Modern mobile systems rely on layered boot chains and hardware-enforced controls that restrict low-level visibility. Using the Samsung Galaxy S4 and Qualcomm APQ 8064 SoC as a case study, this session examines how JTAG access can be rediscovered and re-enabled to analyze early boot stages. The content walks through device teardown, identification of debug pads, and use of IEEE 1149.1 boundary scan to interact with otherwise locked hardware. It also explores Qualcomm bootloader design, fuse-based security controls, and developer edition mechanisms that enable unsigned code execution through eMMC CID hashing and RSA signatures.

This session, led by Ryan Grachek, security engineer at Amazon, will cover:

• Samsung Galaxy S4 boot flow and bootloader stages;
• Boundary scan and practical hardware debugging techniques;
• Bootloader unlocking via developer signatures and eMMC CID.