Felix Domke has been working on reverse engineering blackbox devices using the JTAG interface and presented this talk at the 26C3 Chaos Communications Congress conference.
JTAG is an industry standard for accessing testmode functionality in almost any complex microchip. While the basics of JTAG are standardized, the exact implementation details are usually undocumented. Nevertheless, JTAG often allows you to interact with the chip very deeply, which makes it very interesting since it is often easily accessible thanks to the small pincount. This talk covers reverse engineering of JTAG interfaces when no or only limited documentation is available.
The short PDF paper accompanying this presentation is available from the Chaos Communication Congress. [Note: the documentation for the reference to the “JTAG Finder” program in the paper’s footnote has been moved here.]