Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Marketplace (India)
Re: Blackberry Z10 Dev Alpha B Developers Device for sale
by
quackquack
on 12/03/2014, 07:57:47 UTC
hello manekari,

greetings!

dont worry about my way of doing an operation. I never
get it right at first place, then i get up and learn from
my mistake and get it right.

cpu and system board? i am extremely well versed.
especially the blackberry ones. they are the most bastard
system boards i have ever seen.

they literally hide the debug ports except uart via usb
finding the traces on this system board is one heck of
a research project on its own.

there cpu has got 530+ pins/pads and those pads leads
to traces on board. and the TI (texas instrument) even
got pin muxing tool by which the jtag and other debug
ports can be completely shut off.

so you must attack the x-loader which is signed using
TI's m-shield and it stores the data in the cpu in a 128 bit
memory flash called e-fuse.

this cpu got an RTOS which kicks off the rom boot code,
which then kicks off the x-loader, where the signature
and/or authenticity is verified.

and after its verified it send the go signal to the
bootloader or secondary bootloader. this then initiates
the kernel and the OS loads off.

the e-fuse is a special memory cell present inside the
cpu which literally gets blown apart when a specific
voltage is passed say 12-15v dc and thus seals any
further mode or method of modifying the boot sequence.

e-fuse is present in omap3x and omap4x HS cpu chips and
in omap3x and omap4x GP chips this e-fuse is absent.

HS = high security and GP = general purpose. we can attack
the cpu code execution via jtag, but i am well versed with
blackberry and they remove all jtag professionally even
uart except uart via usb.

which leaves me with 2 methods which are SCA and DPA.
SCA is side channel attack and DPA is differential power
analysis.

sca and dpa are full proof method of cryptanalysis since
sca and dpa are known as the "achilles heel" ;-)

like how every strength has subtle weakness, so does
encryption, and SCA and DPA are the "achilles heel" of
encryption. xD!

so if i get this device from you? i will be pleased indeed.
and carry on with my research work.

so i will carry with my project anyway. if i dont get it from
you, i will get it from someone else. and i will eventually
break the encryption. its a matter of time. ;-)

hope i am crystal clear and transparent and i did explain
the method well enough.

thanks!
-paul