The Exynos 8890 BootROM is a small piece of code that runs on the Exynos SoC at boot runtime. It is responsible for initializing the hardware and loading the first stage bootloader from storage. The BootROM is stored in a read-only memory and cannot be modified.
Useful links:
Be sure to use the correct firmware and firmware version for your S7 when trying this exploit/Frederic’s recovery boot (otherwise the booting will likely fail after sending BL31)!
There are no stack canaries or guard pages, and no ASLR. Meaning there are almost no protections in place. There is however an SMC and a MMU. The SMC is used to communicate with the secure world, and the MMU is used to map the memory.
Rom is at address 0x0 and is unwritable (Sometimes this is writeable due to MMU caching) and is 0x20000 bytes long.
Samsung releases firmware files for their devices. These files contain the bootloader, modem, and other firmware files. To see how the ROM works we are interested in the sboot firmware, which contains multiple stages of the bootloader.
These files can then be used to boot the device into USB recovery. To extract the sboot.bin file from a samsung firmware file:
For additional bootloaders, see: Github exynos8890-exynos-usbdl-recovery
The memory layout of the Exynos 8890 is as follows:
When the ROM is unable to boot from the internal storage, it enters Exynos Recovery Mode
.
In this mode the bootROM accepts data over USB. There is little functionality other than receiving data, meaning almost no additional attack surface except for the download protocol.
The Exynos BootROM uses a custom protocol to download a bootable image over USB. This image is verified and executed by the BootROM. Unauthorized images are rejected. Initial authorisation is done using the ‘_auth_bl1’ function. Frederic has exploited a vulnerability in the download protocol to load Unauthorized images.