The Flipper Zero is known as a hacking multitool. It can cover a range of hacking from sub-ghz radios, to NFC and door tags, USB attacks, and hardware attacks. Back in October, we did a webcast that provided examples of what Flipper Zero can do with UART, SPI, and AVR. However, we did not cover JTAG and SWD. We are excited to announce that we are continuing this series with its next installment in June that will focus on demystifying JTAG and SWD, and how you can leverage these to extract firmware from devices and debug/reverse engineer a piece of hardware!
JTAG/SWD and OpenOCD:
The Flipper Zero is capable of acting as a JTAG/SWD interface through the use of the DAP Link FAP. Our goal on this topic is to explain:
- What JTAG/SWD is as an interface and how it works
- How to physically enumerate a JTAG/SWD pinouts using inexpensive tools such as a Raspberry Pi Pico
- How to connect to them using the OpenOCD software
- How to halt, resume, and reset hardware over JTAG/SWD
- How to use JTAG/SWD to remotely connect a debugger, such as GDB, to the device
- How these interfaces can be used for firmware extraction
SWD Probe:
Since we are on the topic of SWD hacking, we might as well cover another FAP known as SWD Probe. This FAP can be used to enumerate the pinout of an SWD interface, but also allows us to execute scripts against SWD interfaces without the use of OpenOCD or a computer. This can be extremely useful since this allows us to extract firmware from a device using the Flipper Zero as a standalone tool. In this webcast, we will provide an example of how to use FAP and cover a script that can be used to dump firmware from a STM32 family of microcontrollers directly to the Flipper Zero’s SD card.
Register for the Webcast
With the webcast date approaching, we encourage all tech enthusiasts, hackers, and curious minds to join us for this session. Gain firsthand knowledge about Flipper Zero's capabilities and learn how it can elevate your hardware hacking skills. Register now to secure your spot and take a step towards interacting directly with hardware.