Difference between revisions of "Second Loader"
Jump to navigation
Jump to search
| Line 8: | Line 8: | ||
memeprom line 0x50B offset 0x4 bit 1 set = ignore version mismatch errors. This line itself is set from SNVS 0xD2 block 0. Alternatively set version to 0xDEADBEEF to skip. | memeprom line 0x50B offset 0x4 bit 1 set = ignore version mismatch errors. This line itself is set from SNVS 0xD2 block 0. Alternatively set version to 0xDEADBEEF to skip. | ||
| + | |||
| + | == Session key/coredump encryption == | ||
| + | |||
| + | 0x20 random bytes are generated and written to keyslot 0x51A. Then, the buffer is encrypted with aes128-cbc using coredump_key and coredump_iv. The result is copied to sysroot buffer +0x100 (0x1F000200) | ||
Revision as of 21:58, 20 June 2018
eeprom protection
On 0.995 and 3.60 the following lines are protected after starting arm: 0x0-0x7F, 0x140-0x17F, 0x200-0x203, 0x206-0x20D, 0x344-0x353, 0x400-0x47F, 0x502-0x57F, 0x700-0x77F
The protection it sets is 0x1C1F (so f00d read disabled).
Bypassing version checks
memeprom line 0x50B offset 0x4 bit 1 set = ignore version mismatch errors. This line itself is set from SNVS 0xD2 block 0. Alternatively set version to 0xDEADBEEF to skip.
Session key/coredump encryption
0x20 random bytes are generated and written to keyslot 0x51A. Then, the buffer is encrypted with aes128-cbc using coredump_key and coredump_iv. The result is copied to sysroot buffer +0x100 (0x1F000200)