The JACKAL is an open-source tool which aids in the reverse engineering of embedded systems by automating the detection and emulation of buses and protocols. In circuit debug interfaces ICD or on chip debug OCD are one of the most common ways devices are programmed by developers or the factory for production. Finding these interfaces can be critical to extracting firmware and gaining control of a device. On complex boards, or ones designed to be difficult to “hack” these interfaces can be obscured or distributed. The JCKAL enables the user to find these interfaces in from pools of candidate test points, vias, and pads. Additionally, the JCAKAL supports i2c and SPI which are common interfaces used to interact with flash.

DISCLAIMER

The JACKAL hardware solution uses active pin protection. While we believe this will be sufficient to protect the io pins of both the host and target devices in most cases, there are still risks involved. It is up to the user to ensure that the target io voltages do not exceed the JACKAL’s voltage limits (1.8V-5V). Additionally, Union Dynamic provides no guarantee of safety or compatibility with any specific application. If you have an exceptionally sensitive target, we strongly recommend using a device with intrinsically safe IO or adding inline current limiting resistors to the io lines of the jackal. To determine the size of these resistors, refer to the target device specifications.

The JACKAL hardware is a reverse engineering focused development board with software enabled active pin safety. Unlike other solutions which use a passive approach that limits io switching speeds. Millions of times per second, the second core of the embedded RP2040 scans the io pins, bus voltages, and supply/sink current watching for deviations. In the event of a current spike or output mismatch the safety core will place the outputs into High-Z mode and disconnect the internal power supply. While this does increase the risks slightly over intrinsic passive protection, it vastly increases the maximum switching frequency of the io pins over passive protection such as inline current limiting resistors. This enables the jackal to emulate higher speed buses such as spi. However, the hacker should ensure the IO pins of the JCKAL are maintained within the 1.8v to 5v range.

The JACKAL firmware is a multi-platform portable toolkit for hardware reverse engineering. Although it is designed with the hardware in mind, many of the core features will work on just about any commodity development board. Already included is support for TI’s TM4C and MSP430 launchpad devices. Atmega and other “Arduino” platforms are a work in progress, and we strongly encourage anyone willing to contribute to these ports. Hackers rarely have the luxury of the right tools so by supporting a broad array of commodity hardware we can enable more hacking in more places.

Union Dynamic offers an extensive set of training and courses focused on embedded development, reverse engineering, and cyber security. All courses are available as both open schedule classes and contracted private training sessions for organizations wishing to buy more than 10 seats. In addition, Union Dynamic offers course licensing and instructor training to education institutions looking to offer our courses to their students. Our instructors and authors are all industry professionals with extensive experience in the fields they teach. All courses are skills focused and aim to provide the student with knowledge and skills immediately applicable to the “real world”.

Please contact us for our course catalog and schedule.