FreeCalypso > hg > freecalypso-sw
annotate doc/TFC139-breakin @ 978:1ee80bcb0fd0
fc-tmsh: omr (old-style memory read) command implemented
author | Mychaela Falconia <falcon@ivan.Harhan.ORG> |
---|---|
date | Thu, 10 Dec 2015 04:05:55 +0000 |
parents | 3f67d5bf96ef |
children | 7a55a3eb985a |
rev | line source |
---|---|
974
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
1 Maliciously locked bootloader |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
2 ============================= |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
3 |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
4 When Compal (Motorola's ODM who designed and built their C1xx phones for them) |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
5 designed the firmware architecture and flash memory layout for their phones, |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
6 they made a bad design decision by putting the boundary between their bootloader |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
7 and the main fw image at 0x2000, even though the flash erase block boundary |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
8 doesn't come until 0x10000 - thus every time the main fw needs to be reflashed |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
9 to a different version, the dangerous boot sector has to be reflashed too. |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
10 |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
11 But then they made things even worse in the newer versions of their fw by |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
12 introducing a bootloader lock malfeature whereby the ability to interrupt boot |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
13 and load code serially may be artificially disabled. This malfeature is |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
14 implemented as follows: |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
15 |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
16 * In the original firmware layout (before the addition of the malfeature in |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
17 question) the boot code occupies the flash range from 0 through 0x1FFF, then |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
18 there are some ID strings at 0x2000, 0x2020 and 0x2040, and then the part of |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
19 the firmware that used to be at 0x10000 in TI's reference fw starts at 0x20A0, |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
20 with the entry point at 0x20F8 (corresponding to TI's 0x10058). |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
21 |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
22 With the addition of the bootloader lock malfeature the 32-bit word at 0x2060 |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
23 (previously unused and filled with 0xFFFFFFFF) became a control word telling |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
24 the bootloader whether diversion of the boot path to serial code download |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
25 should be allowed or not. |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
26 |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
27 * When firmware images with this malfeature present are first built, the word |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
28 at 0x2060 contains 0xDDDDDDDD. (Does D stand for debug or development, or |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
29 was the developer who implemented this malfeature fascinated by large bra |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
30 cups? We may never know.) This word MUST read as 0xDDDDDDDD in order for |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
31 the boot code to allow serial download: if it reads as any other value (e.g., |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
32 if it contains 0xFFFFFFFF because only the 8192 byte boot code has been |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
33 programmed into flash sector 0, with blank flash from 0x2000 onward), no |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
34 serial download opportunity will ever be offered and the phone is effectively |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
35 bricked! |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
36 |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
37 * For as long as the word at 0x2060 still contained 0xDDDDDDDD, Compal's |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
38 developers could continue gaining access through the bootloader and reflashing |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
39 their firmware. But when phones were to be shipped to customers with the |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
40 malicious bootloader lock activated, they probably sent some Test Mode command |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
41 (see RVTMUX write-up) to their running fw that caused it to write 0x00000000 |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
42 into the flash word at 0x2060. (Remember that any bit in a NOR flash memory |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
43 can be programmed from 1 to 0 at any time in any combination, but changing |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
44 bits from 0 back to 1 is only possible with full sector erasure.) |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
45 |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
46 * Once the word at 0x2060 has been programmed (in the flash memory sense) from |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
47 0xDDDDDDDD down to 0x00000000, the phone is irreversibly locked and has lost |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
48 its ability to ever run a different firmware version, like a kamikaze pilot's |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
49 plane that has discarded its landing gear and can only crash now. |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
50 |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
51 TFC139 recovery |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
52 =============== |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
53 |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
54 While it probably was Compal's, Motorola's and TracFone's intent that the |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
55 bootloader lock on their phones be truly irreversible, some genius out there |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
56 (we may never know who this person was/is) has found a way to recover the |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
57 reflashing capability on at least one very common flock of locked-down phones: |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
58 North American C139 units (1900+850 MHz hardware) sold with TracFone branding, |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
59 firmware version 8.8.17. Here is how it goes: |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
60 |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
61 * Even though the bootloader is locked down, if one boots the full fw regularly, |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
62 one can still access the RVTMUX interface which the TI-based fw implements |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
63 for debug trace and factory programming functions. One needs to key in the |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
64 magic sequence **16379# into the running fw, and a hidden menu will appear, |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
65 giving the operator the option to enable trace. Selecting this option will |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
66 cause the fw to switch the headset jack to the UART carrying RVTMUX. |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
67 |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
68 * Mot/Compal's firmware is based on a quite old version of TI's chipset |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
69 reference fw (relative to late TCS211 from the Openmoko/Pirelli era), and it |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
70 does not feature the Enhanced Test Mode (ETM) component with which we are |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
71 most familiar. However, it does implement the older set of non-enhanced |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
72 Test Mode commands, and these TM commands just happen to include raw memory |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
73 read and write operations at an arbitrary address. (For a while we were |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
74 under a mistaken belief that these commands were Compal's inventions, until |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
75 we discovered TI's original TM predating ETM.) |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
76 |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
77 * The ingenious idea our hero came up with is that one can use the RVTMUX TM |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
78 memory write command to write a piece of "shellcode" into an unused RAM |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
79 location, and then use those very same memory write commands to cause a |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
80 transfer of control to this code by overwriting a function return address on |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
81 the stack! |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
82 |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
83 * Once you can execute your own code on the Calypso, everything becomes possible |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
84 once again. At that point one can trivially reverse the bootloader lock by |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
85 erasing flash sector 0 and rewriting it with 0xDDDDDDDD in the 0x2060 word, |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
86 or even better, rewriting this boot sector with an older version of the boot |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
87 code that lacks the locking malfeature altogether. |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
88 |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
89 In the FreeCalypso suite the tfc139 host utility performs the break-in using |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
90 the RVTMUX TM memory write and stack smashing method just described. The |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
91 "shellcode" injected by tfc139 re-enables the Calypso chip's own boot ROM and |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
92 jumps to it; this boot ROM will endlessly wait for a serial download because |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
93 the word at 0x2000 contains neither 0 nor 1 (it is part of an identifying ASCII |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
94 string in Mot/Compal's fw), and the operator can then run fc-loadtool to |
3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
95 perform arbitrary flash operations. |