Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add more explaination to the README #4

Open
herbsmn opened this issue Apr 21, 2018 · 7 comments
Open

Add more explaination to the README #4

herbsmn opened this issue Apr 21, 2018 · 7 comments

Comments

@herbsmn
Copy link

herbsmn commented Apr 21, 2018

How exactly does this software work?

Is sboot replaced entirely, partially, or not at all?

I saw that on the Verizon version of the Note 2, which also uses the same Exynos SoC afaik, some people were able to perform an iROM Unlock and replace sboot with "a bootloader which has been modified to ignore all security checks at the highest level possible". https://forum.xda-developers.com/showthread.php?t=2043636

Does the software contained here use this iROM exploit to slip uboot in to replace all or part of sboot? If not, is this theoretically possible?

@dmarszk
Copy link
Owner

dmarszk commented Apr 21, 2018

We never replaced S-Boot. We always sideloaded U-Boot from SD-card or, theoretically, through iROM USB download. Though in theory, S-Boot could be replaced. I suppose maybe that's what Adam and Ralekdev did. You would have to ask them.

It's not really an iROM exploit, but a wildcard bootloader signed by Samsung and released as a part of Odroid project.
https://github.com/dmarszk/exynos4_uboot/blob/master/sd_fuse/p4412_s_fwbl1.bin
The bootloader code essentially does nothing but jumping into the code glued to it, which is not signed in any way. This breaks the secure boot trust chain.

@adamoutler
Copy link
Collaborator

adamoutler commented Apr 21, 2018 via email

@herbsmn
Copy link
Author

herbsmn commented Apr 22, 2018

@dmarszk @adamoutler do you guys now if this wildcard bootloader that was released as part of the Odroid project works exclusively for the SCH-I605 (Verizon version of the N2) or does it work for the N7100 and I9300 as well? They are all Exynos 4412 AFAIK. I'm assuming that this wouldn't work for the I9100 since it is a different Exynos SoC, right?

@fourkbomb
Copy link

fourkbomb commented Apr 22, 2018

@dmarszk so do you use u-boot's SPL as BL2? As far as I can tell the Hardkernel u-boot uses a prebuilt BL2.

EDIT: I did a bit more looking. It seems like the smdk4212 lowlevel_init compares pc to the configured base address to detect whether or not it's running as BL2 or real u-boot? So the code just assumes that all the "bl2" code will end up in the first 14000 bytes of the u-boot executable and then uses that as BL2?

@herbsmn
Copy link
Author

herbsmn commented Jun 8, 2018

https://blog.forkwhiletrue.me/posts/u-boot-on-galaxy-s3/

@herbsmn
Copy link
Author

herbsmn commented Jun 18, 2019

This repo seems to have some private keys and tools contained within it: https://github.com/675816156/itop4412_offered_uboot/tree/master/CodeSign4SecureBoot

Do any of you happen to know what this is exactly?

@herbsmn
Copy link
Author

herbsmn commented Sep 23, 2019

It looks like xboot might have written their own libre BL1 for the Exynos4412: https://github.com/xboot/xboot/tree/master/src/arch/arm32/mach-exynos4412

Replicant is trying to get it working: xboot/xboot#21

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants