SamyGO

Samsung TV Firmware on the GO
https://forum.samygo.tv/

LE40C750 bootloader disassembly thread

https://forum.samygo.tv/viewtopic.php?t=998

Page 5 of 6

Re: LE40C750 bootloader disassembly thread

Posted: Wed Nov 24, 2010 9:58 am
by rvs2
probutus wrote: Is it possible to download the mips based bootloader binary from somewhere?
Yes, I have written private message.
http://rapidshare.com/files/432785857/Boot.rar
Is the crypto calculation in the MIPS system also done in hardware or in software?
As well as in ?750 with little changes.
is this system based on a BCM7601 chipset?
1. TridentSX Pro - MIPS be, firmware T-TDT5xxxx. C550/C530
2. Saturn 7 - MIPS le, firmware T-MSX5xxxx. C550/C530
3. Cortex-A8/Valencia ARMv7 firmware T-VALDxxxx C650/C750

Re: LE40C750 bootloader disassembly thread

Posted: Wed Nov 24, 2010 7:12 pm
by arris69
rvs2 wrote:...
2. Saturn 7 - MIPS le, firmware T-MSX5xxxx. C550/C530
..
LE ??
from where do you have this information?

thnx
arris

Re: LE40C750 bootloader disassembly thread

Posted: Thu Nov 25, 2010 8:19 am
by rvs2
arris69 wrote:
rvs2 wrote:...
2. Saturn 7 - MIPS le, firmware T-MSX5xxxx. C550/C530
..
LE ??
from where do you have this information?

thnx
arris
le - little-endian
be - big-endian
The information from source codes from Samsung.

Re: LE40C750 bootloader disassembly thread

Posted: Fri Nov 26, 2010 1:42 pm
by rvs2
probutus wrote:Hi rvs2,
I had a very first very short look at your bootloader and it seems that you have usb and ethernet support in your bootloader available
Yes I too saw, but to find a combination of conditions what it have earned I can not yet.
But here there is such code.

Code: Select all

#define SBOOT_NOT_NORMAL       		0xBAB0BAB0  
#define SBOOT_NORMAL       	0xFAFEF0F0  

	if (cmackey.magic == SBOOT_NORMAL) 
	{
		// ECB need 4 bytes aligned
		SCU_PRINTK("N_BOOT\n");
		Trid_Securekey_AES_ECB_Dec( (unsigned int) cmackey.key, SZ_AES_UNIT,  (unsigned int) mkey,  (unsigned int *) &outLength);
	}
	else if(cmackey.magic == SBOOT_NOT_NORMAL)
	{
		SCU_PRINTK("F_BOOT\n");
		Trid_Masterkey_AES_ECB_Enc( (unsigned int) cmackey.key,  SZ_AES_UNIT,  (unsigned int) mkey,  (unsigned int *)&outLength);
	}
	else
	{
		aes_stop();
		Exception_from_authuld("No correct flag\n");
		do_exit(0);	// for development version. Exception_from_authuld() is the ending point in release version
	}
		
	uboot_open_flag = 0;
	for(i=0;i<3;i++) 
	{
		if( (fd=sys_open(CONFIG_AUTHULD_PATH, O_RDONLY, 0 ) )>= 0 ) 
		{
			SCU_PRINTK("Now ready (after=%d)    \n", i);
			SCU_PRINTK("---------------------------------\n");
			sys_close(fd);
			uboot_open_flag = 1;
			break;
		}
		msleep(10);
	}
	
	if( uboot_open_flag == 0 ) 
	{
		aes_stop();
		Exception_from_authuld("Unable to open Auth\n");
		do_exit(0); // for development version. Exception_from_authuld() is the ending point in release version
	}

	if(check_ci_app_integrity_with_size(mkey, CONFIG_AUTHULD_PATH, macList.msgLen, macList.mac) == 0 ) 
	{
		aes_stop(); // Call aes_stop() after send_to_authuld(). get_rand() is a function of libaes.a
		
		// don't increase booting time by loading. 
		ssleep(15);

		nonce = send_to_authuld();

		SCU_PRINTK("Auth run\n");

		pid = kernel_thread(execute_authuld,NULL,CLONE_FS|CLONE_SIGHAND|SIGCHLD);
All times are UTC+01:00
Page 5 of 6

Powered by phpBB® Forum Software © phpBB Limited