A Complete Pill for the Sage SmartProbe.

Note: Please read the FAQ!!!

The Sage SmartProbe was a very spiffy "Hard ICE" debugger, one of the few ever manufactured for use with modern (2010s) AMD x86-64 processors, and - as far as I'm aware - the only one ever sold on the mass market, rather than as part of "favourite son" deals (as, e.g., Intel's, and Arium's similar products were, and perhaps still are.)

Probe (right hand side) and "GizmoBoard" AMD G-series motherboard (left hand side.)

Quite a few of these things ended up bundled with various dev boards, saddled with time-limited demo expiration (yes, a time-limited hardware peripheral! don't ask me...) The vendor perma-re-enabled an expired probe for a small fee.

Sage Eng. LLC, it appears, is long dead. Leaving no trace! How and why it died is unknown to me.

So now, instead of being unique tools in the development of, e.g., Coreboot, or whatever other attempts at sane utilization of x86-64 iron, the demo probes are stuck in limbo, working as so many peculiar paperweights.

This is a crying shame. Now you cannot unbrick the expired probes for any price. (At least not by buying the magic code from the original maker...)

So, without further delay, let us get one of these patients onto the operating table:

JTAG Test Points. (Click for full size.)

JTAG Test Points. (Click for full size.)

Now you could connect the thing to your favourite OpenOCD-compatible JTAG probe, and play around with the internals. E.g., this GDB script will give you an instruction trace. There are many interesting things to be learned, re: the command set (most of which is GDB-compatible, but there are a few interesting sharp edges.)

Or you could skip straight to the pill:

(SHA256: 2f9ce44fe069705a7ee83c0f4c733a6a0cc374613429c5c1f47a8481aa464b60)

(SHA256: 30c005febfbff531a2b9d06ef8c2c41fedb2c8993a2992a373fbeb66900fbaf8)

1) Download the pill and the fw image.
2) Check the SHA256 sums.
3) Unpack the firmware image.
4) Plug in the probe.
5) ./sage_pill.py sage_last_public_fw.bin /dev/ttyACM0

You may have ended up with some device other than ttyACM0 when you plugged it in. Find out which.
The script will need to run with sufficient privileges to talk to the "modem".
It will ask for a final confirmation prior to firing.

6) Enjoy a 100% working x86-64 "Hard ICE".

This article is continued here.

This entry was written by Stanislav , posted on Monday September 19 2016 , filed under Cold Air, Computation, Copyrasty, Hardware, NonLoper, Photo, Reversing, SoftwareArchaeology . Bookmark the permalink . Post a comment below or leave a trackback: Trackback URL.

2 Responses to “A Complete Pill for the Sage SmartProbe.”

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> <pre lang="" line="" escaped="" highlight="">

MANDATORY: Please prove that you are human:

108 xor 24 = ?

What is the serial baud rate of the FG device ?

Answer the riddle correctly before clicking "Submit", or comment will NOT appear! Not in moderation queue, NOWHERE!