First success with JTAG er, UART

Update 02/26/2013: Yeesh, my youthful exuberance got the better of me.  What I accessed was actually the UART, or serial, port for the device.  It’s still a cool and useful thing to do, but it’s not JTAG.  Using the UART on a mainboard is like being the engineer at the front of the train; you can watch all the gauges and readouts that the passengers don’t see, press buttons to turn on the headlights, turn dials to go faster or slower, etc.  You have more control and more information.  JTAG is like having mechanics sitting at each large component of the train but only being able to talk to one of them directly.  You can phone the mechanic who operates the door of the first passenger car and ask him to open the door, close the door, tell you if it’s open or closed, and you can also tell him to act as a messenger between you and the mechanic who controls the fuel valve.  You can tell the fuel valve guy to open it, close it, tell you how open or closed it is, etc. even though he doesn’t have a phone.  With JTAG, individual devices on the board all have a little guy who can do things to that one device or act as a messenger between you and another device on the same board.  So why don’t we just have JTAG on everything or UART on everything?  Well, JTAG is a very simple interface that can be inserted into a tiny component like a piece of flash memory or a big component like a processor and everything in between very easily.  But, the number of basic actions you can perform with JTAG and the speed at which you can send data are limited; it’s not meant to be pleasing to the end user.  UART is like having an 800-number for easy access to your board.  You want to observe detailed operating messages and have low-level control over the whole device’s operation?  Here, call our 800 number and just tell the operator what you need.  *** I’m going to bed.  I’ll finish this FANTASTIC explanation later 😉

My electronics tinkering street-cred is a teensy bit more, well, credible now.  I’ve been looking through my piles of old devices and newly-acquired broken devices, trying to gain experience in troubleshooting electronics.  One tool to which I am completely new is JTAG, a very low-level interface on most modern devices that allows you to access, operate, and reprogram all sorts of things even when the device isn’t bootable using normal means.  It’s not a silver bullet for electronics repair, but it gives you capabilities beyond jiggling cables and cycling the power.

The first step to getting JTAG access is to identify a set of pins or pads on the device’s circuit board.  Sometimes the manufacturer makes life easy and labels the pins with their proper names, like “VCC” and “GND”.  Sometimes there are no labels and no pins.  I have to use a multimeter to test voltage and resistance.  It’s fun when nothing is labelled and you’re blindly probing solder pads hoping to find 3.3 volts.

Once you identify the correct pins/pads/holes you need an interface that converts the JTAG signals into something your computer can chew on.  I purchased a few USB-to-TTL adapters from somewhere in Hong Kong or Singapore for about $2 each.  Until today, I was almost certain that I had been ripped off; I had tried to use the adapters on at least four different devices with no luck.  I finally tasted success when I hooked up an LG BD300 Blu-ray player and saw a bunch of bootup information scrolling on my terminal window:

Booting Secured CFE...
Common Firmware Environment (CFE) version 1.30 for BCM97440 CX-V12-384MB, (Little Endian Mode)
Build Date: Thu Aug 14 09:12:06 EDT 2008 (christj@stb-mhtb-04)
Copyright (C) 2000-2008 Broadcom Corporation.

Woo hoo!  I didn’t waste $6!

The victory was small, but I’m marginally more useful today than I was yesterday.  I’ll take it.