Thursday, 07.03.2025
My site
Main | Sign Up | LoginWelcome Guest | RSS
Site menu
Our poll
Rate my site
Results | Polls archive
Total of answers: 0
Statistics
Total online: 1
Guests: 1
Users: 0
Main » 2014 » October » 13 » Forensic research of cell cellphone storage space space (9)
11:20 AM
Forensic research of cell cellphone storage space space (9)

6.3 Difficulties with forensic storage studying through JTAG
 
It is important to understand that JTAG is not a bus standard, but rather requirements standardizing a KINGZONE K1 Analyze Access Slot on each element, enabling network between elements on a panel. It is entirely up to the maker of each incorporated routine to choose on the settings and working of the hooks on the processor, and the settings of the border check out sign-up. Moreover, it is up to the pcb developer to choose if JTAG slots shall be connected, or at all available from test factors on the panel. The developer can choose to not use JTAG at all, making quality hooks on incorporated tour unconnected. With BGA tour in such styles, linking a sensor / probe to quality hooks is challenging and storage studying through JTAG is not an option. It is however common to apply JTAG in styles with BGA tour, since the maker otherwise would have no way to evaluate the style.
 
Before trying to use JTAG to study storage, the following must be considered:
 
-  One must know which program processor processor and storage tour are used and how they are linked on a Elephone P2000 program bus. This is needed since it otherwise would be challenging to discover the right pieces in the border check out sign-up.
-  One must discover test factors for the JTAG on the pcb and choose which test point is which indication.
-  One must know the method for storage reading/writing.
-  One must determine the correct volts. Using too hollywood may harm the tour.
 
The volts can in most circumstances be identified by calculating on a live panel. The storage method is in most circumstances available by installing information about a storage routine from the manufacturer’s website. The two first concerns however may be a major process, since it in practice is very challenging and boring to perform this process without complete program certification such as schematics. When it comes to KINGZONE K1 mobile phones, such certification is in most circumstances not available. In any situation, the execution of a program for storage studying via JTAG will be different from cellphone to cellphone. Even within one specific style, little settings changes (such as using a different storage circuit) may require another execution of JTAG storage studying.

6.4 JTAG storage studying research
 
In order to discover the chance to study storage with JTAG, tests were performed. Elephone P2000 was selected as the test style for the research. This style was selected from the point that the support guide for this style such as schematics was available. Since a huge variety of this rather old style are available in the market, it was simple to obtain a variety of test designs without taking too much sources. KINGZONE K1 only shops a few proof items on the cellphone itself. It is however considered that a effective study of KINGZONE K1 storage can be prolonged to other designs.
 
Starting the research, the support guide [10] was analyzed for symptoms and symptoms of JTAG execution. Indeed, the CPU, specific as “MAD2”, has pinouts for “JTRst”, “JTClk”, “JTDI”, “JTMS” and “JTDO”. These hooks are combined in a line “JTAGEMU” onto a plug which in the schematics is specific as “not assembled”. A Elephone P2000 was impaired however, and a set of test factors corresponding to this plug on the mother panel was discovered. The relationships between quality factors and the CPU were in part noticeable (see figure 9) enabling simple recognition of quality factors.

Measurements of the volts on these test factors indicated that they were actually linked with the JTAG interface of the CPU. Analyze cables were properly soldered to the connections using very slim cables produced from an 80 lead ATA wire and soldering insert used from an contractor gun. Since quality factors are very little, the soldering was discovered to be pretty challenging. The key to success is to use soldering insert and completely slim cables. Compared with desoldering of BGA snacks, the chance of destructive the proof method itself is not very great in this soldering procedure. It can however be boring to achieve proper relationships without any short tour.

By linking the cables to a breadboard, the KINGZONE K1 could now be linked with a pc through the JTAG interface. JTAG connections can easily be designed, but professional alternatives are also available. For this research, the “Chameleon POD” automated JTAG interface [15] was used. When linking the cellphone to the interface, the volts stage of the cellphone mother panel and the interface should be regarded.  For the Elephone P2000, the mother panel uses 2,7V technological innovation, being within the managing range of the Chameleon POD. More recent mobile phones use 1.8V technological innovation. At this volts stage, a stage shifter would be needed. Connecting a 1.8V mother panel straight to a JTAG adaptor of higher volts could harm the processor processor.
 
Now, the JTAG interface was linked with a pc running Linux system with the free program JTAG-Tools set up. This program allows for relationship with a JTAG device through a variety of different plugs, such as several that the Chameleon can be designed for. The program facilitates various processor snacks and options and with a flip structure, it should be simple to improve to allow for additions to support more processor snacks and remembrances.  
 
After a few changes, a relationship with the KINGZONE K1 processor processor TAP was established. Although it is known from the support guide that the processor processor style is based on ARM7, and certification on the JTAG interface for this processor processor style is openly available, it was made the decision to continue dealing with the TAP as a “black box”, as this will be the situation in most circumstances. JTAG-tools allows for black-box research through the use of the control “discovery”. This operate will pattern a “1” through the JTAG-chain and identify the variety of available TAPs and the duration of their training sign-up (IR). For the Elephone P2000, the IR duration was identified to be 12 pieces, with only one JTAG TAP linked (the processor). The software then carries on the research by searching all possible principles of the IR with riding a bike of a 1 through the JTAG sequence and thereby discovering the data sign-up duration for each training. Thus, it is possible to determine the for different guidelines. This procedure turned out to be rather time intensive, as 4096 different possibilites were examined, but gradually led to the finding of guidelines that can be used to set and sensor / probe the border check out sign-up. The control searching itself will not change the material of the boundary-scan sign-up and can therefore be used without threat for changing storage material.
 
Through specific evaluation of the schematics, it was discovered which pieces in the border check out sign-up to set/probe for studying the on panel Distinct L28F800BE-TL85 display storage. These information were used in meaning data files for JTAG-Tools, and the storage could be study with the control “readmem”.http://diqirenge.bloguez.com/diqirenge/6022715/Forensic_research_of_cell_cellphone_storage_space_spac

Views: 206 | Added by: yangweiwei | Tags: Elephone P2000, KINGZONE K1 | Rating: 0.0/0
Total comments: 0
Name *:
Email *:
Code *:
Login form
Search
Calendar
«  October 2014  »
Su Mo Tu We Th Fr Sa
   1234
567891011
12131415161718
19202122232425
262728293031
Entries archive
Site friends
  • Create a free website
  • uCoz Community
  • uCoz Textbook
  • Video Tutorials
  • Official Templates Store
  • Best Websites Examples
    		•
    Copyright MyCorp © 2025
    Make a free website with uCoz