LE40C750 bootloader disassembly thread

Here is information about customize your C series firmware..:!:This forum is NOT FOR DUMMY USERS questions or problems but DEVELOPER.

rvs2
Official SamyGO Developer
Posts: 22
Joined: Wed Oct 06, 2010 4:13 pm

Re: LE40C750 bootloader disassembly thread

Post by rvs2 »

probutus wrote: Is it possible to download the mips based bootloader binary from somewhere?
Yes, I have written private message.
http://rapidshare.com/files/432785857/Boot.rar
Is the crypto calculation in the MIPS system also done in hardware or in software?
As well as in ?750 with little changes.
is this system based on a BCM7601 chipset?
1. TridentSX Pro - MIPS be, firmware T-TDT5xxxx. C550/C530
2. Saturn 7 - MIPS le, firmware T-MSX5xxxx. C550/C530
3. Cortex-A8/Valencia ARMv7 firmware T-VALDxxxx C650/C750

arris69
Official SamyGO Developer
Posts: 1700
Joined: Fri Oct 02, 2009 8:52 am
Location: Austria/Vienna (no Kangaroos here)
Contact:

Re: LE40C750 bootloader disassembly thread

Post by arris69 »

rvs2 wrote:...
2. Saturn 7 - MIPS le, firmware T-MSX5xxxx. C550/C530
..
LE ??
from where do you have this information?

thnx
arris

rvs2
Official SamyGO Developer
Posts: 22
Joined: Wed Oct 06, 2010 4:13 pm

Re: LE40C750 bootloader disassembly thread

Post by rvs2 »

arris69 wrote:
rvs2 wrote:...
2. Saturn 7 - MIPS le, firmware T-MSX5xxxx. C550/C530
..
LE ??
from where do you have this information?

thnx
arris
le - little-endian
be - big-endian
The information from source codes from Samsung.

rvs2
Official SamyGO Developer
Posts: 22
Joined: Wed Oct 06, 2010 4:13 pm

Re: LE40C750 bootloader disassembly thread

Post by rvs2 »

probutus wrote:Hi rvs2,
I had a very first very short look at your bootloader and it seems that you have usb and ethernet support in your bootloader available
Yes I too saw, but to find a combination of conditions what it have earned I can not yet.
But here there is such code.

Code: Select all

#define SBOOT_NOT_NORMAL       		0xBAB0BAB0  
#define SBOOT_NORMAL       	0xFAFEF0F0  

	if (cmackey.magic == SBOOT_NORMAL) 
	{
		// ECB need 4 bytes aligned
		SCU_PRINTK("N_BOOT\n");
		Trid_Securekey_AES_ECB_Dec( (unsigned int) cmackey.key, SZ_AES_UNIT,  (unsigned int) mkey,  (unsigned int *) &outLength);
	}
	else if(cmackey.magic == SBOOT_NOT_NORMAL)
	{
		SCU_PRINTK("F_BOOT\n");
		Trid_Masterkey_AES_ECB_Enc( (unsigned int) cmackey.key,  SZ_AES_UNIT,  (unsigned int) mkey,  (unsigned int *)&outLength);
	}
	else
	{
		aes_stop();
		Exception_from_authuld("No correct flag\n");
		do_exit(0);	// for development version. Exception_from_authuld() is the ending point in release version
	}
		
	uboot_open_flag = 0;
	for(i=0;i<3;i++) 
	{
		if( (fd=sys_open(CONFIG_AUTHULD_PATH, O_RDONLY, 0 ) )>= 0 ) 
		{
			SCU_PRINTK("Now ready (after=%d)    \n", i);
			SCU_PRINTK("---------------------------------\n");
			sys_close(fd);
			uboot_open_flag = 1;
			break;
		}
		msleep(10);
	}
	
	if( uboot_open_flag == 0 ) 
	{
		aes_stop();
		Exception_from_authuld("Unable to open Auth\n");
		do_exit(0); // for development version. Exception_from_authuld() is the ending point in release version
	}

	if(check_ci_app_integrity_with_size(mkey, CONFIG_AUTHULD_PATH, macList.msgLen, macList.mac) == 0 ) 
	{
		aes_stop(); // Call aes_stop() after send_to_authuld(). get_rand() is a function of libaes.a
		
		// don't increase booting time by loading. 
		ssleep(15);

		nonce = send_to_authuld();

		SCU_PRINTK("Auth run\n");

		pid = kernel_thread(execute_authuld,NULL,CLONE_FS|CLONE_SIGHAND|SIGCHLD);
 

Post Reply

Return to “[C] Firmware”