partial analysis of hidden sectors

[bushing]

Okay, here's what we have in the "hidden" sectors of http://forum.phathack.com/cgi-bin/yabb/YaBB.cgi?board=dmshack;action=display;num=1110200457;start=14#14:

There is data present from 0x000e0000 to 0x00100000, roughly.  (IE the last 128k before the first actual partition starts).

Here's what's there:

100 pairs of RSA public keys and some unknown binary data, 448 bytes at a time (filepos 0xe0000-0xf13c8).  (compare format of entries to pkeysa.e)

57900 bytes of unidentified binary data [0xf13c8-0xff5f4).

more zeroes until 0xfffe0

RSA? signature for the drive, as shown below.

Code: [Select]


; บ     This file is generated by The Interactive Disassembler (IDA)
บ
; บ     Copyright (c) 2005
by DataRescue sa/nv, <ida@datarescue.com>
บ
; ศอออออออออออออออออออออออออออออออออออออออออออออออออออออออออออออออออออออออออผ

structures:
00000000
00000000 R_RSA_PUBLIC_KEY struc ; (sizeof=0x2C2)
00000000 bits            DCW ?
00000002 modulus         DCB 128 dup(?)
00000082 exponent        DCB 128 dup(?)
00000102 unk             DCD 112 dup(?)
000002C2 R_RSA_PUBLIC_KEY ends
000002C2
00000000 ; ---------------------------------------------------------------------------
00000000
00000000 rsa_signature   struc ; (sizeof=0xED)
00000000 num_bits        DCW ?                   ; base 10
00000002 signature       DCB 235 dup(?)
000000ED rsa_signature   ends
000000ED

;
; File Name   : C:\phat\dms-2mb.bin
; Format
  : Binary file
; origin: 0x000e0000
rsa_pub_key1:
DCW 0x400

    ; length_in_bits
DCB 0xCF,0xBC,0x7B,0xC5,0x76,0x81,0xD8,0xEC,0x92, 2  ; modulus
DCB  0xE,0x62,0xF6,0xEC,0x1C,0x5D,0x50,0x7D,0x4C,0xF0; modulus
DCB 0xD8,0x2B,0x3E,0x46,0x68,0x78,0x66,0x34,0xB5,0x23`; modulus
DCB 0x88,0x86,0xCD,0x82,0xCA,0x1D,0x75,0xAF,0xDC,0x39; modulus
DCB 0x61,0x8B,0x4B,0xD0,0xAF,0x37,0x6A,0x7E,0xCF,0xAB; modulus
DCB 0x7B,0x1B,0x13,0xD9,0x76,0x4C,0x32,0x33,0x87,0x5E; modulus
DCB    2,0x9F,0x41,0x24,0x8C,0xB9,0x64,0x8C,0xCC,0x61; modulus
DCB 0x89, 0xD,0xB3,0xC1,0xE6,   0,0xBC,0x5D,0x74,0x18; modulus
DCB 0x33,0x61,0xD6,0xDA,0xB9,0x2B,0xA9,0x48,0xFC,0xF5; modulus
DCB 0xC7,0x42,0x4B, 0xF,0xC5,0x3F,0x2E,0xE6,0x63,0x79; modulus
DCB 0x6A,0x8D,0xAD,0x97,0x85,0x16,0x15,0x66,0xB2,   9; modulus
DCB 0x8F,0x60,0x3F,0xED,0x4A,0x6B,0x64,0x76,0xED,0x4E; modulus
DCB 0xF8,0xFB,0x82,0x9F,0xB7,0xC6,0x65,0x1D; modulus
DCB 0, 0, 0, 0, 0,0, 0, 0, 0, 0, 0, 0, 0,0, 0, 0, 0; exponent
DCB 0, 0, 0, 0, 0,0, 0, 0, 0, 0, 0, 0, 0,0, 0, 0, 0; exponent
DCB 0, 0, 0, 0, 0,0, 0, 0, 0, 0, 0, 0, 0,0, 0, 0, 0; exponent
DCB 0, 0, 0, 0, 0,0, 0, 0, 0, 0, 0, 0, 0,0, 0, 0, 0; exponent
DCB 0, 0, 0, 0, 0,0, 0, 0, 0, 0, 0, 0, 0,0, 0, 0, 0; exponent
DCB 0, 0, 0, 0, 0,0, 0, 0, 0, 0, 0, 0, 0,0, 0, 0, 0; exponent
DCB 0, 0, 0, 0, 0,0, 0, 0, 0, 0, 0, 0, 0,0, 0, 0, 0; exponent
DCB 0, 0, 0, 0, 0,0, 1, 0, 1; exponent
DCD 0xF3E1F47D,0x7BC5C43B,0x93FD97C3,0xC8CDF621,0xC1C6BA02,0x9422C12D,0x56CC595C,0x81F911DF; unk
DCD 0x8DE7F00A,0x3CBF42EF,0x51079A07,0x955C3C34,0x53EF6321,0x5337B8DE,0x651E0942,0xC6101FF1; unk
DCD 0x26029378,0x65C76FFB,0x3AF630B3,0xFF77EE8,0x340D2E84,0x681B026C,0x6281A33B,0x866BA3A9; unk
DCD 0x43593055,0x8DF5706,0xC348595F,0x65B24027,0xBAD0BEE2,0x4BF46FB2,0x5339D6C,0x9DFB69D1;
unk
DCD 0xAC3A4DFE,0x77CBF852,0xE113534E,0x8E6A1BE9,0xBE7D2BD,0xF4F87F03,0xBDBE1B2E,0xAC4F27E6; unk
DCD 0x6816B88A,0x5B3B6764,0x441D3159,0x8345571D,0x272658CB,0xBFF48D24,0xE031C62F,0x2FE26729; unk
DCD 0x9CA41FD1,0xA3D5A53B,0x2C8FFAE1,0x5AE42619,0x9F1221E1,0xE35A2F71,0xCEA8EBF9,0x592D91F3; unk
DCD 0xDF778660,0xFDAA0CA2,0x707D759B,0xF0BEEE02,0xFD18DAD9,0x46325F3A,0x1D6B95BC,0x7356E0E1; unk
DCD 0xD8906382,0x850EB6F8,0x22C4C83E,0x6CFF460A,0x5BAB11EF,0x92F7506F,0xEF1FEE23,0x856189F8; unk
DCD 0x6BE9EC3,0xB78FAC8A,0xFFC1D4B7,0x9294D7C1,0x9D45FA0D,0xF7755BE,0xF87F6C6C,0xBBCE242; unk
DCD 0x573B725D,0xB418DC48,0x690952B,0x75AE928F,0xB1AAA5E1,0x8B0F9DAE,0x7439B151,0xD035A888; unk
DCD 0x7B6E7B,0xC02C6466,0xAD6E8838,0x6789D1EF,0x8A05A20C,0x96D15B9A,0x5A6C4C84,0xFBDE0525;
unk
DCD 0x264E8450,0x46C22D0E,0xEF056A8,0x66243329,0x23FAE348,0x73EF74A5,0x94F7F561,0x746F7D1A; unk
DCD 0x15966A31,0xE601F5D5,0x24366ADA,0xC1C00D07,0x7A20B311,0x6FD00669,0xB023BFBC,0x173EA626; unk
rsa_pub_key2:
DCW 0x400

    ; bits
DCB 0xDF,0xF8,0x7F,0x21,0x1A,0xD7,0x7D,0x5B,0xD8,0xF0; modulus
DCB 0xEB,0x73,0xF7,0x69,0x7E,0x90,0x1D,0xED,0xCD,
0; modulus
DCB 0x6B,0x8B,0x49,0x5C,0xE1,0xE2,0x8C,0xFD,0x89,0x1F; modulus
DCB 0xDE,0xE8,0x52,0xCC,0x33,0xFF,0x7B,0xE3,0xE2,0x28; modulus
DCB 0xDB,0xD3,0xC0,0xDA,0xBC,0xF8 ,  9,0xE7,0x7C,0xDC; modulus
DCB 0xB4,0xD4,0xF1,0x85,0xE8,0x3B,0xEB,0xC8,0x96,0x68; modulus
DCB 0x43,0xD6,0xE0,0xD1,0x78,0xF2,0x30, 0xC,0xF9,0x94; modulus
DCB 0x41,0xE1,0x10,0x7A,0xFF,0xAF,0xE8,0x20,0x29,0x1B; modulus
DCB 0x35,0x81,0xF1,0x7C,0x3F,0xBF,0x52,0x62,0x54,0x89; modulus
DCB 0xBC,0x63,0x5F,0x8E,   6,0xC5,0xB9,0xBA,0x30,0xB7; modulus
DCB 0x40,0x47,0x6D,0xF3,0xEB,0x92,0xCC,0x84,0x4F,0x1F; modulus
DCB 0x8D,0xA6,0x4C,0x8D,0xDB,0xDE,0xDD,0x94,0xAC,0xD0; modulus
DCB 0x53,0x2B,0xDF,0x64,0xD9,0xFB,0xCD,0xAB; modulus
DCB 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0; exponent
DCB 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0; exponent
DCB 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0; exponent
DCB 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0; exponent
DCB 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0; exponent
DCB 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0; exponent
DCB 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0; exponent
DCB 0, 0, 0, 0, 0,
0, 1, 0, 1; exponent
DCD 0x162BDE91,0x312D8029,0x17BD91F3,0x14AF0C73,0x9D89937,0x4FB3012D,0xE6C9021E,0x9B3A379A; unk
DCD 0x17A6C93E,0x3F44DDFF,0x9774246E,0xE19DB941,0x4C992DB9,0x8AAEDC92,0xEE7C1ED0,0x84E637FD; unk
DCD 0xFF67ECEE,0x1956279A,0xA980AA17,0xD165B4FF,0x578833D5,0x866477EC,0x369F81F1,0x77023822; unk
DCD 0xE476BABB,0x30E69922,0xE7764BC,0xECCEC33B,0xA12A6E97,0xCDDF6B1F,0x558D664B,0xB1BB2AE3; unk
DCD 0x68F85AF5,0x18BC1206,0x38C16D2B,0x793E6076,0xE9D7B4C1,0x75C965E7,0xE27E007E,0xA234D19D; unk
DCD 0xA3699427,0x800E9B55,0x5C73FED6,0xB6464A07,0xB4CF4B03,0x23C2E7DD,0xFB334E1B,0xD39E329A; unk
DCD 0xB104B0E9,0xA711879C,0x30ABC95,0x1D29987E,0xD9F7DD05,0x3751978E,0x50E2CC69,0xC5F17EB9; unk
DCD 0x626DC9BA,0x56D61171,0xA0EEF094,0xCD1166C0,0x852A9374,0x9116B0CF,0x27ED131B,0xC93E62C3; unk
DCD 0xC2C8FA03,0x9C882EAF,0xFDD4BF7F,0x2D0D767C,0x86F7655E,0xEE42B994,0x1EF0EF43,0xD360DEEE; unk
DCD 0xC32C7F2C,0x64FE7478,0xF87F983A,0x41C22983,0x45D485DB,0x97C9BFA3,0x8A0B2F56,0xFF7932CE; unk
DCD 0x8A589722,0x6904F685,0x841F23FF,0x26E5E756,0xB740A913,0x988580E6,0xB71D4423,0x32484DFF; unk
DCD 0x51A1AC91,0xD9461572,0xE21520F8,0x2840B89B,0x502E7A5E,0x60096732,0xC2FA561F,0xE9100CE9; unk
DCD 0xAC70CA95,0xEE5B8871,0x434CA468,0xDEEE0638,0xFE1CC2FC,0x391540F2,0x5AAD8B8A,0x3ABD65BF; unk
DCD 0xB9518C94,0xA4633A8E,0xC9990B4D,0x9E8AFA0,0xE319FFA2,0x5DC57E27,0xC9F2F95F,0x49880BB9; unk
DCW 0x400

    ; bits
DCB 0xBE,0x6E,0x7A,0x38,0x43,0x24,0x1C,0x87,0x63,
0; modulus


[etc...]
[repeat for 100 key/crap pairs]


[bushing]

[continued]

Code: [Select]


offset 0x000113c8 [=abs position 0x000f13c8]:

DCD 0xBAB3737B,0xE13BD70F,0x773E361E,0xE3A63061,0xFFE94451,0x4D2ADD1A,0x606E6743,0x30F46C89; unk
DCD 0xA8473DC9,0x4CB64E72,0x4881EB74,0xBD132132,0x47FFE8F4,0xA6F10FB3,0x58086F1F,0x66FABAEC; unk
[...]
ROM:0001F5F4 zeroes
    DCD    0,
0,   0,   0,
0,   0,
 0,   0,   0,
0,   0,   0,
0,   0,
 0,   0
[...]
zeroes repeat until 0x0001ffe0

disk_signature: struct rsa_signature
ROM:0001FE00                 DCW 1912                ; num_bits
ROM:0001FE00                 DCB 0, 0, 0xF, 0x2A, 0x91, 0x4A, 0xAA, 0x51, 0xA9, 0x51; signature
ROM:0001FE00                 DCB 0x59, 4, 8, 0x15, 6, 0x10, 0x12, 0x40, 0x52, 0x41; signature
ROM:0001FE00                 DCB 0x46, 0x64, 0x45, 0x64, 0x44, 0x65, 0x20, 0x40, 0xA0; signature
ROM:0001FE00                 DCB 0x14, 0x65, 0x14, 0x20, 0x15, 0x25, 0x55, 0x20, 0x51; signature
ROM:0001FE00                 DCB 0x64, 0x11, 0x64, 4, 0x46, 0x10, 0x16, 0x11, 0x52; signature
ROM:0001FE00                 DCB 0x85, 0x40, 0x84, 0, 0x91, 0x54, 0x81, 0x10, 0x24; signature
ROM:0001FE00                 DCB 0x10, 0x21, 0x15, 8, 0x14, 8, 0x55, 0x18, 0x45, 8; signature
ROM:0001FE00                 DCB 0x40, 9, 4, 0x19, 4, 0x56, 5, 0x12, 0x54, 0x46, 0x44; signature
ROM:0001FE00                 DCB 0x12, 0x64, 4, 0x64, 5, 0x65, 0x81, 0x11, 0x60, 1; signature
ROM:0001FE00                 DCB 0x64, 0x50, 0x64, 0x54, 0x61, 0x41, 0x56, 0x94, 0x11; signature
ROM:0001FE00                 DCB 0x58, 0, 0x58, 0x50, 0x59, 0x44, 0x49, 0x55, 0x58; signature
ROM:0001FE00                 DCB 0x18, 0x11, 0x49, 0x64, 0x40, 0x20, 0x11, 0x65, 0x44; signature
ROM:0001FE00                 DCB 8, 0x11, 8, 0x94, 0x11, 0x84, 0x45, 0x21, 0x44, 0x59; signature
ROM:0001FE00                 DCB 0x85, 5, 0x59, 0x40, 0x52, 0x50, 6, 0x64, 0x15, 0x25; signature
ROM:0001FE00                 DCB 1, 0x65, 0x10, 0x65, 0x10, 0x61, 4, 6, 0x65, 0x55; signature
ROM:0001FE00                 DCB 0x42, 0x40, 0x52, 0x85, 0x15, 0x85, 5, 0x18, 0x81; signature
ROM:0001FE00                 DCB 0x15, 0x19, 0x44, 0x59, 0x50, 0x48, 5, 0x16, 0x14; signature
ROM:0001FE00                 DCB 0x12, 0x42, 0x61, 0x50, 0x59, 0x21, 0, 0x80, 0x50; signature
ROM:0001FE00                 DCB 2, 0x15, 0x42, 0x65, 0x11, 0x48, 0x54, 0x46, 1, 6; signature
ROM:0001FE00                 DCB 0x14, 0x56, 0x94, 0x10, 0x91, 0, 0x58, 0x41, 8, 0x41; signature
ROM:0001FE00                 DCB 0x49, 1, 0x46, 1, 0x56, 0x50, 6, 0x52, 5, 0x46, 0x81; signature
ROM:0001FE00                 DCB 1, 0x95, 0x11, 0x80, 5, 0x91, 0x54, 0x84, 0x44, 0x21; signature
ROM:0001FE00                 DCB 0x54, 0x58, 0x44, 0x48, 0x40, 0x12, 0x84, 0x51, 0x84; signature
ROM:0001FE00                 DCB 0x50, 0x48, 0x94, 0x40, 0x95, 1, 0x19, 1, 2, 0x44; signature
ROM:0001FE00                 DCB 0x16, 0x11, 0x56, 0x64; 0x54, 0x49, 0, 0x18, 0, 0xa8; signature

for comparison's sake:
seg001:0000 linux_sig
   DCW
1898

   ; num_bits
seg001:0000

   DCB
0, 0, 0x9F, 0x1A, 0xA1,
0x92, 0x6A, 0x14, 0x25,
0; signature
seg001:0000

   DCB
0x60, 0xA4, 0x41, 0x80,
5, 0x19, 0x10, 9, 0x11,
0x48; signature
seg001:0000

   DCB
4, 8, 0, 0x20, 0x44, 0x64, 0x55, 0x20, 0x11, 0x60; signature
seg001:0000

   DCB
0x45, 0x12, 5, 6, 0x80,
0x41, 0x21, 1, 0x24, 0x44; signature
seg001:0000

   DCB
0x61, 0x19, 0x41, 6, 0x42, 0x11, 0x42, 0x50, 0x16; signature
seg001:0000

   DCB
0x50, 6, 0x60, 0, 0x58,
1, 0x59, 0x80, 0x11, 0x94; signature
seg001:0000

   DCB
0x11, 0x25, 0x10, 0x60,
0x44, 0x24, 0x91, 0x55,
0x95; signature
seg001:0000

   DCB
0x41, 0x95, 0x10, 0x81,
0x50, 0x48, 0x50, 0x59,
0x15; signature
seg001:0000

   DCB
0x58, 5, 0x19, 0x84, 0x11, 0x94, 0x54, 0x18, 0x55; signature
seg001:0000

   DCB
0x52, 0x60, 4, 0x65, 1,
0x61, 4, 0x18, 0x15, 0x18; signature
seg001:0000

   DCB
0x50, 0x58, 5, 0x56, 0x60, 0x50, 0x24, 0x40, 0x61; signature
seg001:0000

   DCB
1, 0x24, 0x44, 0x19, 0x16, 0x44, 2, 0x80, 0x44,
0x85; signature
seg001:0000

   DCB
1, 0x58, 0x44, 0x58, 0x94, 4, 0x24, 0x44, 0x60,
0x10; signature
seg001:0000

   DCB
0x59, 0x44, 8, 0x94, 0x19, 0x91, 0x85, 0x11, 0x90; signature
seg001:0000

   DCB
5, 0x91, 0x11, 0x91, 0x11, 0x80, 0x54, 0x65, 0x40; signature
seg001:0000

   DCB
0x29, 0x55, 0x24, 0x15,
0x65, 5, 6, 0x95, 0x14,
0x49; signature
seg001:0000

   DCB
5, 0x59, 0x60, 0x14, 0x24, 0x40, 0x24, 0x10, 0x24; signature
seg001:0000

   DCB
0, 0x58, 0x81, 0x14, 0x94, 0, 0x52, 0x40, 6, 8,
4; signature
seg001:0000

   DCB
0x18, 0x95, 0x54, 0x94,
0x44, 0x65, 0x51, 0x20,
0x54; signature
seg001:0000

   DCB
0x21, 0x10, 0x20, 4, 0x48, 0x24, 0x41, 0x21, 4,
0x18; signature
seg001:0000

   DCB
0x64, 0x15, 0x25, 0x50,
0x60, 4, 0x65, 0x19, 0x54; signature
seg001:0000

   DCB
2, 0x41, 0x42, 0x54, 6,
0x84, 0x90, 0x14, 0x94,
5; signature
seg001:0000

   DCB
0x46, 0x81, 0x10, 0x95,
0x15, 0x84, 0x51, 2, 0x40; signature
seg001:0000

   DCB
6, 0x91, 1, 0x25, 0x50,
0x21, 4, 2, 0x45, 0x46,
0x94; signature
seg001:0000

   DCB
0x45, 0x91, 0x50, 0x25;
signature
seg001:00ED

   DCB
0x15
seg001:00EE

   DCB
0x65 ; e
seg001:00EF

   DCB
  0
seg001:00F0

   DCB
0xA0 ;  
seg001:00F1

   DCB
  2
seg001:00F1 ; seg001
   ends


Unfortunately, both the big binary chunk and the interspersed binary chunk are "random", in the sense that I ran a frequency analysis on them and they came out more or less equal for 0x00-0xff.  So, they are all either 1. keys, 2. encrypted data, or 3. compressed.  Or 2 AND 3.


That big block of data has to be encrypted code, but I don't know what exactly.


Here's my latest speculation as to where we are:

I read some back-posts that said that the PB boots out of "protected" firmware, which handles all reflashing.  So, there's code that runs at bootup that is not flashable by software means, and that code probably uses one or more of those keys to validate the drive signature and to validate linux.

If that's the case, maybe we could replace some / all of those 100 keys with our own, then sign the drive ourselves?

[ugh, formatting sux, PM me if you want the whole file. -b]

[judb]

well, the main thing that is curious about the assumption that protected firmware boots for flashing purposes... the file is stored on a fat32 drive that is mounted from a linux ramdisk.. so if they have a flash utility that is a seperate boot process it would have to have fat32 drive support which I would think would make it a fairly sizeable utility..

I dont think thats what happens.

I think the system boots up as normal.. the phatd or 51d checks for forceupdate file to exist and if it does the system calls the flash utility which uses the serial port to control the 8052 and send the flash to it.. it then writes the next image into the flash for the cirrus chip...

I would guess the flash is devided into more than one section and you can boot from the old flash for fall back purposes.  There is a chip on the PCB that is wired to the alternate boot pins on the cirrus and is also connected to the 8052.. so I'd guess the 8052 then reboots the cirrus chip using the second flash area and if it boots correctly it copys the flash code into the primary boot area..

I have no proof of that, but it would make sense to isolate your flash images so you can always fall back boot to recover the system.

In any case perhaps we can talk to some encryption folks to see if we can brute force the key?  We have quite a few people on this board, maybe something like distrubited.net would be possible to crack this code, DCMA violations not withstanding

[A543]

The patent application talks a bit about the boot order and also about the hardware.  Here's a link:
http://forum.phathack.com/cgi-bin/yabb/YaBB.cgi?board=dmshack;action=display;num=1111636037

It appears that there may be an outboard boot ROM, which could be almost any size.
I'm just guessing, I don't know much about this stuff.

[judb]

agreed but those patents were filed in 2004..  I doubt thats the exact workings of the 1.0 or 1.1 phatboxes.. wouldnt it stand to reason thats more keg 2.0 type stuff?

Edit: nevermind, i see some of them are from 2001 also.  hmmm..

[bushing]

The patent application talks a bit about the boot order and also about the hardware.  Here's a link:
http://forum.phathack.com/cgi-bin/yabb/YaBB.cgi?board=dmshack;action=display;num=1111636037

It appears that there may be an outboard boot ROM, which could be almost any size.
I'm just guessing, I don't know much about this stuff.

Just to be clear, I believe that is the flash rom chip mentioned in the Hardware faq:

Flash ROM
- ST Micro M29W200BB
- 2 MBit
- Automotive grade
- Datasheet