Great video! Minor vim note: at @17:30, you can use capital R to enter Replace mode. That way you won't have to count anything. Just make sure you only modify ASCII characters.

Oh my god, just found this channel and it's an absolute goldmine :-) thanks for all the awesome content!

Minor correction to the video - video title states using JTAG to extract firmware, while Matt used SWD instead. JTAG is an industry standard interface, while SWD is more vender specific. Apart from showing the JTAGulator Matt does not actually use it :-(

Awesome video!! Could you do something with STM chips that are locked sometime soon? My vaguest of vague understanding is that you can sometimes do something with pulling boot select pins low to get it into a debug mode regardless of other configurations, but I don't have the first clue how to actually do that irl. Keep up the great videos m8!

Your channel is incredible!

I recently came across your channel and I love your videos. If you ever have a project where you gain practical functionality of a device by hacking it, that would make a great video. Like the security camera sending the stream to a self hosted storage server or other ideas you may have.

Dear sir I have a problem that the mcu has tooll0 pin reset pin vcc and ground . How I can extract firmware from the mcu

I just got a bus pirate 3.6a and, I'm wanting to connect to a device using JTAG. The available pins on it are: TDO,TDI,TMS,TCK,GND,RESET Do I just connect it the same named pin, as from the bus pirate to the device? (Like TDO - TDO, TDI - TDI...etc etc for all of them). Years ago, I used uart but, I'm not seeing those connections on the board I'm trying to mess around with. I just can't seem to find a guide / tutorial that explains how to set it up for newbs.

Where is a repository link to PCB files of that badge? Looks like a nice little capacitive keyboard.

Hi there, Could you help me out. I need to download the firmware from a working C49 controller on a miner, and upload it into a controller I played around with and erased the whole nand from the terminal. Any ideas? I have a JTAG DLC 10 programmer, for Xilinx chips. Many thanks.

Hi Matt, very Informative video. Is there any way to convert the binary dump to source code or to understand it better ?

sir, can you help to find jtag pinout of NVME, please

How did you know to use the SI form of Mbit and not the binary form of Mbit?

I would like to see the use of some software that can de-compile a firmware file.

Where I could buy the student version of the j link

Can you do the Huawei H112-372? how to get UART and JTAG.

@mattbrwn Amazing video, I don't know this steps yet - IMHO the RP2040 has not JTAG at all, SWD only ;-) - but all others

Trying to learn all of this and very overwhelmed. Are you able to access the jtag state machine this way? And command the actual registers? I’m reading how to do that, but nobody ever explains how they gain access to do that… and what they are typing the commands on/through…. Sorry if this is a stupid question

Very informative, great info! Thank you for making this. BTW your audio is really low.

Can we do it on Windows or we have to use Linux?

Do u have epon firmware for Zte

Does the J-link support Atmega32u4 ?

What is the debugger model you are using?

Why not just hook up to the SPI NOR flash and dump that way? flashrom, ftw.

And that was preety amazing

Great work 👌👏

I am all for IOT companies not disabling JTAG. Just keep them away from evil maids, and you're all good.

So cool! What are you going to push to it next, if anything?

Hi Matt. What would be your recommended JTAG model brand?

Very nice

You could have added the part where you locate the h/w key to crack it 😛

Yes the volume is very low on your end,

Man I keep seeing JTAG written on different boards I'm still a rookie, got a long waaay to go

what microscope do you use for videos?

I dislike that connector style so much. The cable is expensive and the pins will bend easily.

Your video is flipped.

16 megabits is 2 megabytes, which is 0x200000... Converting 20000000 decimal to hex is not 2 megabytes.

The last command is not supported by jlink commander v7.88j, start here^[nmatt@ripper badge]$, ..savebin is only working , I am trying to extract stm32f103r8,,

Now to find an old xbox 🤣

White Donna Martinez Brenda Lee Scott

amazing man, thank you for the cool stuff , hacked by nmat😊

Hi matt, do you can read this ic for me? Mb9af004bgl-g-103-ere1 Mb9af004bgl-g-103-k1ere1