Found in most microcontrollers and processors, JTAG is an industry standard for verifying designs and testing printed circuit boards after manufacture, and that is also often used for low-level debugging or reverse-engineering.
Espressif ESP32 also has a JTAG interface, but interestingly it’s shared with the SD card interface, and in ESP32 LyRaT audio development board where both MicroSD card slot and JTAG header are present selection is made by jumpers.
The extract from ESP32 LyRaT schematics above shows IO’s 12, 13, 14 and 15 can present on the SD card and 4-pin JTAG header. Some boards may not come with a JTAG header but may feature a MicroSD card slot, but you don’t have to solder wires to the board to access JTAG, and instead, you could simply use a custom MicroSD card adapter to insert into the MicroSD card socket of the board and access JTAG as explained by cibomahto on Twitter.
Nice little hardware trick! The photo below shows what it looks like when an ESP32 board is connected to a “JTAG debugger” (actually ESP32-Ethernet-Kit development board with FTDI chip). If your board comes with a full-sized SD card socket using a standard MicroSD to SD adapter should work too.
Reading comments on Twitter also informs use ESP32 is not the first platform with this trick, as (some?) Allwinner processors also route JTAG signals via the SD card interface.
Jean-Luc started CNX Software in 2010 as a part-time endeavor, before quitting his job as a software engineering manager, and starting to write daily news, and reviews full time later in 2011.
Support CNX Software! Donate via cryptocurrencies, become a Patron on Patreon, or purchase goods on Amazon or Aliexpress
It has just been pointed out to me on Twitter that vendors should disable JTAG with an EFUSE flag if they don’t want their devices accessed and potentially compromised in the field.
It can be done with espefuse tool: https://github.com/espressif/esptool/wiki/espefuse
I think that this step doesn’t really matter anymore since (as the author of the original post said) ESP32 is pwn forever.
https://limitedresults.com/2019/11/pwn-the-esp32-forever-flash-encryption-and-sec-boot-keys-extraction/
It still makes hacking the board slightly more difficult.
Actually EspressIF patched the vulnerability in ESP32-D0WD-V3 chips and the related ESP32-WROVER-E module. But yes, all older chips are pwned. So the “forever” part is subjective 🙂
As you’ve written, this stands for the new chips only. Therefore, the authors claim is not wrong and it means that the affected chips cannot be fixed, so they’ll have this issue permanently.
That doesn’t include other HW and it’s great that it got fixed and it was pity for the damages that the company had because of the previous affected versions.
You can get these on AliExpress for $5. Has JTAG and serial console breakouts. Look for ‘uSD breakout board’.
Serrial console works for AllWinner (RX/TX = D3/CLK) and Amlogic (RX/TX = D2/D3), too. Dunno about JTAG.
This is what these breakout boards look like: https://linux-sunxi.org/MicroSD_Breakout
The microSD adapter in linux-sunxi website is quite nice since no soldering is required. I can’t quite find this exact model anymore.
Edit: Yes, it’s still for sale. See Zoobab comment
Amlogic also have official SDIO debug board which uses some secret sauce 🙂
Thanks. This is really interesting. I got some Allwinner Boards.
Where can you find such a custom MicroSD card adapter?
“as (some?) Allwinner processors also route JTAG signals via the SD card interface.”
Remember the Allwinner A10 JTAG SD card breakout:
https://fr.aliexpress.com/item/527673076.html
Yeahh… “Sorry, this item is no longer available!”
Too many people bought it ^^ 😀
Don’t a bunch of allwinner tablets route the debugging UART to the micro-SD slot?
Another solution might consist in using HardKernel/FriendlyElec’s eMMC to uSD adapters and to either solder directly on the adapter or use a cable.
the JTAG for microsd you can change the GB expansion example micro sd from 128gb and it changes to 512gb you can Sorry I’m new to these technologies but I’m curious to find out.