Okay, so a few says ago I bought a Bus Pirate v3.6 off Amazon (might not have been the best buy, but you know, it works), and up until this morning I was pretty much just working based off TFTP and UART, obviously with limited progress. But later today I got my precious swiss-knife of embedded computing, and after a much needed firmware upgrade to v6.1, the first thing I did was trying to plug it in in the "JTAG" ports I found earlier. Somewhat unsurprisingly however, it didn't quite work the first time. I'm not sure as to why, but I couldn't get it to work, so I decided to look at the other header right next to it. After a bit of poking it turned out to be a MIPS EJTAG 2.6, or something similar. I tried hooking the BP to it, and finally!, it didn't work either.

I tried plugging and unplugging the cables many, many times. I tried changing MISO for MOSI (as if that was going to work), using other tools like urJtag and even the integrated serial terminal on the BP (which wasn't available in this version afaik, but that didn't stop me from trying). Finally, and after a long walk where I cooled my head down a little bit, I tried going for another approach.

Earlier today I found JTAGenum, an Arduino-based utility mainly used to detect the different pins for JTAG on an embedded device. For whatever reason however, I did not think about using it until I came back. It was a bit of a challenge to get it working at the begging. None of the boards I had seem to work, I tried using an Arduino UNO, a NodeMCU and even an old Weemos D1 mini board I had laying around in my room. Of course, I don't think it was an issue with the code, but rather with the wiring, but nevertheless I only managed to get the utility working with an Arduino Pro mini.

And it all lead to this four, beautiful lines:

> s
================================
Starting scan for pattern:0110011101001101101000010111001001
FOUND!  ntrst:2 tck:3 tms:4 tdo:5 tdi:6 IR length: 5
active  ntrst:2 tck:3 tms:6 tdo:5 tdi:4  bits toggled:28
================================

 I ran the command a couple times to make sure it was right, and it all seemed to be working. All it was left to do was to try the connection out...

I can't begin to express how happy I was when I saw that. All the times I tried connecting the BP to the router, I got all sorts of errors and warnings, but now, it even let me halt and continue the system, a cathartic experience all around. I also made sure to take pictures of the pins and jumpers I used to accomplish this:

I'll now be trying to get the dumps out of the flash, and hopefully start building a new image for this old fella. Which by the way, might be the least difficult part of the project (and yes, I know there's a extremely high chance I'm wrong, but hey, I can have dreams!)