mirror of https://github.com/hak5/openwrt-owl.git
62 lines
2.9 KiB
TeX
62 lines
2.9 KiB
TeX
|
Debugging hardware can be tricky especially when doing kernel and drivers
|
||
|
development. It might become handy for you to add serial console to your
|
||
|
device as well as using JTAG to debug your code.
|
||
|
|
||
|
\subsection{Adding a serial port}
|
||
|
|
||
|
Most routers come with an UART integrated into the System-on-chip
|
||
|
and its pins are routed on the Printed Circuit Board to allow
|
||
|
debugging, firmware replacement or serial device connection (like
|
||
|
modems).
|
||
|
|
||
|
Finding an UART on a router is fairly easy since it only needs at
|
||
|
least 4 signals (without modem signaling) to work : VCC, GND, TX and
|
||
|
RX. Since your router is very likely to have its I/O pins working at
|
||
|
3.3V (TTL level), you will need a level shifter such as a Maxim MAX232
|
||
|
to change the level from 3.3V to your computer level which is usually
|
||
|
at 12V.
|
||
|
|
||
|
To find out the serial console pins on the PCB, you will be looking
|
||
|
for a populated or unpopulated 4-pin header, which can be far from
|
||
|
the SoC (signals are relatively slow) and usually with tracks on
|
||
|
the top or bottom layer of the PCB, and connected to the TX and RX.
|
||
|
|
||
|
Once found, you can easily check where is GND, which is connected to
|
||
|
the same ground layer than the power connector. VCC should be fixed
|
||
|
at 3.3V and connected to the supply layer, TX is also at 3.3V level
|
||
|
but using a multimeter as an ohm-meter and showing an infinite
|
||
|
value between TX and VCC pins will tell you about them being different
|
||
|
signals (or not). RX and GND are by default at 0V, so using the same
|
||
|
technique you can determine the remaining pins like this.
|
||
|
|
||
|
If you do not have a multimeter a simple trick that usually works is
|
||
|
using a speaker or a LED to determine the 3.3V signals. Additionnaly
|
||
|
most PCB designer will draw a square pad to indicate ping number 1.
|
||
|
|
||
|
Once found, just interface your level shifter with the device and the
|
||
|
serial port on the PC on the other side. Most common baudrates for the
|
||
|
off-the-shelf devices are 9600, 38400 and 115200 with 8-bits data, no
|
||
|
parity, 1-bit stop.
|
||
|
|
||
|
\subsection{JTAG}
|
||
|
|
||
|
JTAG stands for Joint Test Action Group, which is an IEEE workgroup
|
||
|
defining an electrical interface for integrated circuit testing and
|
||
|
programming.
|
||
|
|
||
|
There is usually a JTAG automate integrated into your System-on-Chip
|
||
|
or CPU which allows an external software, controlling the JTAG adapter
|
||
|
to make it perform commands like reads and writes at arbitray locations.
|
||
|
Additionnaly it can be useful to recover your devices if you erased the
|
||
|
bootloader resident on the flash.
|
||
|
|
||
|
Different CPUs have different automates behavior and reset sequence,
|
||
|
most likely you will find ARM and MIPS CPUs, both having their standard
|
||
|
to allow controlling the CPU behavior using JTAG.
|
||
|
|
||
|
Finding JTAG connector on a PCB can be a little easier than finding the
|
||
|
UART since most vendors leave those headers unpopulated after production.
|
||
|
JTAG connectors are usually 12, 14, or 20-pins headers with one side of
|
||
|
the connector having some signals at 3.3V and the other side being
|
||
|
connected to GND.
|