from realtime operating systems to unlocking iphones in less than 30 slides
DESCRIPTION
a very brief introduction to Nucleus OS, RTOS in general and the topic of unlocking iOS devices.TRANSCRIPT
Nucleus OSfrom real-time operating systems to unlocking iPhones
in less than 30 slides
HdM Stuttgart Media UniversityComputer Science and Media
2010 - Kai Aras
Tuesday, December 14, 2010
Nucleus OSFacts
• Real-time operating system
• developed by Mentor Graphics
• written in C
• Closed Source
• Eclipse based SDK starting at $2995 USD
• Supported Platforms: ARM / MIPS / Freescale / PowerPC
Tuesday, December 14, 2010
RTOS
Tuesday, December 14, 2010
RTOS
Requires tasks to be executed within a given timeframe
Neglects throughput
Guarantees either Hard- or Soft real-time performance
Tuesday, December 14, 2010
Soft Hard
RTOS
Task failes after deadline
May cause critical system-failure
Lateness is tolerated
May cause adaption of service quality
Tuesday, December 14, 2010
Designs
Tuesday, December 14, 2010
Designs
Event driven Time sharing
task switch only occurs on events of higher priority
task switch occurs on regular clock interrupt
Tuesday, December 14, 2010
Architecture
Tuesday, December 14, 2010
Architecture
Tuesday, December 14, 2010
Kernel
Tuesday, December 14, 2010
Connectivity
Tuesday, December 14, 2010
Storage
Tuesday, December 14, 2010
Security
Tuesday, December 14, 2010
Application Platform
Tuesday, December 14, 2010
Application Platform
Inflexion UI Multimedia
Window System
GUI Designer
Hardware accelleration
Framework
support for many codecs
Hardware accelleration
Tuesday, December 14, 2010
Real world examples
Tuesday, December 14, 2010
Handheld DevicesTI n-Spire series - graphic calculators
Tuesday, December 14, 2010
Signal ProcessingBLU-800 Digital Signal Processors
Tuesday, December 14, 2010
Cellphones/Multimedia DevicesiPhone/iPod/iPad - S-Gold2/X-Gold 608
Tuesday, December 14, 2010
iOS Hardware ArchitectureApplication Processor
Baseband Processor
iOSUser interactionApplications...
NucleusOSRadio communication
Tuesday, December 14, 2010
iOS Hardware Architecture
Application Processor Baseband Processor
audio
display
power managment
camera
WIFI
BT
GSM
UART
I2SGPIODMA
controls sim/net-lock !
Tuesday, December 14, 2010
Boot sequence
Tuesday, December 14, 2010
Boot sequence
NORROM
signature check
signature check
seczone
protected area contains:
encrypted lock-state
Firmware(Nucleus OS)
BootloaderBootrom
Tuesday, December 14, 2010
Unlocking
Bootrom Bootloader
NORROM
signature check
signature check
seczone
protected area contains:
encrypted lock-state
1. truly unlock by altering lock-state in seczone
seczone
Firmware(Nucleus OS)
2. unlock on-the-fly by constantly overriding netlock
checks in firmware
X
Tuesday, December 14, 2010
Unlocking
1. truly unlock by altering lock-state in seczone
hasn‘t been done yet due the tha lack of bootrom exploits
Tuesday, December 14, 2010
Unlocking2. unlock on-the-fly
by constantly overriding netlock checks in firmware
Application Processor
UART
iOS
NOR
Baseband Processor
Nucleus OS seczone
unlockd
exploit code execution vulnerabilities to override
netlock „on-the-fly“
X
run deamon process on application processor
* (requires jailbreak)
Tuesday, December 14, 2010
Questions ?slides and additional info on jailbreaking iOS
available at http://blog.010dev.com
Tuesday, December 14, 2010