Description
JTAG (Joint Test Action Group) and SWD (Serial Wire Debug) are hardware debugging interfaces. OpenOCD provides open-source On-Chip Debugging for firmware extraction, memory dumping, and live debugging of embedded systems.
Installation
BASH
# OpenOCD
sudo apt install openocd
# JTAGulator (hardware for finding JTAG pins)
# https://github.com/grandideastudio/jtagulatorBasic Usage
BASH
# Connect via JTAG adapter (FTDI, J-Link, Bus Pirate)
openocd -f interface/ftdi/ft2232h.cfg -f target/stm32f1x.cfg
# Dump firmware
openocd -f interface.cfg -f target.cfg -c "init; dump_image firmware.bin 0x08000000 0x100000; exit"
# Flash firmware
openocd -f interface.cfg -f target.cfg -c "init; program firmware.bin 0x08000000; exit"Advanced Usage
BASH
# Finding JTAG pins with JTAGulator
# 1. Connect JTAGulator to test points
# 2. Run IDCODE scan
# 3. Identifies TDI, TDO, TCK, TMS pins
# GDB remote debugging via OpenOCD
openocd -f interface.cfg -f target.cfg &
arm-none-eabi-gdb firmware.elf
(gdb) target remote localhost:3333
(gdb) monitor reset halt
(gdb) info registers
# SWD (2-wire alternative to JTAG)
openocd -f interface/stlink.cfg -f target/stm32f4x.cfg
# SWD uses only SWDIO + SWCLK (simpler than JTAG)
# Bypass read protection
# Some chips allow protection disable via JTAG
openocd -f interface.cfg -f target.cfg -c "init; stm32f1x unlock 0; exit"
# WARNING: This usually erases flash!Common Workflows
BASH
# Firmware extraction pipeline
# 1. Identify chip on PCB
# 2. Find JTAG/SWD pins (JTAGulator)
# 3. Connect debugger adapter
# 4. Dump firmware with OpenOCD
# 5. Analyze with binwalk/Ghidra
openocd -c "init; dump_image fw.bin 0x0 0x100000; exit"
binwalk -Me fw.bin