Page 3 of 6
Re: LE40C750 bootloader disassembly thread
Posted: Tue Nov 16, 2010 1:01 am
by bastler0815
Wow always amazing to see the progress!
And no sadly I don?t know any freeware disassembler which is as powerful as IDA Pro ...
Regards, Bastler
Re: LE40C750 bootloader disassembly thread
Posted: Tue Nov 16, 2010 8:27 am
by juusso
probutus
Is here any hint of procedure if bootloader finds changed kernel? What procedure is next? Maybe is it possible to boot from external source in this case or we just get kernel panic or smth else?
Re: LE40C750 bootloader disassembly thread
Posted: Thu Nov 18, 2010 1:54 pm
by rvs2
probutus
Why to make a jump (B locReturn) right after sub_6701A144.
Otherwise there is a probability of a jump on locCreateHashCheckFailed.
Re: LE40C750 bootloader disassembly thread
Posted: Fri Nov 19, 2010 4:03 pm
by rvs2
probutus wrote:
Thas was my first thought, too but I have seen that the function Authenticate() is called from different places (even inside the second section of the bootloader which is copied into internal sram before). The function CreateHash seem to only fail when there is something wrong with the mechanism creating a hash, so this should not fail when the hashes dont match. Patching only the authenticate function makes us proof even with the other functions calling it
OK!
Then quits there are two functions (sub_6701A020=CreateHash and sub_6701A144=CreateHash_0) of creation a hash? Or it is check of different parts?