UART shell
Most hardware devices exposes a "debug interface" shell via a UART port. This can allow us to gain access to a configured shell on the device, and my directly provide us with root access at times.
1. Identify Ground points
The first and most important step will be to identify the Ground (GND) points (apart from the one on the UART interface). For this, we need a digital multimeter with the continuity mode function
IMPORTANT: NEVER use the continuity mode on a powered board
Turn the digital multimeter to continuity mode
Touch both probes (black and red probes connected to COM and mAΩA respectively)
The middle and right slots in the image below
“Beep” sound should be heard
**Turn OFF the power source to the board/device
Identify potential Ground points
Pin labels with “GND” or “0V”
"metal shielded" components
USB
Any other components with visible silver metal casing
In the image below, we can see silver metal casing on the left and right middle of the board (circled with blue outline)
The component on the left is likely an Electromagnetic Interference (EMI) shield around a Wi-Fi chip or something similar, while the one on the right is USB
Touch both probes to 2 different potential Ground points
If a “Beep” is heard -> both are Ground points
2. Identify UART interface
We can use the following methods to find potential UART interface candidates:
a. Labels on the hardware itself
"UART"
"TX RX GND VCC"
b. Visual appearance
If there are no obvious labels on the device, we can still identify an UART interface by observing the following patterns
4-5 gold-plated hole or oval/circular shaped portions aligned in a neat row
3. Identifying GND, TX, RX pins on the UART
After finding a potential UART candidate, we have to identify the TX, RX and GND pins to enable us to provide proper connections with our external adapter that connects to our computer, and to also prevent frying the components on the board
For the steps below, place the black (connected to COM) on the Ground point found earlier. Switch multimeter to continuity mode
a. GND
The first step will be to identify the GND on the UART
With the black probe inserted into the COM on the multimeter, place the red probe (connected to mAΩA) on each of the UART pins
The GND pin can be identified when a "beep" sound is heard
For the TX and RX pins, we have to switch the multimeter to DC voltage mode 
. Place the red probe (connected to COM) on the rest of the unidentified pins
We can identify the specific pins based on the value shown on the digital multimeter as described below:
b. TX
Fluctuating voltage value in the range of 2+V to 3.3V
c. RX
Stable voltage value of 0 or around 3.3V
Might display slight fluctuations when the device boots up
d. VCC (Power pin)
Stable 3.3V, without any fluctuations
Not needed for UART connection
4. Getting a shell
4.1 Identifying the device name
We can use the following commands to discover the device name, commonly in the format:
ttyUSBX
4.2 Connect to shell
Any of the following commands can be used to access the shell
We have to supply the following values to each command:
The baud rate (speed of communication). Common values are: 9600 and 115200
Device file name in the format
/dev/<device_name>Optionally, the output file to write logs
Last updated