Howto to spy JTAGICE I set the jtag clock to 10 through "jtagice". If Iremember well then the jtag clock was set to 100microseconds.When I repeated some of the commands again thenthe jtag clock was changed to approximately 420microseconds. Why this is I don't know but thiswas very welcome.Anyway here are some results of the spy tool.Dumping into a file.To catch the results I did it as root with todisable the extra <CR> :	# stty -F /dev/ttySxx speed 115200 -igncr inlcrAnd as user :	$ cat /dev/ttySxx > <result.txt>Analysis.Feeding AVR instructions.It seems that the On Chip Debug system must be fed with AVR instructions. One example that I know of is theARM7TDMI. Atmel amongst others produces the AT91M40800which is based on the ARM7TDMI core.In that case you can disassemble this as a user with (thanks to Theodore Roth who gave me these hints :-) ) :	$ printf "\x<byte>\x<byte>" > foo.binor if it already exists then stick it after the previousone with :	$ printf "\x<hi_byte>\x<lo_byte>" >> foo.binWhere <hi_byte> and <lo_byte> represents the ascii hex bytearray you see in the output. Note : don't forget the "\x".You can check this with :	od -h foo.binBe aware that this will be showed in little/big endian. DisassemblyIn order to find out what AVR instruction this is, then youneed it to disassemble with :	avr-elf-objdump --target=binary --architecture=avr:5 foo.binI had to do this for the ATmega16.Now the most important thing :The jtag instruction sequence which is needed to dump avr instructionsinto the target is :goto JTAG Instruction Register	: jtag instruction 0xAgoto JTAG DATA register 	: avr instruction into pipelineThe AVR instruction is sent in big endian : you can see this in theoutput of the spy tool. You have to take into account of this.Two extra features :jtag instruction 1 <0x.. 0x.. 0x.. 0x..> 	--> jtag id--------------------------------------------------------------------------input :jtag instruction reg	= <0xC> 		--> set debug mode jtag data reg		= <0xC>output :---------------------------------------------------------------------------input :jtag instruction reg	= <0xB> 		--> get break statusjtag data reg		= <0x9>output :jtag data reg		= <0x2000>--------------------------------------------------------------------------input :jtag instruction reg	= <0x5> 		-->leave program statusjtag data reg		= <0x33>jtag data reg		= <0x04>jtag data reg		= <0x0000>output :jtag data reg		= <0x2000>--------------------------------------------------------------------------input :jtag instruction reg	= <0xA> 		--> feed instruction into pipelinejtag data reg		= <AVR opcode>