JTAG for satellite receivers
About
To find out more about JTAG, visit http://en.wikipedia.org/wiki/JTAG.
Basically JTAG refers the existance of a connector on the receiver's PCB, through which you can put the microcontroller in a special mode that allows direct access to the flash memory chips. You will be able to read, erase and program those chips.
Most receivers have a standard JTAG connector. If you get one of the standard JTAG interfaces, which are cheap and sold by most internet satellite shops, chances are that you can just plug it into the receiver's JTAG connector.
Tools
In order to program a flash chip on a receiver's PCB, you will need:
- a JTAG interface
- a programming software
- the configuration for the specific microcontroller and flash chip
Howto
The JTAG interface is normally a simple PCB, which connects to the parallel port of a regular PC. Many satellite shop's on the internet sell JTAG interfaces and they work for almost every receiver that features a JTAG connector. Still, you can build your own JTAG interface from the many schemes available on the internet.
Most JTAG interface are build around a 74HC244N IC or just rely apon a few resistors.
Most cheap receivers are build around a processor made specialy for satellite receivers by ST (http://www.st.com), frequently the ST20. For those receivers, there is a very popular software called JKEYS. It will work with the standard JTAG-interface as sold by many shops (the left one in the image above) and comes with a configuration file for many receivers.
This configuration file is necessary, because different manufactures build their receiver around a ST20 chip, but not with the exact same reference design: they use different tuners, RAM chip's, FLASH memories, etc. For each different flash memory, a special entry in the definitions file for JKEYS must be made, telling the tool about the flash's memory layout and manufacturer ID.
This information can be obtained using datasheets: read the type of flash from the chip and enter it into Google, but this is not always necessary, as for most receiver's you will already find a preconfigured jkeys.def and pictures showing the right position of the connector.
It is very important to have a dump of the memory banks containing the bootloader! It is not enough to download a firmware or bootloader from the manufacturer, as those files are compressed. You need the actual content of the flash. That's why one should always backup the flash before upgrading the firmware.
To read the contents of the flash, you don't need to configure jkeys.def - that is only necessary if you want to erase or write banks. To read them, you just use JKEYS straight away.
Search Google for JKEYS and manuals.
VMA's JKEYS definitions
I have made some definitions in the past:
Edision 2100 FTA Jkeys
Elanvision 501 Jkeys
Ferguson Jkeys
MVision FCIS 7000 JKeys
MVision FCIS 8000 Jkeys
MVision FCIS 9080 NET JKeys
MVision FCIS 9080 USB Jkeys
If you need any of those, leave your request with contact in my guestbook, I will contact you.
I have collected many more JTAG definitions, tools and schemes. Again, use the guestbook if you need anything.