Primary Content: Home

An Introduction to Logic Analyzers

Getting up and running with PulseView and reading pin output with an Analyzer!


Logic Analyzers are inexpensive devices that allow you to just take a look at what a small number of pins on a chip are up to. They can be hooked into software like PulseView to read pin output and decode it into something more useful. Many decoders are available, but in this introduction we’ll have a quick look at PulseView and reading (decoding) UART data.

I’ve previously written about UART and how to find them with a JTAGulator, but here’s a different approach.

Continue reading: An Introduction to Logic Analyzers

Finding Serial Interfaces (UART)

Discovering UART with the JTAGulator and connecting to it with UART PassThrough and a USB-to-UART!


UART stands for Universal Asynchronous Receiver/Transmitter, however in the context of Hardware Hacking we’re generally looking for an serial interface which will give us text output from the system and possibly allow for command input. The general intention from the manufacturers point of view – is to allow easy debugging, both out of the factor (to check the system is working as intended) and if a device is returned as broken.

Continue reading: Finding Serial Interfaces (UART)

JTAGulating JTAG!

Discovering JTAG ports with the JTAGulator, and connecting to them with UM232H!

What is JTAG?

JTAG is short for Joint Test Action Group and generally refers to on-chip debugging interfaces that follow the IEEE 1149.x standard. The standard doesn’t mandate a certain connection – it just dictates a standard for communicating with chips in a device. It uses 5 pins: TCK, TMS, TDI, TDO and (options) TRST; which are (Test) Clock, Mode Select, Data In, Data Out, and Reset.

It can be useful to hardware hackers in various ways, such as extracting device IDs, extracting firmware, overwriting memory.

Continue reading: JTAGulating JTAG!

Kerberos PreAuthentication and Party Tricks

Back in 2016, Geoffrey Janjua of Exumbra Operations Group, presented at LayerOne about “Kerberos Party Tricks” and abusing user accounts which have Kerberos Pre-authentication disabled.

The python script he released at the time was a great proof-of-concept, but there are alternative tools available now for detecting, and exploiting, this issue.

Continue reading: Kerberos PreAuthentication and Party Tricks