[Noisebridge-discuss] Have JTAG-fu? Willing to share?

[Jonathan Lassoff]

On Wed, Oct 27, 2010 at 11:47 AM, weasel at meer.net <weasel at meer.net> wrote:
>
> Le Oct 27, 2010 à 11:24 AM, Jonathan Lassoff a écrit :
>
>> I'm in the middle of a project that is likely going to need some reverse
>> engineering of a binary driver for a wireless device on a MIPS platform.
>> As I'm really just having to port and modify a driver that already exists,
>> I'm just left finding out what are the right places in memory to poke.
>
> i may be mis-understanding, but better would probably be a logic
> analyzer since it sounds like you want to snoop specific things (ie,
> you can get a little active card thingee to go between your host and
> target). an analyzer that 'knows' pci (or whatever your host bus is)
> will be able to format out things like config/mem space accesses, and
> can usually be programmed for parsing things like command queues (for
> things that have advanced passed the world of straight memory mapped
> io :-).
>
> i think using the jtag to snoop is do-able (depending on your device,
> arm can but i've not used this on mips), but would be pretty slow
> (unless you have somewhat fancy equipment).

I'm trying to get the ath-based Atheros drivers in Linux to function
with one of their WiSOC (Wireless System-on-a-Chip) platforms.

It's a different platform from their PCI-based devices, as it
communicates to the radio through some kind of DMA path. I want to see
if I can halt the processor after frame TX/RX and see what it's
written and read from memory.

I can already detect the device, but I need to find what addresses in
memory map to the registers for the wireless radio.