FreeCalypso > hg > freecalypso-sw
comparison doc/TFC139-breakin @ 974:3f67d5bf96ef
doc: TFC139-breakin written, Compal-unlock updated
| author | Mychaela Falconia <falcon@ivan.Harhan.ORG> |
|---|---|
| date | Sun, 15 Nov 2015 03:47:19 +0000 |
| parents | |
| children | 7a55a3eb985a |
comparison
equal
deleted
inserted
replaced
| 973:285505f98013 | 974:3f67d5bf96ef |
|---|---|
| 1 Maliciously locked bootloader | |
| 2 ============================= | |
| 3 | |
| 4 When Compal (Motorola's ODM who designed and built their C1xx phones for them) | |
| 5 designed the firmware architecture and flash memory layout for their phones, | |
| 6 they made a bad design decision by putting the boundary between their bootloader | |
| 7 and the main fw image at 0x2000, even though the flash erase block boundary | |
| 8 doesn't come until 0x10000 - thus every time the main fw needs to be reflashed | |
| 9 to a different version, the dangerous boot sector has to be reflashed too. | |
| 10 | |
| 11 But then they made things even worse in the newer versions of their fw by | |
| 12 introducing a bootloader lock malfeature whereby the ability to interrupt boot | |
| 13 and load code serially may be artificially disabled. This malfeature is | |
| 14 implemented as follows: | |
| 15 | |
| 16 * In the original firmware layout (before the addition of the malfeature in | |
| 17 question) the boot code occupies the flash range from 0 through 0x1FFF, then | |
| 18 there are some ID strings at 0x2000, 0x2020 and 0x2040, and then the part of | |
| 19 the firmware that used to be at 0x10000 in TI's reference fw starts at 0x20A0, | |
| 20 with the entry point at 0x20F8 (corresponding to TI's 0x10058). | |
| 21 | |
| 22 With the addition of the bootloader lock malfeature the 32-bit word at 0x2060 | |
| 23 (previously unused and filled with 0xFFFFFFFF) became a control word telling | |
| 24 the bootloader whether diversion of the boot path to serial code download | |
| 25 should be allowed or not. | |
| 26 | |
| 27 * When firmware images with this malfeature present are first built, the word | |
| 28 at 0x2060 contains 0xDDDDDDDD. (Does D stand for debug or development, or | |
| 29 was the developer who implemented this malfeature fascinated by large bra | |
| 30 cups? We may never know.) This word MUST read as 0xDDDDDDDD in order for | |
| 31 the boot code to allow serial download: if it reads as any other value (e.g., | |
| 32 if it contains 0xFFFFFFFF because only the 8192 byte boot code has been | |
| 33 programmed into flash sector 0, with blank flash from 0x2000 onward), no | |
| 34 serial download opportunity will ever be offered and the phone is effectively | |
| 35 bricked! | |
| 36 | |
| 37 * For as long as the word at 0x2060 still contained 0xDDDDDDDD, Compal's | |
| 38 developers could continue gaining access through the bootloader and reflashing | |
| 39 their firmware. But when phones were to be shipped to customers with the | |
| 40 malicious bootloader lock activated, they probably sent some Test Mode command | |
| 41 (see RVTMUX write-up) to their running fw that caused it to write 0x00000000 | |
| 42 into the flash word at 0x2060. (Remember that any bit in a NOR flash memory | |
| 43 can be programmed from 1 to 0 at any time in any combination, but changing | |
| 44 bits from 0 back to 1 is only possible with full sector erasure.) | |
| 45 | |
| 46 * Once the word at 0x2060 has been programmed (in the flash memory sense) from | |
| 47 0xDDDDDDDD down to 0x00000000, the phone is irreversibly locked and has lost | |
| 48 its ability to ever run a different firmware version, like a kamikaze pilot's | |
| 49 plane that has discarded its landing gear and can only crash now. | |
| 50 | |
| 51 TFC139 recovery | |
| 52 =============== | |
| 53 | |
| 54 While it probably was Compal's, Motorola's and TracFone's intent that the | |
| 55 bootloader lock on their phones be truly irreversible, some genius out there | |
| 56 (we may never know who this person was/is) has found a way to recover the | |
| 57 reflashing capability on at least one very common flock of locked-down phones: | |
| 58 North American C139 units (1900+850 MHz hardware) sold with TracFone branding, | |
| 59 firmware version 8.8.17. Here is how it goes: | |
| 60 | |
| 61 * Even though the bootloader is locked down, if one boots the full fw regularly, | |
| 62 one can still access the RVTMUX interface which the TI-based fw implements | |
| 63 for debug trace and factory programming functions. One needs to key in the | |
| 64 magic sequence **16379# into the running fw, and a hidden menu will appear, | |
| 65 giving the operator the option to enable trace. Selecting this option will | |
| 66 cause the fw to switch the headset jack to the UART carrying RVTMUX. | |
| 67 | |
| 68 * Mot/Compal's firmware is based on a quite old version of TI's chipset | |
| 69 reference fw (relative to late TCS211 from the Openmoko/Pirelli era), and it | |
| 70 does not feature the Enhanced Test Mode (ETM) component with which we are | |
| 71 most familiar. However, it does implement the older set of non-enhanced | |
| 72 Test Mode commands, and these TM commands just happen to include raw memory | |
| 73 read and write operations at an arbitrary address. (For a while we were | |
| 74 under a mistaken belief that these commands were Compal's inventions, until | |
| 75 we discovered TI's original TM predating ETM.) | |
| 76 | |
| 77 * The ingenious idea our hero came up with is that one can use the RVTMUX TM | |
| 78 memory write command to write a piece of "shellcode" into an unused RAM | |
| 79 location, and then use those very same memory write commands to cause a | |
| 80 transfer of control to this code by overwriting a function return address on | |
| 81 the stack! | |
| 82 | |
| 83 * Once you can execute your own code on the Calypso, everything becomes possible | |
| 84 once again. At that point one can trivially reverse the bootloader lock by | |
| 85 erasing flash sector 0 and rewriting it with 0xDDDDDDDD in the 0x2060 word, | |
| 86 or even better, rewriting this boot sector with an older version of the boot | |
| 87 code that lacks the locking malfeature altogether. | |
| 88 | |
| 89 In the FreeCalypso suite the tfc139 host utility performs the break-in using | |
| 90 the RVTMUX TM memory write and stack smashing method just described. The | |
| 91 "shellcode" injected by tfc139 re-enables the Calypso chip's own boot ROM and | |
| 92 jumps to it; this boot ROM will endlessly wait for a serial download because | |
| 93 the word at 0x2000 contains neither 0 nor 1 (it is part of an identifying ASCII | |
| 94 string in Mot/Compal's fw), and the operator can then run fc-loadtool to | |
| 95 perform arbitrary flash operations. |