This blog post has been created for completing the requirements of the SecurityTube Offensive Internet of Things course.

http://www.securitytube-training.com/online-courses/offensive-internet-of-things- exploitation/index.html

Student ID: IoTE-728

 

The most interesting part of the Offensive IoT Exploitation course was the JTAG part. I did not have any device with JTAG capabilities, so I bought a MIPS Creator Ci40 IoT hub.

MIPS_Creator_CI40

This board has a standard JTAG interface.

creator_jtag_pinout_01

The full documentation of the board can be found here. The board comes with OpenWRT installed.

 

I downloaded the JTAGEnum from github. I uploaded the code to my Arduino. I opened the Serial Monitor with baud rate 115200 and pressed ‘h’. The help menu appeared.

creator_jtag_pinout_02

The next step was to connect the Arduino and Mips Creator Ci40. I connected JTAG 1-3-5-7-9-11-13 to Arduino 8-7-6-5-4-3-2 and JTAG 10-12-14 to Arduino 11-10-9.

connect1 connect2

Then I pressed ‘s’ and Enter in the Serial Monitor of the Arduino. The scan started and several minutes I got the following result:

creator_jtag_pinout_03

JTAGEnum found one possible pinout.

JTAG1 -> DIG8 -> NTRST
JTAG9 -> DIG4 -> TCK
JTAG7 -> DIG5 -> TMS
JTAG5 -> DIG6 -> TDO
JTAG3 -> DIG7 -> TDI

This is exactly the same as the one which can be found in the official document.