Giters

jchillerup / tamarin-firmware

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Tamarin Firmware

Tamarin Logo

Building

The following steps are also condensed in a shell script that you may run like this:

./build.sh

Prerequisite: Building the Raspberry Pi Pico SDK

Please make sure to build with the Pico-SDK Version 4fe995d0ec984833a7ea9c33bac5c67a53c04178. Newer versions have some USB incompatibility.

To build the Pico-SDK under the tamarin-firmware directory, you may run:

git clone https://github.com/raspberrypi/pico-sdk
cd pico-sdk
git checkout 4fe995d0ec984833a7ea9c33bac5c67a53c04178
git submodule update --init
cd ..
export PICO_SDK_PATH=`pwd`/pico-sdk/

Then you can proceed to the next step of building tamarin-firmware

Building tamarin-firmware

mkdir build
cd build
cmake ..
make -j$(nproc)

Hooking it up

Pinout diagram

With this cable, connect:

  • [GP0] L1n (Purple)
  • [GP1] L1p (Orange)
  • [GND] GND (Black)
  • [GP2] ID1 (Blue)
  • [GP3] ID0 (Yellow)
  • [5V] 5V (Red)

Note: The colors might be different for your cable. I recommend checking the pinout using a voltmeter.

Lightning

Another cable was observed to have the following pinout:

  • [GP0] L1n (Green)
  • [GP1] L1p (White)
  • [GND] GND (Black)
  • [GP2] ID1 (Orange)
  • [GP3] ID0 (Red)
  • [5V] 5V (Yellow)

If you would like to connect to your device over USB, cut a USB cable and connect its wires like this:

  • USB cable D+ (green) -> L0p (color depends on your cable)
  • USB cable D- (white) -> L0n (color depends on your cable)
  • USB cable GND (black) -> GND

Usage

Tamarin Cable provides three USB endpoints, of which two are serial ports.

Serial port 1 is the control serial port, use it to configure DCSD/JTAG mode.

Serial port 2 is the DCSD port, when Tamarin Cable is in DCSD mode the serial output will be provided here.

OpenOCD

To use Tamarin as a JTAG adapter you need to use our OpenOCD fork that includes support for the Tamarin probe.

To enable JTAG on production iPhones they need to be demoted. For checkm8 vulnerable iPhones this can be done using ipwndfu.

Once the phone is successfully demoted the bonobo configs can be used to connect to the iPhone like so:

openocd -f interface/tamarin.cfg -f t8015.cfg

Known issues

  1. Commands are unavailable in JTAG mode. Workaround: Enter the desired command and then reconnect the device. To reset the device you can also use JTAG.
  2. JTAG is not re-enabled after manual device reset. Workaround: Run the JTAG command again, then reconnect the device (or the Tamarin cable).

About

License:GNU General Public License v3.0

Languages

Language:C 90.4%Language:CMake 8.7%Language:Shell 0.9%