JTAG!!! Please work.

I got some time to finally take apart the second remote that I use at home for my TV. The one with the missing pad should still work fine in its place, so I’m not too worried about that. After scratching off the pad covering again, I wired everything up. This time I connected the TCK correctly and was ready to give communication another try. I setup my test application to do a couple things. The most important was making a simple single bit scan function. It basically just takes in the TMS and TDI values, and returns what comes back in TDO.

  UCHAR FakeJTAGScanSingleBit(FT_HANDLE ft_handle, UCHAR  TMS, UCHAR  TDI);

To make sure the TAP state was in test logic reset, I just sent 10 signals with TMS = 1. This ensures that no matter what state the TAP was in, it will get back to the reset state.

  [TMS,TDI] -> [1,0],  [1,0],  [1,0],  [1,0],  [1,0],  [1,0],  [1,0],  [1,0],  [1,0],  [1,0]

Then I tried to navigate the TAP state machine to the shift IR state.
Reset->Run Test Idle->Select DR Scan->Select IR Scan->Capture IR->Shift IR

  [TMS,TDI] -> [0,0], [1,0], [1,0], [0,0], [0,0]

I didn’t have any feedback at this point so I’m just assuming I am in the right place. I’m under the impression that if I’m in Shift IR, I can start shifting in bits with TDI, and I should see the same pattern come out on TDO. I decided to just send a bunch of 1s on TDI and see if TDO matched.

  [TMS,TDI] -> [0,1], [0,1], [0,1], [0,1], [0,1], [0,1], [0,1], [0,1], [0,1], [0,1], [0,1], [0,1], [0,1], [0,1]

It turns out it doesn’t work. It seems like the only time I get anything but a 0 on TDI is when the last signal had TMS=1.

Jtag Output

Jtag Output

After playing with it for over an hour, I still haven’t figured out why I’m having this problem. I tried tweaking the data I was sending to send only a single signal instead of 3 with the clock in the middle. This didn’t seem to work.

I need to go back and look at the code to make sure it’s doing what I think it is doing. Since all the signals seem to be being output correctly, I wonder if the JTAG on this device is just disabled. If that is the case there isn’t much more I can do. However, I’m not giving up yet. I have some folks that know a lot more about JTAG that I can ask for help. Maybe I’m missing something obvious.

I’m also going to go back and read the entire section of the MAXQ610 user manual and hope that there is something in there that gives me a clue as to why things are not working. During the week I don’t have a lot of time to work on this, so I probably will not be able to try anything until at least next weekend.

Although I haven’t yet made any interesting discoveries, I still feel that this is a great learning experience. I’ve never had the chance to work on a hardware hack that someone didn’t already do and explain how to get it to work. It’s fun trying different things and seeing what happens. I never would have tried any JTAG stuff because I always assumed it was super complicated and would take forever to understand. It turns out the concepts aren’t too bad, and if you can find someone that has worked with it before it can be fairly simple.

Now that I’ve got my hands on a second remote, I can finally laugh at what happened last week with the ripped off pad. Here is a photo to remember the first fallen remote of this project. RIP.

Missing Pad

Missing Pad