[blueberrymerry]

More on the bootrom vs. bootloader issue:
What is the difference between a Bootrom vs bootloader on ARM systems - Stack Overflow

Bootrom (or Boot ROM) is a small piece of mask ROM or write-protected flash embedded inside the processor chip. It contains the very first code which is executed by the processor on power-on or reset...

iPhone boot ROM. Embedded in the mask ROM and can't be modified. Loads the next stage boot loader from flash or USB (in DFU mode) and verifies its signature using built-in RSA implementation. Also provides accelerated decryption functions for the next stage bootloader.

Bootloader is responsible for finding and loading the final OS or firmware which is supposed to run on the chip. One main difference from bootrom is that it's usually in writable flash and can be replaced or upgraded.

Learning is fun!

[9Jer99]

Bootloader Project - OMAPpedia
http://focus.ti.com/en/pdfs/wtbu/oma...tin+PR+omap4pb
Yes it is.

[WhiteSpir1t]

My mistake then, I should have wrote verify instead of sign.

So BBRY do this with each new PB:
1. Use their private key (or several keys) to sign the bootloader
2. Write the bootloader to eMMC
2. Write the corresponding public key (or keys) to eMMC
2. Write the bootrom write-once memory with code to load the bootloader and a hash of the public key

Then on powering on, the SoC does this:
1. Power up CPU
2. Run bootrom code
3. Show any hardware errors with flashing lights?
4. If no hardware errors, then check the public key in eMMC against the on-chip public key hash
5. If hash and key don't match, kaboom
6. If hash and key match, then use public key to check signature of bootloader
7. If bootloader signature is valid, then continue boot process
8. If not, kaboom again

Does that come close? That means you have to overwrite the bootrom to load your own bootloader... but you can't, since that area is write-once only. Otherwise you can make your own bootloader but it has to be signed with BBRY's private keys... another impossible bit.

The only way then is to daisy-chain past the first or second stage bootloader to run your own OS? Provided there aren't any further crypto signature checks

Very good. Now can you shed light on how all iPhones up to iPhone 4's boot process was "pwned"?


Sent from my Motorola Startac

[WhiteSpir1t]

Is that what the PB bootrom is doing, running the check first before copying to RAM? 2.4 seconds is a long time for a vulnerable window.

Also, how can the private signing key be in the bootloader image? It shouldn't be anywhere on the device, it should be locked up in a secure vault at Waterloo What you would have is a hash of the image, signed with the private key, which can then be decrypted and checked for validity with the public key. Based on that ARM document you might be able to access the public key but you can't modify it.

Anyway here's an epic hack by someone who managed to overwrite the bootloader on a Huawei Ascend W1 Windows Phone: http://forums.windowscentral.com/hua...ked-china.html

It's possible to set the Qualcomm SoC into a debug mode, write another bootloader, then flash new firmware.

Cool. That gives a whole new meaning to read only memory.


Sent from my Motorola Startac

[BergerKing]

Let me be very clear, here. Proxy posting for a banned member will be dealt with harshly.

[birdman_38]

Let me be very clear, here. Proxy posting for a banned member will be dealt with harshly.

What is proxy posting?

[WhiteSpir1t]

Let me be very clear, here. Proxy posting for a banned member will be dealt with harshly.

What is proxy posting?

[swe3tdave]

a few people where copying emails here sent to them so he could still talk to us, that was proxy posting

[swe3tdave]

Let me be very clear, here. Proxy posting for a banned member will be dealt with harshly.

are we allowed to post a link to another web site so we can continue the conversation there?

[Synerworks]

My mistake then, I should have wrote verify instead of sign.

So BBRY do this with each new PB:
1. Use their private key (or several keys) to sign the bootloader
2. Write the bootloader to eMMC
2. Write the corresponding public key (or keys) to eMMC
2. Write the bootrom write-once memory with code to load the bootloader and a hash of the public key

Then on powering on, the SoC does this:
1. Power up CPU
2. Run bootrom code
3. Show any hardware errors with flashing lights?
4. If no hardware errors, then check the public key in eMMC against the on-chip public key hash
5. If hash and key don't match, kaboom
6. If hash and key match, then use public key to check signature of bootloader
7. If bootloader signature is valid, then continue boot process
8. If not, kaboom again

Does that come close? That means you have to overwrite the bootrom to load your own bootloader... but you can't, since that area is write-once only. Otherwise you can make your own bootloader but it has to be signed with BBRY's private keys... another impossible bit.

The only way then is to daisy-chain past the first or second stage bootloader to run your own OS? Provided there aren't any further crypto signature checks

Unfortunately, the description of what the bootrom does is still speculation and may not be entirely correct. The dump of the bootrom was to clearly document all operations and constraints so that a mechanism can be identified to chainload any roll your own solution onto the Playbook. The assumption is that since the bootrom stub is small, a full crypto framework is not able to be stored and used to do the integrity checks similar to once the bootloader is pulled into memory. As such, it may only use a SHA256 signature which can potentially allow a bootloader to be created using a collision signature. The first step is still to look at the bootrom and then determine if the code can be modified or rewritten with some unrestricted firmware.

[xsacha]

The only way then is to daisy-chain past the first or second stage bootloader to run your own OS? Provided there aren't any further crypto signature checks

Pretty much the method we'd want is some exploit in the bootrom or bootloader code. For instance, when it checks for signatures. There has been many mistakes in this area in the past. For instance, hashes that are too small (less than 256-bits even) or containing known flaws that limit the amount of combinations possible (and make them easier to crack).
This is how most locked down devices (eg. iPhones) are exploited. People discovered issues in how they check the signatures and were able to exploit these to gain permanent access (because Apple cannot patch it).

We'd need a dump of this code to play around with it but we don't have one yet.

Note that devices have become significantly more secure since 2010. Usually due to more robust security being deployed on the chip. Lessons learnt from past mistakes.

Cool. That gives a whole new meaning to read only memory.

The bootloader isn't read-only memory. In fact, you update it every time you install a new OS.
Windows Phones had an issue for a while with a few manufacturers where they shipped them with the generic Qualcomm bootloader which allowed full access. Essentially they came unlocked. This included Nokia 710 and Nokia 800.
In fact, after fiixng this issue, Nokia then went ahead and posted a flashable binary of that bootloader on their download server for everyone to use.
Android devices are usually fairly relaxed about their bootloader as well.

[blueberrymerry]

So, if you would forgive this newbie, what quackquack is trying to do is to use JTAG to somehow download the bootrom code? So we can find out what vulnerabilities it has e.g. small hashes?

From that point on, we can then figure out how to write and sign our own xloader, which we can use to load our own OS. Will the device be permanently bricked if we simply write an unsigned xloader to eMMC, which the bootrom will refuse to load?

[xsacha]

So, if you would forgive this newbie, what quackquack is trying to do is to use JTAG to somehow download the bootrom code? So we can find out what vulnerabilities it has e.g. small hashes?

No, this is what we want him to do. He hasn't made any attempt at this yet.

From that point on, we can then figure out how to write and sign our own xloader, which we can use to load our own OS. Will the device be permanently bricked if we simply write an unsigned xloader to eMMC, which the bootrom will refuse to load?

Only if it possible. That is a big 'IF'.

[swe3tdave]

well, he is easy enough to find on google... i contacted him directly using another web site's contact form. got a msg back in a day

[WhiteSpir1t]

i dont know about that, but a short look at the "terms and conditions of uses" for this web site and i'm about a inch away from closing my account.. its pretty scary..

Your intuition is somewhat sound.....

[swe3tdave]

well if there is already a conversation on irc.. should'nt we stick to that?

[birdman_38]

Surprised it hasn't been closed already. Almost 100 pages to this thread and it hasn't accomplished much.

[vlado091]

Surprised it hasn't been closed already. Almost 100 pages to this thread and it hasn't accomplished much.

another hater... what do you think that is easy to accomplish something that has very good security? If you are not interested, you may find other topics on forum that suits you...

[SEAWARRIOR]

BlackBerry

Sent from my Motorola Startac

greatest phone ever,,, still have mine,,, held its' own for 7 yrs,,, puts BB10 phones to shame...

[SEAWARRIOR]

if this moves to another location, someone drop me a pm plz,,, i already have irc channel, never much goin' on there when i pass thru...

[vlado091]

well if there is already a conversation on irc.. should'nt we stick to that?

Could you share server and channel info, so others can join...

[BergerKing]

Well, I guess that folks don't like to listen when a clear warning is issued, so we're closed until further notice. Infractions will be decided when I get the chance to spend the time on it.

[BergerKing]

are we allowed to post a link to another web site so we can continue the conversation there?

No. PM is acceptable between those interested.

[BergerKing]

Ok, I'm reopening the thread. Keep it clean, keep the insults and profanity to yourselves, and discussion of mod actions related to members is not to be discussed on the forum pages. If you cannot post according to site guidelines, as far as some members of the team are concerned, this discussion can be ended at any time.

[chaosdivine]

Could you share server and channel info, so others can join...

It was listed on page 10. IRC #bbrootthebox in freenode and #crackberrycrack in freenode.