Secure Services

From MILEDROPEDIA
Revision as of 12:47, 23 February 2011 by XVilka (Talk | contribs)

Jump to: navigation, search

Summary

Secure Service ID (SSID) Serure Service Name Hardware/Software Secure Service Description
0x01 unknown Hardware unknown (from bootrom, using in function "security_check_CertISW")
0x02 unknown Hardware unknown (from bootrom, using in function "security_check_CertISW")
0x03 unknown Hardware unknown (from bootrom, using in function "security_check_CertISW")
0x04 unknown Hardware unknown (from bootrom, using in function "security_ISW_authethication"
0xf API_HAL_PA_LOAD unknown unknown
0x11 API_HAL_PA_UNLOAD_ALL unknown unknown
0x13 API_HAL_SDP_RUNTIME_INIT unknown unknown
0x15 API_HAL_SEC_RPC_INIT unknown unknown
0x19 API_HAL_CONTEXT_SAVE_RESTORE unknown unknown
0x1a API_HAL_SEC_RAM_RESIZE unknown unknown
0x1e unknown Hardware unknown (from bootrom)
0x1f unknown Hardware unknown (from bootrom)
0x22 API_HAL_KM_CRC_READ unknown unknown
0x27 API_HAL_NB_MAX_SVC Unknown unknown
0x28 unknown unknown unknown (from mbmloader)
0x2a unknown unknown unknown (from mbmloader)
0x31 API_HAL_MOT_EFUSE Software Blow eFuse entry
0x36 API_HAL_MOT_EFUSE_READ Software Read eFuse entry

security_check_ISW

  1. ROM:400161E8
  2. ROM:400161E8     ; int __cdecl security_check_CertISW(void *arg1, int arg2, void *arg3, int arg4)
  3. ROM:400161E8     security_check_CertISW                                      ; CODE XREF: boot_HS_image_exec+C4�p
  4. ROM:400161E8                                                                 ; boot_memory_image_auth_exec+C4�p
  5. ROM:400161E8
  6. ROM:400161E8     arg_0           =  0
  7. ROM:400161E8
  8. ROM:400161E8 000                 PUSH.W          {R4-R10,LR}                 ; count
  9. ROM:400161EC 020                 MOV             R10, R1                     ; Rd = Op2
  10. ROM:400161EE 020                 LDR             R5, =dword_4020FFB4         ; Load from Memory
  11. ROM:400161F0 020                 MOV             R9, R0                      ; Rd = Op2
  12. ROM:400161F2 020                 LDR             R7, [SP,#0x20+arg_0]        ; Load from Memory
  13. ROM:400161F4 020                 MOVS            R0, #0                      ; Rd = Op2
  14. ROM:400161F6 020                 MOV             R8, R2                      ; Rd = Op2
  15. ROM:400161F8 020                 MOV             R6, R3                      ; Rd = Op2
  16. ROM:400161FA 020                 LDR             R1, [R5]                    ; Load from Memory
  17. ROM:400161FC 020                 ORR.W           R1, R1, #tracing2_Reserved2 ; Rd = Op1 | Op2
  18. ROM:40016200 020                 STR             R1, [R5]                    ; Store to Memory
  19. ROM:40016202 020                 MOVS            R4, #1                      ; Rd = Op2
  20. ROM:40016204 020                 LDR             R2, =0x809795A3             ; Load from Memory
  21. ROM:40016206 020                 LDR             R1, [R3]                    ; Load from Memory
  22. ROM:40016208 020                 CMP             R1, R2                      ; Set cond. codes on Op1 - Op2
  23. ROM:4001620A 020                 BEQ             search_CertISW_mark         ; Branch
  24. ROM:4001620A
  25. ROM:4001620C 020                 MOVS            R4, #0                      ; Rd = Op2
  26. ROM:4001620C
  27. ROM:4001620E
  28. ROM:4001620E     search_CertISW_mark                                         ; CODE XREF: security_check_CertISW+22�j
  29. ROM:4001620E 020                 CBNZ            R4, found                   ; Compare and Branch on Non-Zero
  30. ROM:4001620E
  31. ROM:40016210 020                 MOVS            R2, #CH_STRINGS.CHMMCSD     ; source
  32. ROM:40016212 020                 MOV             R1, R6                      ; void *
  33. ROM:40016214 020                 ADR             R0, CertISW_mark            ; "CertISW"
  34. ROM:40016216 020                 BL              standard_memcmp             ; Branch with Link
  35. ROM:40016216
  36. ROM:4001621A 020                 CBNZ            R0, not_found               ; Compare and Branch on Non-Zero
  37. ROM:4001621A
  38. ROM:4001621C 020                 MOVS            R0, #1                      ; Rd = Op2
  39. ROM:4001621E 020                 B               found                       ; Branch
  40. ROM:4001621E
  41. ROM:40016220     ; ---------------------------------------------------------------------------
  42. ROM:40016220
  43. ROM:40016220     not_found                                                   ; CODE XREF: security_check_CertISW+32�j
  44. ROM:40016220 020                 MOVS            R0, #0                      ; Rd = Op2
  45. ROM:40016220
  46. ROM:40016222
  47. ROM:40016222     found                                                       ; CODE XREF: security_check_CertISW:search_CertISW_mark�j
  48. ROM:40016222                                                                 ; security_check_CertISW+36�j
  49. ROM:40016222 020                 ORRS            R0, R4                      ; Rd = Op1 | Op2
  50. ROM:40016224 020                 BEQ             return_1                    ; Branch
  51. ROM:40016224
  52. ROM:40016226 020                 LDRH            R0, [R7]                    ; Load from Memory
  53. ROM:40016228 020                 LSLS            R0, R0, #28                 ; Logical Shift Left
  54. ROM:4001622A 020                 BMI             loc_4001624A                ; Branch
  55. ROM:4001622A
  56. ROM:4001622C 020                 LDR             R0, [R5]                    ; Load from Memory
  57. ROM:4001622E 020                 CBZ             R4, loc_4001623C            ; Compare and Branch on Zero
  58. ROM:4001622E
  59. ROM:40016230 020                 ORR.W           R0, R0, #0b1000000000       ; Rd = Op1 | Op2
  60. ROM:40016234 020                 STR             R0, [R5]                    ; Store to Memory
  61. ROM:40016236 020                 ADD.W           R0, R6, #0x38               ; Rd = Op1 + Op2
  62. ROM:4001623A 020                 B               loc_40016246                ; Branch
  63. ROM:4001623A
  64. ROM:4001623C     ; ---------------------------------------------------------------------------
  65. ROM:4001623C
  66. ROM:4001623C     loc_4001623C                                                ; CODE XREF: security_check_CertISW+46�j
  67. ROM:4001623C 020                 ORR.W           R0, R0, #0b10000000000      ; Rd = Op1 | Op2
  68. ROM:40016240 020                 STR             R0, [R5]                    ; Store to Memory
  69. ROM:40016242 020                 ADD.W           R0, R6, #0b10100100         ; Rd = Op1 + Op2
  70. ROM:40016242
  71. ROM:40016246
  72. ROM:40016246     loc_40016246                                                ; CODE XREF: security_check_CertISW+52�j
  73. ROM:40016246 020                 BL              security_speedup_parsing    ; Branch with Link
  74. ROM:40016246
  75. ROM:4001624A
  76. ROM:4001624A     loc_4001624A                                                ; CODE XREF: security_check_CertISW+42�j
  77. ROM:4001624A 020                 MOV             R0, R9                      ; Rd = Op2
  78. ROM:4001624C 020                 BL              security_call_SSID_0x01     ; Branch with Link
  79. ROM:4001624C
  80. ROM:40016250 020                 CMP.W           R8, #0                      ; Set cond. codes on Op1 - Op2
  81. ROM:40016254 020                 BEQ             loc_40016266                ; Branch
  82. ROM:40016254
  83. ROM:40016256 020                 LDR             R0, =memory_buffer          ; Load from Memory
  84. ROM:40016258 020                 LDR             R1, [R0]                    ; Load from Memory
  85. ROM:4001625A 020                 ORR.W           R1, R1, #tracing_R&D_certificate_found ; Rd = Op1 | Op2
  86. ROM:4001625E 020                 STR             R1, [R0]                    ; Store to Memory
  87. ROM:40016260 020                 MOV             R0, R8                      ; arg_1
  88. ROM:40016262 020                 BL              security_call_SSID_0x02     ; Branch with Link
  89. ROM:40016262
  90. ROM:40016266
  91. ROM:40016266     loc_40016266                                                ; CODE XREF: security_check_CertISW+6C�j
  92. ROM:40016266 020                 LDR             R0, [R5]                    ; Load from Memory
  93. ROM:40016268 020                 ORR.W           R0, R0, #0x800              ; Rd = Op1 | Op2
  94. ROM:4001626C 020                 STR             R0, [R5]                    ; Store to Memory
  95. ROM:4001626E 020                 MOV             R0, R10                     ; arg_1
  96. ROM:40016270 020                 BL              security_call_SSID_0x03     ; Branch with Link
  97. ROM:40016270
  98. ROM:40016274 020                 CBNZ            R0, return_error            ; Compare and Branch on Non-Zero
  99. ROM:40016274
  100. ROM:40016276 020                 LDRH            R0, [R7]                    ; Load from Memory
  101. ROM:40016278 020                 ORR.W           R0, R0, #0x800              ; Rd = Op1 | Op2
  102. ROM:4001627C 020                 STRH            R0, [R7]                    ; Store to Memory
  103. ROM:4001627E 020                 MOVS            R0, #0                      ; Rd = Op2
  104. ROM:4001627E
  105. ROM:40016280
  106. ROM:40016280     return                                                      ; CODE XREF: security_check_CertISW+B4�j
  107. ROM:40016280 020                 POP.W           {R4-R10,PC}                 ; Pop registers
  108. ROM:40016280
  109. ROM:40016284     ; ---------------------------------------------------------------------------
  110. ROM:40016284
  111. ROM:40016284     return_error                                                ; CODE XREF: security_check_CertISW+8C�j
  112. ROM:40016284 020                 LDR             R0, [R5]                    ; Load from Memory
  113. ROM:40016286 020                 ORR.W           R0, R0, #0b1000000000000    ; set bit #12
  114. ROM:4001628A 020                 STR             R0, [R5]                    ; Store to Memory
  115. ROM:4001628C 020                 LDR             R0, =sub_140A8              ; Load from Memory
  116. ROM:4001628E 020                 BLX             call_dead_loops             ; Branch with Link and Exchange (immediate address)
  117. ROM:4001628E
  118. ROM:40016292
  119. ROM:40016292     return_1                                                    ; CODE XREF: security_check_CertISW+3C�j
  120. ROM:40016292 020                 LDR             R0, [R5]                    ; Load from Memory
  121. ROM:40016294 020                 ORR.W           R0, R0, #0b10000000000000   ; set bit #13
  122. ROM:40016298 020                 STR             R0, [R5]                    ; Store to Memory
  123. ROM:4001629A 020                 MOVS            R0, #1                      ; Rd = Op2
  124. ROM:4001629C 020                 B               return                      ; Branch
  125. ROM:4001629C
  126. ROM:4001629C     ; End of function security_check_CertISW
  127. ROM:4001629C
  128. ROM:4001629C     ; ---------------------------------------------------------------------------
  129. ROM:4001629E                     DCW 0
  130. ROM:400162A0     off_400162A0    DCD dword_4020FFB4                          ; DATA XREF: security_check_CertISW+6�r
  131. ROM:400162A4     dword_400162A4  DCD 0x809795A3                              ; DATA XREF: security_check_CertISW+1C�r
  132. ROM:400162A8     CertISW_mark    DCB "CertISW",0                             ; DATA XREF: security_check_CertISW+2C�o
  133. ROM:400162B0     off_400162B0    DCD memory_buffer                           ; DATA XREF: security_check_CertISW+6E�r
  134. ROM:400162B4     image_cant_exec DCD sub_140A8                               ; DATA XREF: security_check_CertISW+A4�r

security_ISW_authentication

  1. ROM:400162B8
  2. ROM:400162B8     ; int __cdecl security_ISW_authentication(void *mem_1, void *mem_2)
  3. ROM:400162B8     security_ISW_authentication                                 ; CODE XREF: boot_HS_image_exec+CE�p
  4. ROM:400162B8                                                                 ; boot_memory_image_auth_exec+106�p
  5. ROM:400162B8 000                 LDR             R2, =memory_buffer          ; Load from Memory
  6. ROM:400162BA 000                 PUSH            {R4,LR}                     ; Push registers
  7. ROM:400162BC 008                 LDR             R3, [R2]                    ; Load from Memory
  8. ROM:400162BE 008                 ORR.W           R3, R3, #tracing_Initial_SW_authentication_started ; Rd = Op1 | Op2
  9. ROM:400162C2 008                 STR             R3, [R2]                    ; Store to Memory
  10. ROM:400162C4 008                 BL              security_call_SSID_0x04     ; Branch with Link
  11. ROM:400162C4
  12. ROM:400162C8 008                 LDR             R0, =dword_4020FFB4         ; Load from Memory
  13. ROM:400162CA 008                 LDR             R1, [R0]                    ; Load from Memory
  14. ROM:400162CC 008                 ORR.W           R1, R1, #tracing2_No_known_NAND_was_detected ; Rd = Op1 | Op2
  15. ROM:400162D0 008                 STR             R1, [R0]                    ; Store to Memory
  16. ROM:400162D2 008                 POP             {R4,PC}                     ; Pop registers
  17. ROM:400162D2
  18. ROM:400162D2     ; End of function security_ISW_authentication
  19. ROM:400162D2
  20. ROM:400162D2     ; ---------------------------------------------------------------------------
  21. ROM:400162D4     off_400162D4    DCD memory_buffer                           ; DATA XREF: security_ISW_authentication�r
  22. ROM:400162D8     off_400162D8    DCD dword_4020FFB4                          ; DATA XREF: security_ISW_authentication+10�r
  23. ROM:400162DC