Simon Matthews wrote: > Could you tell me the make and model of the new MPU, and maybe some > links to datasheets.
It's the Samsung 2442, http://www.samsung.com/Products/Semiconductor/MobileSoC/ApplicationProcessor/ARM9Series/SC32442/um_s3c2442b_rev12.pdf > I am intrigued to see how they implement the protection. Yeah, me too :-) Section 6 basically says that it works, but doesn't give any details on how. I'd try the following types of attack: - confuse the state machine: disable the NAND controller block between sending command and address, and see what happens. - combine operations: start a write command, turn the NAND control lines to GPIO, send the address, take the rejection, send a "harmless" command, switch the GPIOs back to NAND control, and send the address. - completely bypass the NAND control block: set the slowest memory timing, control the NAND signals through GPIO, then do a memory write to put the right kind of data on the bus. A logic analyzer may be handy for this type of experiments. (There are some quite resonably priced PC-based ones, alas none of them seem to play nice with Linux :-( Alas, building my own with a small FPGA is a bit too much work for a lunch break project.) - Werner -- _________________________________________________________________________ / Werner Almesberger, Buenos Aires, Argentina [EMAIL PROTECTED] / /_http://www.almesberger.net/____________________________________________/ _______________________________________________ OpenMoko community mailing list [email protected] http://lists.openmoko.org/mailman/listinfo/community
