Marcin Wiacek wrote: > So, the scenario can be: spefifying area by "virus" and getting device to > reset to have full control...
At which time your (still protected) firmware sets the protection again, and executes the regular code. But yes, if you add an easily changeable vector before that point, you lose :-) The bypass I'm thinking of is a little harder, either by messing up the NAND state machine in the MCU (so it doesn't notice we're about to write), or, if they've been really careful, by toggling the bits through GPIO and carefully timed memory accesses. Something your virus author may still do, of course. And that's when the second chip kicks in. - Werner -- _________________________________________________________________________ / Werner Almesberger, Buenos Aires, Argentina [EMAIL PROTECTED] / /_http://www.almesberger.net/____________________________________________/ _______________________________________________ OpenMoko community mailing list [email protected] http://lists.openmoko.org/mailman/listinfo/community
