Mbmloader

Strictly speaking, mbmloader((There's a (c) 2006 Motorola notice in it, since it reuses code from the older versions of mbmloader used in previous Motorola phones. This works to our advantage because some of those earlier versions have been reverse engineered in the past by yakk in his MotoMagX hack.)) is one of the first components in the boot chain. It verifies and then loads the mbm component. It checks mbmbackup for newer versions of mbm, so that mbm cannot be downgraded((this can be easily bypassed once running as root, since both mbm and mbmbackup could be downgraded at the same time)).

More generally speaking, we sometimes say "mbmloader" to refer to the whole bootstrap system, which is composed by the CH table, the Initial Software image, and mbmloader itself (inside the ISW image). For example, the mtd-hack module by janneg allows us to dump mtd00 which includes all of these, and we usually call this the "mbmloader dump" or "mbmloader CG".

mbmloader protections

It seems the mbmloader has public certificates on it (see the ISW section). These certificates don't seem to be in any recognizable format, but they conform to CSST's HS signed image format, so we can assume mbmloader is signed. We also know that both the Milestone and the Droid run in HS mode, which requires this format.

According to the CSST's use of openssl, the openssl "commands" used to generate the certificates may somehow be intercepted. Moreover, analyzing the csstcli(command line tool) and it's parameters may identify what and how the certificates are signing upon.

= mbm

What is mbm?

mbm is Motorola Boot Manager((http://wiki.openezx.org/Z6_Security)). According to the boot chain, mbmloader will pass the control to mbm after the signature embedded in mbm is verified.

How mbmloader verify mbm?

Introduction

yakk has contributed his effort to map many high level functions name for the mbmloader image. This allows easier inspection of how the verification of mbm is performed. Perhaps he has already reviewed the related portion of codes for potential vulnerability, trying to document the findings that allows continuation could be a possible way to figure out a way.

Work flow

mbm is read into address 0x8f310000.

Search for the end of signature mark(the data length suggests a sha1sum):

6B D3 98 E2 D6 F0 F8 CF FC D4 96 72 5E B3 A8 B3 6B F9 B1 16

Milestone mbmloader

now we only known only two versions of mbmloader for milestone:

one File:Mbmloader-0.5A.raw.gz
two File:Mbmloader-1.raw.gz

Background

Accredited by yakk, idb of mbmloader with high level function names are available. Further exploration is in the progress to map more information from kernel source and technical reference manual.

Kernel source

drivers/misc/sec/sec_core.h:

#define REGISTER_ADDRESS_DIE_ID  0x4830A218
#define REGISTER_ADDRESS_MSV 0x480023B4

Searching b4 23 00 48 in mbmloader give:

ROM:87004954 EF BE AD DE dword_87004954  DCD 0xDEADBEEF          ; DATA XREF: get_fuse+4�r
ROM:87004954                                                     ; sub_87004798+A�r
ROM:87004958 B4 23 00 48 MSV             DCD 0x480023B4          ; DATA XREF: get_fuse:loc_87004786�r
ROM:8700495C 18 A2 30 48 DIE_ID          DCD 0x4830A218          ; DATA XREF: sub_87004832+18�r

arch/arm/plat-omap/include/mach/omap34xx.h:

#define L4_34XX_BASE            0x48000000
#define L4_WK_34XX_BASE         0x48300000
#define L4_PER_34XX_BASE        0x49000000
#define L4_EMU_34XX_BASE        0x54000000
#define L3_34XX_BASE            0x68000000
#define OMAP3430_32KSYNCT_BASE  0x48320000
#define OMAP3430_CM_BASE        0x48004800
#define OMAP3430_PRM_BASE       0x48306800
#define OMAP343X_SMS_BASE       0x6C000000
#define OMAP343X_SDRC_BASE      0x6D000000
#define OMAP34XX_GPMC_BASE      0x6E000000
#define OMAP343X_SCM_BASE       0x48002000
#define OMAP34XX_IC_BASE        0x48200000
#define OMAP34XX_IVA_INTC_BASE  0x40000000
#define OMAP34XX_SR1_BASE       0x480C9000
#define OMAP34XX_SR2_BASE       0x480CB000
#define OMAP34XX_DSP_BASE       0x58000000

Technical Reference Manual

Abbreviation	Meaning	Reference
MSV	Model Specific Value	spruf98 p. 981, 6.6.4.47(System Control Module, Registers, GENERAL registers description), Table 6-496. CONTROL_MSV_0

4.14.1 CM Module Registers, Table 4-90. CM Instance Summary (spruf98 p.440)

Module Name	Base Address (hex)	Size
IVA2_CM	0x4800 4000	8192 bytes
OCP_System_Registers_CM	0x4800 4800	8192 bytes
MPU_CM	0x4800 4900	8192 bytes
CORE_CM	0x4800 4A00	8192 bytes
SGX_CM	0x4800 4B00	8192 bytes
WKUP_CM	0x4800 4C00	8192 bytes
Clock_Control_Registers_CM	0x4800 4D00	8192 bytes
DSS_CM	0x4800 4E00	8192 bytes
CAM_CM	0x4800 4F00	8192 bytes
PER_CM	0x4800 5000	8192 bytes
EMU_CM	0x4800 5100	8192 bytes
Global_Registers_CM	0x4800 5200	8192 bytes
NEON_CM	0x4800 5300	8192 bytes
USBHOST_CM	0x4800 5400	8192 bytes

6.6 System Control Module Registers Table 6-80. Instance Summary

Name	Address	Instance length
INTERFACE	0x4800 2000	36 bytes
PADCONFS	0x4800 2030	564 bytes
GENERAL	0x4800 2270	767 bytes
MEM_WKUP	0x4800 2600	1K byte
PADCONFS_WKUP	0x4800 2A00	80 bytes
GENERAL_WKUP	0x4800 2A60	31 bytes

18.8 McSPI Registers, Table 18-22. Instance Summary

Module Name	Base Address	Size
MCSPI1	0x4809 8000	4Kbytes
MCSPI2	0x4809 A000	4Kbytes
MCSPI3	0x480B 8000	4Kbytes
MCSPI4	0x480B A000	4Kbytes

Address extracted from mbmloader

Prefixed by 0x4800:

0x48002000 Control Revision
0x48002180 CONTROL_PADCONF_UART1_CTS - Configuration register for pads uart1_cts(clear to send), uart1_rx. ((spruf98 p. 870, 6.6.3.85 CONTROL_PADCONF_UART1_CTS))
0x480021C8 CONTROL_PADCONF_MCSPI1_CLK - Configuration register for pads mcspi1_clk, mcspi1_simo
0x480022F0 Control status - SYS_BOOT and DEVICETYPE
0x480023B4 MSV - Model Specific Value, 4 bytes
0x48004000 Clock manager, Module region A, 8KB ((spruf98 p.203, Table 2-3. L4-Core Memory Space Mapping))
0x48004904 CM_CLKEN_PLL_MPU, This register allows controlling the DPLL1 modes. ((spruf98 p.454))
0x48004A00 Table 4-143. CM_FCLKEN1_CORE, Controls the module functional clock activity.
0x48004A10 Table 4-147. CM_ICLKEN1_CORE, Controls the modules interface clock activity.
0x48004A20 Table 4-153. CM_IDLEST1_CORE, CORE modules access availability monitoring. This register is read only and automatically updated.
0x48004B40 Table 4-177. CM_CLKSEL_SGX, SGX clock selection.
0x48004C00 4.14.1.7.1 CM_FCLKEN_WKUP, Table 4-185. CM_FCLKEN_WKUP, Controls the modules functional clock activity.
0x48004D00 Table 4-195. CM_CLKEN_PLL, This register allows controlling the DPLL3 and DPLL4 modes.
0x48004E40 Table 4-227. CM_CLKSEL_DSS, Modules clock selection.
0x48005000 Table 4-251. CM_FCLKEN_PER, Controls the modules functional clock activity. RW, WDTIMER can be enabled/disabled here.
0x48005140 Table 4-267. CM_CLKSEL1_EMU, Modules clock selection.

Prefixed by 0x4830:

0x48306000 Table 4-297. PRM Instance Summary, IVA2_PRM
0x48306D40 Table 4-387. PRM_CLKSEL, This register controls the selection of the system clock frequency. This register is reset on power-up only. RW
0x48307000 Table 4-297. PRM Instance Summary, PER_PRM
0x48307250 Table 4-456. PRM_RSTCTRL, Global software and DPLL3 reset control. This register is auto-cleared. Only write 1 is possible. A read returns 0 only. Perhaps it be used to issue a software reset? ((4.5.9.2 Global Warm Reset Sequence))
0x48307270 Table 4-466. PRM_CLKSRC_CTRL, This register provides control over the device source clock.
0x4830A218 DIE ID, 16 bytes

Other 32-bit dword:

0x18000000
0x1F000000
0x20000000
0x208D0024
0x28000000
0x3FCFF000
0x40000000
0x40208800 SRAM 
0x4020C800 SRAM
0x43FFFE01
0x4806A000 UART1 DLL_REG, 16.6 UART/IrDA/CIR Registers
0x48098000 18.8 McSPI Registers, McSPI1(Multichannel Serial Port Interface)
0x48314000 WDTIMER2, Table 15-66. WDT2 Register Summary
0x48318000 GPTIMER1, 15.3 General-Purpose (GP) Timer Registers
0x49020000 UART3 (infrared), 2.3.2.3 L4-Peripheral Memory Space Mapping, Table 2-5. L4-Peripheral Memory Space Mapping
0x5004800C 
0x5005C008
0x5A827999 SHA1 c1
0x6E000000 Table 10-27. Instance Summary, GPMC.
0x6E00007C 10.1.7.2.17 GPMC_NAND_COMMAND_i, This register is not a true register, just an address location.
0x6E000084 10.1.7.2.19 GPMC_NAND_DATA_i, This register is not a true register, just an address location.
0x6E0000A8 10.1.7.2.16 GPMC_CONFIG7_i, i = 1
0x6E0001F4 10.1.7.2.24 GPMC_ECC_CONFIG, ECC configuration, RW, able to control hardware ECC.
0x6E0001F8 10.1.7.2.25 GPMC_ECC_CONTROL, ECC control, RW, able to control hardware ECC.
0x6ED9EBA1 SHA1 c2
0x76543210
0x78020000
0x7FFFFED3
0x80000000 
0x80080000
0x81000000
0x81001000
0x81001080
0x81001484
0x81001888
0x81001908
0x8100192C
0x81001D2C
0x8100212C
0x810021AC
0x8100222C
0x8100322C
0x8100422C
0x8100522C
0x8100562C
0x8100762C
0x81007A14
0x81007A54
0x81007C54
0x81007C64
0x81007CE4
0x81007DE4
0x81007DF4
0x81007E04
0x8100AE40
0x85030004
0x860527A0
0x87000998
0x87009792
0x87009A08
0x87009BDC
0x87009E52
0x87009E5C
0x87009FA6
0x8700AA96
0x8700B614
0x8700B634
0x8700B664
0x8700B684
0x87014D4C
0x89ABCDEF
0x8F1BBCDC SHA1 c3
0x8F310000 mbm load address
0x8F311000 mbm offset 0x1000
0x8FFFFFFF
0x90000000
0xB17219E9 special value in mbm
0xCA62C1D6 SHA1 c4
0xDEADBEEF dummy value mark dead beef
0xF0E1D2C3
0xFC000000
0xFEDCBA98
0xFF000000
0xFFF800FF
0xFFFDD000
0xFFFFDFE1
0xFFFFF7FF
0xFFFFFC01
0xFFFFFFFD
0xFFFFFFFF

Mbmloader

Contents

MBM loader

What is mbmloader

mbmloader protections

= mbm

What is mbm?

How mbmloader verify mbm?

Introduction

Work flow

Milestone mbmloader

Background

Kernel source

Technical Reference Manual

Address extracted from mbmloader

Navigation menu

Personal tools

Namespaces

Variants

Views

Actions

Search

Navigation

see also

Tools