Hey Guys,
Please Help , I have done get access on chipset bcm7358 use power glitch but have problem
BSP this commands works:
examples command BCMD_cmdType_eOFFLINE_OTP_READ= 0x19
CFE>
*** command status = 0
b0328c90 00000014 00000000 026D9439 4B712FCC << !!! IS OK
other commands give ret 00000002
example BCMD_cmdType_eSESSION_INIT_KEYSLOT = 0x1
CFE> e b0328980 15a10000
CFE> e b032b028 00000001
b0328c90 00000004 00000002 <<< !!!
1 Like
Hi,
So to confirm, you’re able to get partial access via voltage glitching, but not full access? That’s not entirely unexpected. If this chip has similar chip protection to others (aka just a value in flash, 32 bits for example, that’s read on startup), it might be set so that the default value gives partial protection like you’re seeing here. This is how the STM32F code read protection, for example, works.
Alex
2 Likes
hello greetings friend currently working in bcm7362 you have to root the firmware /etc/rc.local you have to put a delay of 15 seconds
during boot the serial console will show a message and pressing ctrl + c will have access
1 Like
ctrl+c is the rule, have same way work with me
1 Like
The problem is not getting root access, but getting master keys with glitch.
Alex_Dewar:
So to confirm, you’re able to get partial access via voltage glitching, but not full access? That’s not entirely unexpected. If this chip has similar chip protection to others (aka just a value in flash, 32 bits for example, that’s read on startup), it might be set so that the default value gives partial protection like you’re seeing here. This is how the STM32F code read protection, for example, works.
that information is private since we are talking about a third party target
until now cant get full bsp and i see guys here say can edit rc.local i dont know how it can or how can enable shell access !!!
how can get access and edit firmware /etc/rc.local it sign FW?
U-boot not is CFE!
ِِAes ok, but key signed how hack ?, loader is signed
OTA firmware analize mod slyuk tool. H field probe + 29dbi amp get AES CBC you need ext. psw.
Secure boot ensures only authenticated software runs on the device and is achieved by verifying digital signatures of the software prior to executing that code. To achieve secure boot, processor/SoC support is required. In our experience, some of the...
Est. reading time: 9 minutes
spein46
November 26, 2020, 4:57pm
14
what board did you use it?
u dont need a shell access , since u can run cfe commands , access needed by ssh , telnet …etc when bootloader crypted by hw + signed
unsquash rootfs , find startup script and add : sleep 15s
Are you kidding ?! And the rest (crc32, signature, etc.)
1 Like
why guys no one try to answer about main problems all give another way will not help , i already get cfe access but cant mange it not full bsp commands working
kif
April 3, 2021, 10:18pm
20
Then maybe need run with bseck code
i load bseck and still same problem
any one meet this problem i try different ways , hope someone who know bsp can guide me for fix this problem and if any one have idea i can also trying
