not allow to connect JTAG:
JLink:
J-Link>h
Target connection not established yet but required for command.
Device "AT91SAM7S512" selected.
Connecting to target via JTAG
TotalIRLen = ?, IRPrint = 0x..000000000000000000000000
TotalIRLen = ?, IRPrint = 0x..000000000000000000000000
TotalIRLen = ?, IRPrint = 0x..000000000000000000000000
TotalIRLen = ?, IRPrint = 0x..000000000000000000000000
Cannot connect to target.
BusPirate + openocd:
openocd -f at91sam7s512-buspirate.cfg
Open On-Chip Debugger 0.10.0
Licensed under GNU GPL v2
For bug reports, read
http://openocd.org/doc/doxygen/bugs.html
Warn : Adapter driver 'buspirate' did not declare which transports it allows; assuming legacy JTAG-only
Info : only one transport option; autoselect 'jtag'
adapter speed: 1000 kHz
srst_only srst_pulls_trst srst_gates_jtag srst_open_drain connect_deassert_srst
Info : Buspirate Interface ready!
Info : This adapter doesn't support configurable speed
Info : TAP sam7x.cpu does not have IDCODE
Error: sam7x.cpu: IR capture error; saw 0x0e not 0x01
Warn : Bypassing JTAG setup events due to errors
Info : Embedded ICE version 0
Error: unknown EmbeddedICE version (comms ctrl: 0x00000000)
Info : sam7x.cpu: hardware has 2 breakpoint/watchpoint units
Info : accepting 'telnet' connection on tcp/4444
Info : Halt timed out, wake up GDB.
Error: timed out while waiting for target halted
After a few hours of checking JTAG adapters and wiring, it turned out they have enabled code readout protection in Atmel. I guess they developed some modified, closed version of firmware (of course violating the license btw), and were afraid of others cloning it. So they disabled JTAG.
The solution is to erase the chip by pulling PIN 55 ( < 1s is enough) while the device is up. I just used a simple connector wire and shorted it to 3.3V, as on the picture below:
From now on the memory is erased and the readout protections are off, too. You can proceed with the JTAG flashing as normal.
Offline
Oh, as it turns out that has been solved previously:
http://www.proxmark.org/forum/viewtopic.php?pid=33890
my bad, I haven't looked up the forum deep enough...
Offline