Bypassing JTAG Lock with Hardware Access
A locked JTAG port is not always a closed one. Here is how physical access is used to re-open disabled debug interfaces, and why locking alone is not the end.
Identifying Chips on an Unfamiliar Board
Before you can attack a board you have to know what is on it. Here is how to identify the chips that matter and skip the ones that do not.
Tapping a Parallel Memory Bus
Older and higher-performance designs use parallel memory buses. Here is what makes them harder to tap than serial flash and how it is done.
Using a Bus Pirate for Quick Hardware Triage
The Bus Pirate is a cheap multi-protocol tool for poking at unknown buses. Here is how it speeds up the messy early phase of hardware reconnaissance.
Reading a QFP Datasheet like an Attacker
A datasheet is a map of where a chip’s secrets live. Here is how to read one with an attacker’s eye for debug pins and exposed interfaces.