Private instructions of JTAG on chip Debug

Go To Last Post
14 posts / 0 new
Author
Message
#1
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

 

Does the private instructions of JTAG on chip Debug have been revealed ? (Atmega32 Micro-controller)

 

I am living to bring up new earth ,and not to eat and destroy earth.

Last Edited: Wed. Apr 10, 2019 - 05:38 PM
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Mohamed asaad wrote:

Does the private instructions of JTAG on chip Debug have been revealed ? (Atmega32 Micro-controller)

 

Wouldn't that be nice!

 

Don't think so though.  The ATmega324

datasheet from 2018 contains this same

language.

 

--Mike

 

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Many years ago I disassembled the JTAG-ICE code so I could do a search and replace on the differences to what it would take to run on a butterfly board.  The processors were somewhat similar.

 

I did not comment around the 'Propretary' private code, It could however be seen what they do.

 

Here is a link to the old project archived on this site.

https://www.avrfreaks.net/projects/butterfly-jtag-ice-patch

 

The limitation is that this version of the code only supports the older chips from around the 2002 timeframe.  I think there are about 6 or so chips supported.

 

The other place to look is the AVRDude code.  This is based on the documented ISP and JTAG codes. 

 

One of the reasons that the ATMEL stuff went viral in the early 2000s was that the schematics and stuff for the JTAG-ICE and AVRISP leaked out and many clones were made.

 

GDB also seems to have AVR debug support.  They may have worked out what these do.

 

It has been a long time since I looked at this code.  I seem to recall most of the debug is done through normal JTAG commands.  There is also a register on the chip reserved for JTAG use.  I think these commands may interact with this register.  Possibly for hardware breakpoints and peripheral boundary scan.   

 

The loading of the program into flash as I recall is the same as the JTAG side of AVRISP.  The single stepping and register reads was done through normal JTAG commands.

 

What you would be looking for in the code is called the TAP controller.  This is the standard 'open' part of JTAG.  There should be quite a bit on this protocol online now.

 

Good luck,  and if you learn anything be sure to share it.

 

 

 

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

avr-mike wrote:
Don't think so though. 

1)  What is the purpose of this hunt?  There might be more interest if the purpose is ... interesting.

2)  Mega32 in 2019?  Why that model?  Can you even get them anymore?  Why not use Mega324 family, or if indeed a Mega32A then why?

3)  As JTAGICE ("Mark I") supports that model, and there are clones of that model, perhaps you can see if that source is available and see if your mystery functions are carried out.

You can put lipstick on a pig, but it is still a pig.

I've never met a pig I didn't like, as long as you have some salt and pepper.

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

theusch wrote:

1)  What is the purpose of this hunt?  There might be more interest if the purpose is ... interesting.

 

I don't know the OP's quest for this

information, but my own interest is

curiosity as to why the JTAG commands

are a secret?

 

They taunt us by acknowledging there

are four secret codes and then imply

that we are not cool enough to be privy

to the info.

 

--Mike

 

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

The same reason that the debugWIRE commands are secret.

Probably they are closely related - in the end I'd expect debugWIRE and JTAG both to end up as sort-of "physical layers" used to access the same internal debug hardware...

(Note that debugWire has been at least partially reverse-engineered:  http://www.ruemohr.org/docs/debugwire.html )

 

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

avr-mike wrote:

 

 

The ATmega324

datasheet from 2018 contains this same

language.

 

--Mike

 

 you mean the same explanation of the private instructions ?

 

I am living to bring up new earth ,and not to eat and destroy earth.

Last Edited: Fri. Apr 12, 2019 - 02:48 PM
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

jporter wrote:
GDB also seems to have AVR debug support.  They may have worked out what these do.

Could you explain what is the GDB ?

  

To let you know what i want to do i need to do a Universal Programmer for atmel and also debugger that send  JETAG commands to another micro-controller to test parts in code?(I know that this exist in electronics shop known as AVR-ice kit but i need to make quantity so i need to let it at low price).

I am living to bring up new earth ,and not to eat and destroy earth.

Last Edited: Fri. Apr 12, 2019 - 03:13 PM
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Mohamed asaad wrote:
(I know that this exist in electronics shop known as AVR-ice kit but i need to make quantity so i need to let it at low price).
Atmel-ICE's price is a concern to some, and there's a response to that.

Eventually, MPLAB Snap may meet your requirements.

 

https://new.microchipdirect.com/product/search/all/ATATMEL-ICE

Atmel-ICE - Waveshare Wiki

...

Atmel-ICE-C

...

Atmel-ICE-C Kit for debugging and programming Atmel SAM and AVR microcontroller 614961953789 | eBay

MPLAB Snap | AVR Freaks

 

"Dare to be naïve." - Buckminster Fuller

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

"Dare to be naïve." - Buckminster Fuller

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Mohamed asaad wrote:

...

Could you explain what is the GDB ?

...

 

I think it stands for Generic Debug.  Part of the GCC tool suite for programming from the command line on most operating systems.   It is part of the foundation on which all modern programming is done.

 

When first computers were created and the size of a small office building such software was given away for free as they were developed at Universities.  This changed when personal computers came about.  Companies like Microsoft sold the 'development tools' for large sums due to the supply and demand.      The old programs developed by the universities or large companies that sell a lot of government contracts like CERN continued improve the software tools and give it away for free.  Some of us feel it is wrong to keep this information from students or people who may not or are not allowed to go to university and,  would use this information it to do good.  So we started creating what is called Open source software.  Giving programs away for free.  Others shared the hardware designs to give a way for free.  Many do this for the boost to the Ego, to make their name famous.  Others just because it is who we are, to leave this world a little better off than we found it. 

 

ATMEL actually changed things back to the older way of distributing the software by giving it away as they wanted to sell the chips.   This allowed many people all over the world to create a hobby market, which while small ( close to a BillionUSD) compared to Government contracts (10s of BillionsUSD) has influenced things over the last 30 years or so.   These multinational companies were created to sell 10s and 100s of millions of chips.  The multinational companies exist for these big orders. 

 

The link to the other thread posted by @gchapman has reference to how it is used for debugwire without the ATMEL hardware.  Most of that thread is on selecting the correct diode.  It is not the easiest thread to follow.  The short of it is that there are people who can indulge in Hobbies, some like to sit on the beach and get drunk,  Others like to paint pictures or design clothes, make pretty things, build models of ships, cars or airplanes.  Collect things, like bottle caps or other stuff.  Build a house, plant a garden, tell stories.  Any of these hobbies might be worth a BillionUSD a year.  Small change for large companies, but the life blood of what is called small or middle class business.  Individually these are worth a millionUSD or so.  It takes a lot of these small companies to satisfy the needs of the 'people' 

 

 

As for producing multiple units, the 'economy of scale' makes it impractical.   ATMEL produced such a unit as you describe called a 'Dragon programmer' which sold for under 50USD. Manufactured in China, probably with the expectation it would be copied.   The dragon is probably below cost, they did however sell a large number of them. What is called a loss leader.  

 

For someone who needed a number of Debug hardware, to be cheaper just to purchase a batch from the supplier/distributer.   Often these 'extras' are given away through promotions, and discount programs, I got quite a few dragon programmers as they sometimes tend to suffer from problems as they do not have a protective case and are sensitive to being touched in certain places due to the electricity in our bodies. 

 

Same for the AVR-ICE, due to supply and demand, these are often given away at seminars or discounted to the retail distributors.   Often the Field Applications Engineer (FAE) who's job it is to sell large orders of chips, will give these devices out to the engineers in their territory.  This is called an evaluation unit.  These salespeople also sometimes give away free samples.

 

Unless one is selected as a subcontract designer for a device programmer/debugger by ATMEL/MICROCHIP then there is not much reason or incentive to produce these items.  One has to be asked, to subcontract the design, you would then get an NDA and the documents on these 'secret.' instructions. 

 

This does not mean that others have have not (and sometimes just for fun.) figured out how things work.  To make them better.  

 

 

 

 

Last Edited: Fri. Apr 12, 2019 - 07:56 PM
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

jporter wrote:
I think it stands for Generic Debug.
GDB: The GNU Project Debugger

jporter wrote:
These salespeople also sometimes give away free samples.
Microchip - Samples Web Site

 

P.S.

jporter wrote:
Individually these are worth a millionUSD or so.
A banker created 10KUSD loans for ones to start small businesses (small in SMB or SME) ... he retired .. the minimum became 100KUSD to 1millionUSD.

IIRC, revenue of about 1millionUSD/year differentiates small from a medium-size business.

 

"Dare to be naïve." - Buckminster Fuller

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

AFAIK, the GDB support for AVRs relies on having hardware like an Atmel ICE that speaks the actual proprietary code, and an intermediate program like AVaRICE (http://avarice.sourceforge.net) to convert its communications protocols to those that GDB likes to use.  That means that GDB probably doesn't know anything about the undocumented codes.  (AVaRICE might, though.)  The communications protocol on the computer side of the Atmel ICE is (somewhat) more documented.

I don't think there are any tools set up to use a generic JTAG debugger (Ie Segger) with AVRs...

 

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

westfw wrote:
... and an intermediate program like AVaRICE (http://avarice.sourceforge.net) to convert its communications protocols to those that GDB likes to use.
There's also the beginning of an AVR GDB proxy.

westfw wrote:
The communications protocol on the computer side of the Atmel ICE is (somewhat) more documented.
EDBG has an interface document.

westfw wrote:
I don't think there are any tools set up to use a generic JTAG debugger (Ie Segger) with AVRs...
wrt SEGGER, debugger no, programmer yes

 


https://github.com/avrsimulator/gdbproxy

via https://www.avrfreaks.net/forum/avr-simulators-open-source#comment-2640886

Embedded Debugger-Based Tools Protocols User's Guide

Flash Programmer | SEGGER - The Embedded Experts

News: Flasher support AVR and PIC16/PIC18 microcontrollers

 

"Dare to be naïve." - Buckminster Fuller