The public discovery of FLUXBABBITT, a modestly-clever American spy gadget - that may or may not have been "fired in anger" yet - has provoked the usual flood of media garbage ("JTAG is a Chinese back door! Threat or menace?") What follows is some basic investigation regarding the plausible workings of this device, based only on:

The leaked document itself.

A friend's disassembled "Dell PowerEdge," of several years' vintage.

Intel's published documentation for their "XDP" port.

Here is the port in question:

If you doubt your lying eyes, run - not walk - to your server closet and pop a Dell machine of recent manufacture. Remove the cooling duct cover. Look near the rear or front-most edge of the motherboard. You will find a similar picture.

But, threat or menace? Let's find out; straight from the horse's mouth:

3.10 Depopulating XDP for Production Units At some point there may be a desire to remove the debug port from production units. It is recommended that the port real-estate and pads remain in place if they need to be populated for a future problem. Depopulate all physical devices (connector, termination resistors, jumpers) except: Termination of OBSFN_x[0:1] / BPM[4:5]# / PREQ#, PRDY#; Termination of TCK; Termination of TDI; Termination of TMS; Termination of TRSTn. Intel Corp., "Debug Port Design Guide for UP/DP Systems." p. 24.

Not exactly a bog-standard JTAG port (there is, in fact no particular standard for the socket, really; only for the bottom layer of the protocol) - from here you can access CPU registers, view and edit the contents of memory, issue bus read/write cycles, etc. AMD includes a similar (though incompatible) port in some of its products.

Presumably, FLUXBABBIT injects a little bit of nasty directly into RAM at boot time - quite like a traditional MBR infector. The somewhat-exotic delivery mechanism is there to counter a possible audit of the system firmware. (Why this audit would not be expected to include a basic physical inspection of the machine's internals is a question that should be asked of our dear friends at Ft. Meade, not me.)

JTAG and other debug connectors are routinely found in mass-market products. The manufacturer often succumbs to the temptation of shaving a few pennies of unit cost by omitting the actual connector. This is what the leaked document refers to as "depopulated" (in fact, a standard term-of-art in electronics manufacture.)

The only thing even vaguely suspicious about Dell's particular phantom debug port is: the pre-tinned solder pads. This could, however, be a mere artifact of the plating process undergone by the motherboard, rather than a deliberate helping hand for our favourite intelligence agency. (Attaching the missing connector would take all of five minutes for a fellow with a steady hand, a solder paste stencil, and a hot air machine - with or without pre-tinned pads.)

And regarding the doings of spies in general: there is really no limit as to what can be done to a physically-molested computer. Focusing on this particular feature is just the kind of tunnel-vision typical of the Computer Insecurity community.

If you're wondering why there is no FLUXBABBIT in your own Dell, take comfort: the product is almost certainly obsolete. That is, rendered obsolete by "pwning" at design time. Physical molestation is reserved for archaic or otherwise uncooperative machinery.