TAG is a standardized interface originally defined for testing purposes. It allows controling all external signal pins of a chip using a serial protocol. This allows for board level tests and initial programming of flash ROMs for example. Most complex chips (such as CPUs, FPGAs, CPLDs etc) have this interface. Some CPU manufacturers added hardware assisted debugging support via the JTAG interface.

As JTAG is widely used these days, the necessary electrical connections for the JTAG interface are available on most of the currently sold electronic devices. This opens interesting possibilities for hacking these devices. This talk will start with a short introduction on JTAG basics and then proceed on showing how the JTAG interface can be used with some simple hardware and opensource tools to hack existing devices. As an example I will use the work we did on the Dlink DI614+ wireless router. I will end my talk by giving some directions for future development on tools and techniques.