update

documentation/source/BootROM_8890/boot_chain.rst

@@ -3,11 +3,127 @@ Booting
 =======
 After exploitation the goal is to fully boot the device.
 
+Current boot chain:
+
+.. figure:: images/boot_chain.drawio.svg
+   :align: center
+
+   Boot chain
+
 debugger
 ========
 Some other information about the debugger and it's current state.
 
-ROM
----
+bl1
+===
+
+Loads at address ``0x02024000`` and contains some form of header. 
+There seems to be a samsung header format, where the first 4 bytes define the entry point of the binary. 
+In this case this entry is ``+0x10`` so we jump to ``0x02024010``.
+
+.. code-block:: python
+
+    fwbl1 = open("../S7/bl1.bin", "rb").read()
+    self.cd.memwrite_region(0x02024000, fwbl1)
+
+    def jump_fwbl1():
+            self.cd.arch_dbg.state.LR = 0x2069000
+            self.cd.restore_stack_and_jump(0x02024010)
+
+    jump_fwbl1()
+
+However, this does not result in a jump back to the debugger.
+The reason for this is the following code in bl1:
+
+.. code-block:: c
+
+    iVar3 = FUN_02024320();
+    if (iVar3 == 1) {
+        (*(code *)(ulong)uRam0000000002020108)(0,1);
+    }
+    
+This code uses a predefined ROM function(I was looking for it) and jumps back to that function when it's done. 
+This function is at address ``0x020200e8``, looking in our IMEM dump we can see where in the ROM this points to:
+
+.. code-block:: c
+
+                             DAT_02020108                                    XREF[2]:     FUN_00001708:000018b4(W), 
+                                                                                          FUN_02021970:02021a40(R)  
+        02020108 90 57 00 00     undefined4 00005790h
+
+Replacing this function with our debugger makes us jump back:
+
+.. code-block:: python
+
+    # Overwrite jump back
+        self.cd.memwrite_region(0x02020108, p32(0x2069000))
+        self.cd.memwrite_region(0x020200e8, p32(0x2069000))
+            
+        def jump_bl1():
+            self.cd.arch_dbg.state.LR = 0x2069000
+            self.cd.restore_stack_and_jump(0x02024010)
+            # self.cd.restore_stack_and_jump(0x02021810)
+            
+        bl1 = open("../S7/bl1.bin", "rb").read()
+        self.cd.memwrite_region(0x02024000, bl1)
+        self.usb_write(b"FLSH")
+        
+        # auth_bl1()
+        jump_bl1()
+        assert self.usb_read(0x200) == b"GiAs", "not jumped back to debugger?"
+        self.cd.arch_dbg.state.print_ctx()
+
+        root | DEBUG | 
+            X0 : 0xc00000 | X1 : 0x2069000 | X2 : 0x0 | X3 : 0x2023114 | X4 : 0x4 | X5 : 0x0 | X6 : 0x0 |
+            X7 : 0x136c0008 | X8 : 0x2069000 | X9 : 0x0 | X10 : 0x2070000 | X11 : 0x0 | X12 : 0x0 | X13 : 0x0 |
+            X14 : 0xf | X15 : 0x206d000 | X16 : 0x9 | X17 : 0x0 | X18 : 0x1 | X19 : 0x20200e8 | X20 : 0x0 |
+            X21 : 0x80000000 | X22 : 0x0 | X23 : 0x0 | X24 : 0x0 | X25 : 0x0 | X26 : 0x0 | X27 : 0x1 |
+            X28 : 0x0 | X29 : 0x2020ed8 | LR/X30 : 0x202419c | SP/X31 : 0x2020ec0
+
+However this does not fully run bl1, so we will have to dig a bit deeper to see the puropose and when to jump back to the debugger.
+
+purpose
+-------
+bl1 interacts with several pheriperals, from the DTB these are:
+
+.. code-block:: dtsi
+
+    /* FSYS0 */
+	pinctrl_5: pinctrl@10E60000 {
+		compatible = "samsung,exynos8890-pinctrl";
+		reg = <0x0 0x10E60000 0x1000>;
+		interrupts = <0 212 0>;
+	};
+
+	/* FSYS1 */
+	pinctrl_6: pinctrl@15690000 {
+		compatible = "samsung,exynos8890-pinctrl";
+		reg = <0x0 0x15690000 0x1000>;
+		interrupts = <0 202 0>;
+	};
+
+    /* PERIC1 */
+	pinctrl_9: pinctrl@14CC0000 {
+		compatible = "samsung,exynos8890-pinctrl";
+		reg = <0x0 0x14CC0000 0x1000>;
+		interrupts = <0 460 0>;
+	};
+
+    pmu_system_controller: system-controller@105C0000 {
+		compatible = "samsung,exynos8890-pmu", "syscon";
+		reg = <0x0 0x105C0000 0x10000>;
+	};
+
+    rtc@10070000 {
+		compatible = "samsung,s3c6410-rtc";
+		reg = <0x0 0x10070000 0x100>;
+		interrupts = <0 73 0>, <0 74 0>;
+		clocks = <&clock 157>;
+		clock-names = "gate_rtc";
+	};
 
 
+BL31
+----
+
+Setups EL3 stuff, probably in preperation of loading trustzone

reven/SamsungS7.lock

@@ -1,9 +1,9 @@
 #Ghidra Lock File
-#Sat Aug 03 17:14:04 CEST 2024
+#Tue Aug 06 19:30:30 CEST 2024
 OS\ Name=Linux
 OS\ Version=6.5.0-44-generic
 Username=eljakim
 Hostname=levith
 <META>\ Supports\ File\ Channel\ Locking=Channel Lock
 OS\ Architecture=amd64
-Timestamp=8/3/24, 5\:14 PM
+Timestamp=8/6/24, 7\:30 PM

reven/SamsungS7.rep/idata/~index.bak

@@ -1,11 +1,13 @@
 VERSION=1
 /
-  00000002:8890_bootrom.bin:7f0119bc3142241939494339
+  00000006:8890_bootrom.bin:7f0119bc3142241939494339
+  00000002:8890_bootrom.bin.keep:7f011889d240069673442230
 /mib3
   00000000:full_boot:7f0118059140616855428589
 /s7
+  00000007:fwbl1.bin:7f011a0d5252765509589854
   00000003:sboot.bin.2.bin:7f011ab837995028720085
   00000004:sboot.bin.3.bin:7f011872b8163836628792
   00000005:sboot.bin.4.bin:7f011842b8231996037592
-NEXT-ID:6
+NEXT-ID:8
 MD5:d41d8cd98f00b204e9800998ecf8427e

reven/SamsungS7.rep/idata/~index.dat

@@ -1,11 +1,13 @@
 VERSION=1
 /
-  00000002:8890_bootrom.bin:7f0119bc3142241939494339
+  00000006:8890_bootrom.bin:7f0119bc3142241939494339
+  00000002:8890_bootrom.bin.keep:7f011889d240069673442230
 /mib3
   00000000:full_boot:7f0118059140616855428589
 /s7
-  00000003:sboot.bin.2.bin:7f011ab837995028720085
+  00000007:bl1.bin:7f011a0d5252765509589854
+  00000003:bl31.bin:7f011ab837995028720085
   00000004:sboot.bin.3.bin:7f011872b8163836628792
   00000005:sboot.bin.4.bin:7f011842b8231996037592
-NEXT-ID:6
+NEXT-ID:8
 MD5:d41d8cd98f00b204e9800998ecf8427e

reven/SamsungS7.rep/user/~index.bak

@@ -1,8 +1,9 @@
 VERSION=1
 /
   00000000:udf_7f0118059140616855428589:7f0118d0b142268235940037
+  00000004:udf_7f011842b8231996037592:7f01190f112184430945139
   00000003:udf_7f011872b8163836628792:7f011a9478217161533597
   00000001:udf_7f0119bc3142241939494339:7f011abb7142807435236045
   00000002:udf_7f011ab837995028720085:7f0118cdd8148515697603
-NEXT-ID:4
+NEXT-ID:5
 MD5:d41d8cd98f00b204e9800998ecf8427e

reven/SamsungS7.rep/user/~index.dat

@@ -4,6 +4,7 @@ VERSION=1
   00000004:udf_7f011842b8231996037592:7f01190f112184430945139
   00000003:udf_7f011872b8163836628792:7f011a9478217161533597
   00000001:udf_7f0119bc3142241939494339:7f011abb7142807435236045
+  00000005:udf_7f011a0d5252765509589854:7f0118e15255467845445248
   00000002:udf_7f011ab837995028720085:7f0118cdd8148515697603
-NEXT-ID:5
+NEXT-ID:6
 MD5:d41d8cd98f00b204e9800998ecf8427e

reven/SamsungS7.rep/user/~journal.bak

@@ -1,2 +1,2 @@
-IADD:00000004:/udf_7f011842b8231996037592
-IDSET:/udf_7f011842b8231996037592:7f01190f112184430945139
+IADD:00000005:/udf_7f011a0d5252765509589854
+IDSET:/udf_7f011a0d5252765509589854:7f0118e15255467845445248

source/exploit/exploit.py

@@ -221,6 +221,10 @@ class ExynosDevice():
         self.cd.arch_dbg.state.auto_sync = False
         self.cd.arch_dbg.state.print_ctx()
         
+        # Overwrite jump back
+        self.cd.memwrite_region(0x02020108, p32(0x2069000))
+        # self.cd.memwrite_region(0x020200e8, p32(0x2069000))
+        
         AUTH_BL1 = 0x00012848
         def memdump_try():
             dumped = b""
@@ -234,11 +238,37 @@ class ExynosDevice():
             self.cd.arch_dbg.state.X1 = 1
             self.cd.arch_dbg.state.LR = 0x2069000 #jump back to debugger when finished
             self.cd.restore_stack_and_jump(AUTH_BL1)
+            
+        def jump_bl1():
+            self.cd.arch_dbg.state.LR = 0x2069000
+            self.cd.restore_stack_and_jump(0x02024010)
+            # self.cd.restore_stack_and_jump(0x02021810)
+            
+        #000125b4
+        # self.cd.arch_dbg.state.LR = 0x2069000 #jump back to debugger when finished
+        # self.cd.restore_stack_and_jump(0x00012814)
+        # self.cd.restore_stack_and_jump(0x000125b4)
         
-        fwbl1 = open("../S7/fwbl1.bin", "rb").read()
-        self.cd.memwrite_region(0x02021800, fwbl1)
-        memdump_try()
-        auth_bl1()
+        bl1 = open("../S7/bl1.bin", "rb").read()
+        self.cd.memwrite_region(0x02024000, bl1)
+        self.usb_write(b"FLSH")
+        
+        # auth_bl1()
+        jump_bl1()
+        assert self.usb_read(0x200) == b"GiAs", "not jumped back to debugger?"
+        self.cd.arch_dbg.state.print_ctx()
+        
+        def jump_bl31():
+            self.cd.arch_dbg.state.LR = 0x2069000
+            self.cd.restore_stack_and_jump(0x02021810)
+        bl31 = open("../S7/bl31.bin", "rb").read()
+        self.cd.memwrite_region(0x02021800, bl31)
+        jump_bl31()
+        assert self.usb_read(0x200) == b"GiAs", "not jumped back to debugger?"
+        self.cd.arch_dbg.state.print_ctx()
+        
+        # memdump_try()
+        # auth_bl1()
         self.cd.arch_dbg.state.print_ctx()
         
         #authenticate it

source/exploit/stage1/stage1.c

@@ -33,7 +33,8 @@ void recv_data(uint32_t address, uint32_t size){
     dwc3_ep0_start_trans(2, rbuf, 0x200);
     while(1){
         usb_event_handler();
-        if(*(uint8_t *)dref == 1){
+        volatile val = *(volatile uint8_t *)dref;
+        if(val == 1){
             break;
         }
     }
@@ -73,6 +74,10 @@ int main() {
         recv_data(0x2069000 + block, block_sz);
     }
 
+    // clear cache
+    // __asm__ __volatile__("ic iallu\n\t" : : :"memory");
+    // __asm__ __volatile__("ic ialluis\n\t" : : :"memory");
+
     // Create function at debugger_location
     void (*custom_func)() = (void*)0x2069000; //mem_off;
     custom_func();