How much does JTAG apparatus cost? I've got the device... but would probably need some kind of 'step by step' things...
Hehe it's not that easy. You need four things.
1. The device itself.
2. A JTAG adapter.
3. A JTAG interface.
4. A computer with on-chip debugging software (OpenOCD).
The JTAG interface provides the proper electrical signalling that's required for JTAG debugging, while the JTAG adapter makes the mechanical connection to the phone's board. You have to open the phone (requires Torx screwdriver) and remove the board. Of course this requires you to disconnect all "peripherals" like the LCD screen, battery housing, etc. This is where problems start.
Since you have no battery housing, connecting the battery is hard. As long as you only want to use JTAG for programming (flashing) the device, you can just connect USB, which will provide power to the processor and you're ready to go. The problem is that the device's "self test" fails as long as it does not run from the Lithium cell, which means that it will be stuck in some very low-level initialization routine (PBL or something like that) and will never even get to execute HBOOT. That's of course not useful if you want to debug.
So you either have to actually connect the Lithium cell or you have to "emulate" it using a (strong! - the phone draws quite an amount of peak current and if the supply voltage "ditches in", self-test will fail as well) DC power supply and some resistors. I have
figured out and described how it works here, but of course it requires some amount of equipment (DC supply and wires and clamps and resistors and whatnot) to get this done.
It's definitely not easy to do. Imagine you have this small board and then you have the JTAG adapter. The JTAG adapter uses sharp needles (so called "pogo pins") to connect to the board. (You have to grind off the insulation from the signal traces on the board where the JTAG adapter is contacting it. Be careful though not to grind off all the copper that makes up the trace!
) The pogo pins will not stay in place, they have to be pressed against the board with considerable force to make reliable contact. I used two clothespegs, one of each side of the adapter, to accomplish this. Then of course you have USB on the board for Fastboot (that you need to run the exploit). And then you have four wires for the power supply and "Lithium cell emulation". It gets very messy soon and sometimes some clamps and wires will "randomly disconnect" from this mess and then you have to "reset the board" (disconnect power supply and USB is of course a reliable method) and start over. It's definitely not fun, but it works if you're very careful.
Then you hold the micro-switch for Vol-Down on the board, press the micro-switch for Power on the board, then release Vol-Down, give the board some time to get into the bootloader. Then you press "Power" once more to get into Fastboot mode. Then you run the exploit from the computer. Just before hitting Enter you begin holding Vol-Down on the board again to boot into the "hacked" bootloader. All that while not getting ANY response from the phone since no screen is connected and of course always hoping that all connections stay in place. You get the idea.
So JTAG debugging is extremely useful but it's definitely not easy. However, this would all not have been the problem. The problem was that the JTAG interface I have is for processors with 3.3 V logic voltage, while the MSM7227 only has 0.9 V logic voltage. You will either need a JTAG interface that works with processors running on such a low voltage (haven't found any) or you need to "shift" the logic levels between the interface and the board (haven't found any out-of-the-box circuit - it probably needs custom hardware and building this is a pain, that's why I gave up on JTAG).
