Hello,
I try to tamper with a device that uses an ARM926EJ-S core. I connected my J-Link EDU and on the software side I use JLinkGDBServer with IDA. In the earlier stages of device boot I can halt the execution, read memory, execute steps and all. But at some stage of the boot process I get the following log message:
02-00000000-00-00044481-000F: ***** Error:
02-00000000-00-00044481-0071: T58FF7700 044:482.210 Bad JTAG communication: Write to IR: Expected 0x1, got 0x0 (TAP Command : 12) @ Off 0x14.
02-00000000-00-00044481-002D: T58FF7700 044:482.234 - 0.285ms returns FALSE
03-00000000-00-00044481-0062: ERROR: Bad JTAG communication: Write to IR: Expected 0x1, got 0x0 (TAP Command : 12) @ Off 0x14.
Sometimes it's instead a
ERROR: Bad JTAG communication: Write to IR: Expected 0x1, got 0x0 (TAP Command : 2) @ Off 0x5.
From then on the target cannot be halted anymore:
03-00000000-00-00047761-0025: Debugger requested to halt target...
02-00000000-00-00047761-0022: T58FF7700 047:761.618 JLINK_Halt()
02-00000000-00-00047761-002C: T58FF7700 047:761.646 - 0.029ms returns 0x01
02-00000000-00-00047761-0026: T58FF7700 047:761.670 JLINK_IsHalted()
02-00000000-00-00047761-002D: T58FF7700 047:761.692 - 0.024ms returns FALSE
01-0000000B-00-00047761-0017: $T05thread:0000DEAD;#74
00-0000000B-00-00047761-0010: $qfThreadInfo#bb
01-0000000B-00-00047761-000D: $m0000dead#bb
00-0000000B-00-00047761-0010: $qsThreadInfo#c8
01-0000000B-00-00047761-0005: $l#6c
00-0000000B-00-00047761-0005: $g#67
and all registers are read as DEADBEEF.
Could anyone please tell me what events can cause this to happen on this platform, so I can search and try to circumvent these?
I try to tamper with a device that uses an ARM926EJ-S core. I connected my J-Link EDU and on the software side I use JLinkGDBServer with IDA. In the earlier stages of device boot I can halt the execution, read memory, execute steps and all. But at some stage of the boot process I get the following log message:
02-00000000-00-00044481-000F: ***** Error:
02-00000000-00-00044481-0071: T58FF7700 044:482.210 Bad JTAG communication: Write to IR: Expected 0x1, got 0x0 (TAP Command : 12) @ Off 0x14.
02-00000000-00-00044481-002D: T58FF7700 044:482.234 - 0.285ms returns FALSE
03-00000000-00-00044481-0062: ERROR: Bad JTAG communication: Write to IR: Expected 0x1, got 0x0 (TAP Command : 12) @ Off 0x14.
Sometimes it's instead a
ERROR: Bad JTAG communication: Write to IR: Expected 0x1, got 0x0 (TAP Command : 2) @ Off 0x5.
From then on the target cannot be halted anymore:
03-00000000-00-00047761-0025: Debugger requested to halt target...
02-00000000-00-00047761-0022: T58FF7700 047:761.618 JLINK_Halt()
02-00000000-00-00047761-002C: T58FF7700 047:761.646 - 0.029ms returns 0x01
02-00000000-00-00047761-0026: T58FF7700 047:761.670 JLINK_IsHalted()
02-00000000-00-00047761-002D: T58FF7700 047:761.692 - 0.024ms returns FALSE
01-0000000B-00-00047761-0017: $T05thread:0000DEAD;#74
00-0000000B-00-00047761-0010: $qfThreadInfo#bb
01-0000000B-00-00047761-000D: $m0000dead#bb
00-0000000B-00-00047761-0010: $qsThreadInfo#c8
01-0000000B-00-00047761-0005: $l#6c
00-0000000B-00-00047761-0005: $g#67
and all registers are read as DEADBEEF.
Could anyone please tell me what events can cause this to happen on this platform, so I can search and try to circumvent these?