MatthewTingum
commented
10 months ago Produce a clone or get our hands on the real deal. Either way, the result is the same. JTAG sniffing. Unless someone wants to reverse the SmartProbe bitstream.
Closed MatthewTingum closed 7 months ago
MatthewTingum
commented
10 months ago Produce a clone or get our hands on the real deal. Either way, the result is the same. JTAG sniffing. Unless someone wants to reverse the SmartProbe bitstream.
MatthewTingum
commented
7 months ago This was a means to and end. Investigate something that gives us insight into HDT. We have the SUN X4100 for that. See https://github.com/Necrosys/x86-JTAG-Information/issues/10. While not totally unreasonable, this isn't the path of least resistance.
This is still a fun idea but it's a waste of time if the only goal is to learn about HDT. Closing for now.
The Sage SmartProbe talks HDT protocol. In theory, one could sniff JTAG communications and reverse the protocol. At least the version that was spoken at that time.
There are 2 major components of the Sage SmartProbe. An ARM microcontroller and an FPGA. From what I've heard, the FPGA bitstream exists within a publicly available firmware. One could clone a smartprobe without ever having touched one.
It seems to me that the FPGA only exists to take in commands an relay them... but I'm not really sure.
There are roughly 5 traces that run under the ARM chip from the FPGA. Beyond that, everything is reference design. It shouldn't be too difficult to produce a clone.