←back to thread

The hidden JTAG in a Qualcomm/Snapdragon device’s USB port

(www.linaro.org)
242 points denysvitali | 1 comments | 30 Jun 25 18:34 UTC | HN request time: 0s | source
Show context
mmastrac ◴[30 Jun 25 19:11 UTC] No.44426797[source]
This is a much better experience than the previous Qualcomm debug experience, which was a hand-rolled set of read/write/execute primitives exposed over USB. It was hilariously undersecured, allowing a few of us to continually get root on various Qualcomm models.

In seriousness, these debug ports are seriously lacking in most mobile chipsets. MediaTek still has the old-style approach in many of their devices, requiring some incantations which expose serial over USB, but not in the way you think -- it's serial over USB pins!

I've done tonnes of work with mobile chipsets and security and this seems like they've finally started down the road to making this functionality accessible. Don't be surprised if you don't see this supported out of the box in most places, though. Most OEMs will certainly disable this once they've adapted their bootloaders to it. The big G doesn't like debuggability in end user devices.

replies(8): >>44426943 #>>44427019 #>>44427872 #>>44429675 #>>44429832 #>>44430190 #>>44432815 #>>44439367 #
immibis ◴[01 Jul 25 11:31 UTC] No.44432815[source]
You say "undersecured", I say "allows people to own the things they bought".
replies(2): >>44432957 #>>44434546 #
1. jon-wood ◴[01 Jul 25 11:51 UTC] No.44432957[source]
Sadly these two things can be true at the same time. As a hacker I love devices which (maybe accidentally) expose a way for me to run arbitrary software on them. At the same time as a person carrying a computer in my pocket containing my entire life I'm not a fan if that allows anyone grabbing said computer to run arbitrary software on it.

The ideal here is the standard approach where a user has to explicitly take some sort of action which can't be found accidentally and done without understanding the implications to activate debug mode. On Android that's tapping a specific item in the about menu way more times than you might think would be necessary. On iOS it's hooking up to a computer, then authorising the connection on the phone. Either way you get both the ability to run arbitrary(ish) software without someone picking up your device when left on a train being able to do so.