Difference between revisions of "Bootrom"

From freemyipod.org
Jump to: navigation, search
Line 15: Line 15:
 
The mode is selected based on straps, pressed buttons and mode priorities (first NAND or 'NOR' is performed, then DFU).
 
The mode is selected based on straps, pressed buttons and mode priorities (first NAND or 'NOR' is performed, then DFU).
  
All three boot paths end up performing the same image verification steps:
+
All three boot paths end up performing the same [[IMG1 image]] verification steps:
  
 
# Load image into memory at beginning of SRAM.
 
# Load image into memory at beginning of SRAM.
# Verify image header (IMG1/DFU v2.0, '87202.0' header): perform SHA1 then AES of first 0x40 bytes, compare against stored sum.
+
# Verify image header ([[IMG1]] 2.0): perform SHA1 then AES of first 0x40 bytes, compare against stored sum.
 
# Parse footer certificates and verify footer signature against body (undocumented).
 
# Parse footer certificates and verify footer signature against body (undocumented).
 
# Decrypt and jump into body.
 
# Decrypt and jump into body.

Revision as of 00:24, 10 December 2021

Introduction

The iPod Nano 4G bootrom is different from the iBoot/SecureROM bootrom present on iOS-based S5L8720 devices, like the iPod Touch 2G.

The reverse engineering efforts below have been based on a ROM extract from a Nano 4g with the following SHA256 sum: 9cc05fb83024c9d51fd31c97a137447ce5ea87fe7cefba7b9aa6d54609bfbafb .

BootROM functionality

The BootROM can perform the following actions:

  1. Boot from NAND flash (via built-in flash translation layer implementation)
  2. Boot from some other unknown storage (NOR? Although NOR is not present on the N4G...)
  3. Boot from USB DFU mode.

The mode is selected based on straps, pressed buttons and mode priorities (first NAND or 'NOR' is performed, then DFU).

All three boot paths end up performing the same IMG1 image verification steps:

  1. Load image into memory at beginning of SRAM.
  2. Verify image header (IMG1 2.0): perform SHA1 then AES of first 0x40 bytes, compare against stored sum.
  3. Parse footer certificates and verify footer signature against body (undocumented).
  4. Decrypt and jump into body.

Certificate parsing

The certificate parsing code is subject to Pwnage 2.0. This is one of the few codebases shared with iBoot/SecureROM, and is why the bug was portable to the Nano bootroms.

DFU mode

The DFU mode codebase seems to be different from the iBoot/SecureROM codebase, with very little code shared (perhaps apart from low-level DWC2 OTG register access code). There are no iBoot-like tasks present, the heap is very minimalistic (bitmap based), and the entire data transfer is effectively performed in poll/synchronous mode.

The difference between the Nano and SecureROM bootrom codebases seem to be the main cause of none of the SecureROM USB exploits working (steaks4uce, usb_control_msg(0xa1, 1), checkm8, etc. However, a full pass over the USB codepaths is still yet to be performed.