This blog post has been created for completing the requirements of the SecurityTube Offensive Internet of Things course.
Student ID: IoTE-728
The most interesting part of the Offensive IoT Exploitation course was the JTAG part. I did not have any device with JTAG capabilities, so I bought a MIPS Creator Ci40 IoT hub.
This board has a standard JTAG interface.
The full documentation of the board can be found here. The board comes with OpenWRT installed.
I downloaded the JTAGEnum from github. I uploaded the code to my Arduino. I opened the Serial Monitor with baud rate 115200 and pressed ‘h’. The help menu appeared.
The next step was to connect the Arduino and Mips Creator Ci40. I connected JTAG 1-3-5-7-9-11-13 to Arduino 8-7-6-5-4-3-2 and JTAG 10-12-14 to Arduino 11-10-9.
Then I pressed ‘s’ and Enter in the Serial Monitor of the Arduino. The scan started and several minutes I got the following result:
JTAGEnum found one possible pinout.
JTAG1 -> DIG8 -> NTRST
JTAG9 -> DIG4 -> TCK
JTAG7 -> DIG5 -> TMS
JTAG5 -> DIG6 -> TDO
JTAG3 -> DIG7 -> TDI
This is exactly the same as the one which can be found in the official document.