1 of 6

Firmware

The Boot rom starts and loads the firmware from a SPI-Flash.

Extract Firmware

Information of the SPI flash

Dumping the SPI flash from Linux

Dump the SPI flash by using the linux command line tool dd. Command: dd if=/dev/mtd0 of=mtd0 This will dump the SPI flash to the file mtd0.

Device tree entry for the SPI

This is what the SPI flash device tree entry looks like.

spi@7000da00 {
		status = "okay";
		spi-max-frequency = <25000000>;
		spi-flash@1 {
			compatible = "winbond,w25q32", "jedec,spi-nor";
			reg = <1>;
			spi-max-frequency = <20000000>;
		};
	};

The dump

The first 6128 bytes are the BCT, encrypted with your platform key. The loader for UEFI is located at 0x0100000.

How we can tell

To check it yourself,

To encrypt the BCT you got form nvflash use the following script, and replace <platform key> with your platform key. Example usage: ./encrypt.sh surfacert.bct surfacert-encrypted.bct

#!/bin/sh

cut_bct=`tempfile`
dec_bct=`tempfile`

dd if=$1 of=$cut_bct bs=16 skip=1
openssl aes-128-cbc -K <platform key> -iv 00000000000000000000000000000000 -nopad -nosalt -in $cut_bct -out $dec_bct
dd if=$1 of=$2 bs=16 count=1
dd if=$dec_bct of=$2 bs=16 seek=1

rm -f $cut_bct $dec_bct

To check if it is really the same, create a hexdump of your SPI flash dump and encrypted BCT. Your encrypted BCT should match the first 6128 bytes of the SPI flash dump.

Downloads

The files are encrypted and board specific. You cant use them on your Surface RT

A dump from @Leander's Surface RT. Here is the platform key of the used Surface RT: 28a5d126adf421e6a39bfc8f7ff32308

Leanders blob

CTS blob

Decrypt Firmware

The following script processes a SPI dump. It extracts and decrypts the BCT & Bootloader

Decrypt BCT

#!/bin/bash
echo "Extract BCT/Bootloader from SPI flash"
dd if=mtd0Original_CTS.bin     of=BCT_Block_enc.bin           bs=1 count=8192                #extract the BCT block
dd if=mtd0Original_CTS.bin     of=Bootloader_Block_enc.bin    bs=1 count=520192 skip=1048576 #extract the Bootloader block
dd if=BCT_Block_enc.bin        of=BCT_enc.bin                 bs=1 count=6128                #extract BCT from block
dd if=Bootloader_Block_enc.bin of=Bootloader_enc.bin          bs=1 count=517472              #extract Bootloader from block
dd if=BCT_enc.bin              of=BCT_trimmed_enc.bin         bs=1 skip=16                   #extract BCT without hash
dd if=BCT_enc.bin              of=BCT_hash.bin                bs=1 count=16                  #extract BCT hash

echo ""
echo "decrypting Files"
openssl aes-128-cbc -d -K deadbeefdeadc0dedeadd00dfee1dead -iv 00000000000000000000000000000000 -nopad -nosalt -in BCT_enc.bin        -out BCT_dec.bin         #decrypt BCT
openssl aes-128-cbc -d -K deadbeefdeadc0dedeadd00dfee1dead -iv 00000000000000000000000000000000 -nopad -nosalt -in Bootloader_enc.bin -out Bootloader_dec.bin  #decrypt Bootloader

echo ""
echo "Extracted BCT hash"
xxd -ps BCT_hash.bin
echo "Calculated BCT hash"
openssl dgst -mac cmac -macopt cipher:aes-128-cbc -macopt hexkey:deadbeefdeadc0dedeadd00dfee1dead BCT_trimmed_enc.bin #hash of enc-BCT           #calc BCT hash

echo ""
echo "Extracted Bootloader hash"
bct_dump BCT_dec.bin | grep AES
echo "Calculated Bootloader hash"
openssl dgst -mac cmac -macopt cipher:aes-128-cbc -macopt hexkey:deadbeefdeadc0dedeadd00dfee1dead Bootloader_enc.bin #hash of enc-Bootloader     #calc Bootloader hash

echo ""
echo "remove temp files"
rm BCT_Block_enc.bin
rm BCT_enc.bin
rm BCT_trimmed_enc.bin
rm Bootloader_Block_enc.bin
rm Bootloader_enc.bin

Encrypt Firmware

#!/bin/bash
echo "Build FlashImage from BCT/Bootloader"

# Change these 3 variables
BCT=<yourBCT>
Bootloader=<yourBootloader>
key=<yourKey>



cp $BCT tmp_bct.bin
cp $Bootloader tmp_bootloader.bin
###############################################################################
########### BOOTLOADER ########################################################
###############################################################################

#pad bootloader to be 16Byte aligned
bootloaderLength=$(stat --printf="%s" tmp_bootloader.bin)
while [ $((bootloaderLength%16)) -ne 0 ]; do
	echo -n -e \\x00 >> tmp_bootloader.bin
	bootloaderLength=$(stat --printf="%s" tmp_bootloader.bin)
done

# encrypt bootloader
echo "test"
openssl aes-128-cbc -e -K $key -iv 00000000000000000000000000000000 -nopad -nosalt -in tmp_bootloader.bin -out tmp_bootloader_enc.bin #-nopad
echo "test"

# calc bootloader hash of encrypted bootloader
bootloaderHash=$(openssl dgst -mac cmac -macopt cipher:aes-128-cbc -macopt hexkey:$key tmp_bootloader_enc.bin | cut -d' ' -f2)
# get length of encrypted bootloader
bootloaderLength=$(stat --printf="%s" tmp_bootloader_enc.bin)
# set bootloader load address
bootloaderLoadAddress=0x80108000
# set bootloader entry point
bootloaderEntryPoint=0x80108000 

# Swap endianess of Length, LoadAddress, EntryPoint
v=$(printf "%08x" $bootloaderLength)
bootloaderLength=${v:6:2}${v:4:2}${v:2:2}${v:0:2}
v=$(printf "%08x" $bootloaderLoadAddress)
bootloaderLoadAddress=${v:6:2}${v:4:2}${v:2:2}${v:0:2}
v=$(printf "%08x" $bootloaderEntryPoint)
bootloaderEntryPoint=${v:6:2}${v:4:2}${v:2:2}${v:0:2}

# add bootloader data to BCT
echo $bootloaderLoadAddress 	| xxd -r -p | dd conv=notrunc of=tmp_bct.bin seek=3940 bs=1
echo $bootloaderEntryPoint	| xxd -r -p | dd conv=notrunc of=tmp_bct.bin seek=3944 bs=1
echo $bootloaderHash		| xxd -r -p | dd conv=notrunc of=tmp_bct.bin seek=3952 bs=1
echo $bootloaderLength 	| xxd -r -p | dd conv=notrunc of=tmp_bct.bin seek=3936 bs=1

#create bootloader block
dd if=/dev/zero of=tmp_bootloader_block.bin bs=1 count=520192
#put bootloader in block
dd conv=notrunc if=tmp_bootloader_enc.bin of=tmp_bootloader_block.bin bs=1


###############################################################################
########### BCT ###############################################################
###############################################################################
# remove HASH from BCT
dd if=tmp_bct.bin of=tmp_bct_trimmed.bin bs=1 skip=16

# encrypt BCT
openssl aes-128-cbc -e -K $key -iv 00000000000000000000000000000000 -nopad -nosalt -in tmp_bct_trimmed.bin -out tmp_bct_trimmed_enc.bin

# hash encrypted BCT
BCT_hash=$(openssl dgst -mac cmac -macopt cipher:aes-128-cbc -macopt hexkey:$key tmp_bct_trimmed_enc.bin | cut -d' ' -f2)

#create BCT_block image
dd if=/dev/zero of=tmp_bct_block.bin bs=1 count=8192  
#put hash in Image
echo $BCT_hash 		| xxd -r -p | dd conv=notrunc of=tmp_bct_block.bin seek=0 bs=1
#put BCT in Image
dd conv=notrunc if=tmp_bct_trimmed_enc.bin of=tmp_bct_block.bin seek=16 bs=1



###############################################################################
########### Flash Image########################################################
###############################################################################
# create spi flash image with ones/zeros
dd if=/dev/zero bs=512 count=8192 |   tr '\000' '\377' > flashImage.bin # to proof that dumped image is same as generated
#dd if=/dev/zero of=flashImage.bin bs=512 count=8192 # for flashing

#put BCT_Block in image
dd conv=notrunc if=tmp_bct_block.bin of=flashImage.bin seek=0 bs=1

#put Bootloader_block in image
dd conv=notrunc if=tmp_bootloader_block.bin of=flashImage.bin seek=1048576 bs=1



###############################################################################
########### Remove Tmp files ##################################################
###############################################################################
rm tmp_*.bin

BCT

Boot Configuration Table

What is it and how to get it

Decompiling and Compiling

Decompiling

To decompile your BCT into a configuration file, use the tool bct_dump. Usage: bct_dump <your-bct-file> Tip you can add > <output-file> to reroute the output to a file.

Compiling

Compiling configuration file

You can compile your bct.cfg file by using the tool cbootimage. Usage: cbootimage -s tegra30 -t 30 -gbct <input-bct-configuration-file> <output-bct-file> Example: cbootimage -s tegra30 -t 30 -gbct surfacert-custom.bct.cfg surfacert-custom.bct

Adding a Bootloader to BCT

To generate a image file with your BCT and provided bootloader, again use cbootimage. Usage: cbootimage -d -s tegra30 -t 30 <input-config-file> <output-image-file> Example: cbootimage -d -s tegra30 -t 30 surfacert.config surfacert.output <input-config-file> is a file controlling how the .img file should be created. It has the following structure:

# Refernence: https://github.com/NVIDIA/cbootimage-configs/blob/master/tegra30/nvidia/cardhu/cardhu-a05-2gb-emmc.img.cfg

Version       = 0x00000001;
Bctcopy       = 1;
Bctfile       = <your-bct-file>;
BootLoader    = <bootloader-file-name>,<load-address>,<entry-point>,Complete;

Example:

Version       = 0x00000001;
Bctcopy       = 1;
Bctfile       = surfacert-custom.bct;
BootLoader    = mtd0-bootloader,0x80808000,0x80808000,Complete;

Doing this will create a image file of your BCT and the bootloader you provided. The BCT will automatically updated with the correct sizes and hashes.

RPMB partition on EMMC

Replay Protected Memory Block partition on the internal emmc

This part of the emmc is meant to be only read and written by trusted software.

As it turns out you can read this partition on some devices. It is possible if you have a "CMD12" emmc. If it is a "CMD13" emmc it doesn't work. Read operations happen from within linux, also information about the emmc is gathered there, use the following commands:

sudo mmc extcsd read /dev/mmcblk1rpmb > extcsd.txt
sudo mmc rpmb read-block /dev/mmcblk1rpmb 0 128 rpmb.img

The extcsd.txt file will contain extcsd information of your emmc, the rpmb.img file will contain the RPMB dump, if dumping works.

If you happen to do this process contact @utf-4096 on our discord server, as he is interested in this information (if dumping worked and in the extcsd info).

Current (May 2021) sample size of the above information is 3, so it may not apply to you.

Extract Firmware

Information of the SPI flash

Dumping the SPI flash from Linux

Dump the SPI flash by using the linux command line tool dd. Command: dd if=/dev/mtd0 of=mtd0 This will dump the SPI flash to the file mtd0.

Device tree entry for the SPI

This is what the SPI flash device tree entry looks like.

spi@7000da00 {
		status = "okay";
		spi-max-frequency = <25000000>;
		spi-flash@1 {
			compatible = "winbond,w25q32", "jedec,spi-nor";
			reg = <1>;
			spi-max-frequency = <20000000>;
		};
	};

The dump

The first 6128 bytes are the BCT, encrypted with your platform key. The loader for UEFI is located at 0x0100000.

How we can tell

To check it yourself,

To encrypt the BCT you got form nvflash use the following script, and replace <platform key> with your platform key. Example usage: ./encrypt.sh surfacert.bct surfacert-encrypted.bct

#!/bin/sh

cut_bct=`tempfile`
dec_bct=`tempfile`

dd if=$1 of=$cut_bct bs=16 skip=1
openssl aes-128-cbc -K <platform key> -iv 00000000000000000000000000000000 -nopad -nosalt -in $cut_bct -out $dec_bct
dd if=$1 of=$2 bs=16 count=1
dd if=$dec_bct of=$2 bs=16 seek=1

rm -f $cut_bct $dec_bct

To check if it is really the same, create a hexdump of your SPI flash dump and encrypted BCT. Your encrypted BCT should match the first 6128 bytes of the SPI flash dump.

Downloads

The files are encrypted and board specific. You cant use them on your Surface RT

A dump from @Leander's Surface RT. Here is the platform key of the used Surface RT: 28a5d126adf421e6a39bfc8f7ff32308

Leanders blob

CTS blob

4MB

mtd0Original_CTS.bin

Encrypt Firmware

#!/bin/bash
echo "Build FlashImage from BCT/Bootloader"

# Change these 3 variables
BCT=<yourBCT>
Bootloader=<yourBootloader>
key=<yourKey>



cp $BCT tmp_bct.bin
cp $Bootloader tmp_bootloader.bin
###############################################################################
########### BOOTLOADER ########################################################
###############################################################################

#pad bootloader to be 16Byte aligned
bootloaderLength=$(stat --printf="%s" tmp_bootloader.bin)
while [ $((bootloaderLength%16)) -ne 0 ]; do
	echo -n -e \\x00 >> tmp_bootloader.bin
	bootloaderLength=$(stat --printf="%s" tmp_bootloader.bin)
done

# encrypt bootloader
echo "test"
openssl aes-128-cbc -e -K $key -iv 00000000000000000000000000000000 -nopad -nosalt -in tmp_bootloader.bin -out tmp_bootloader_enc.bin #-nopad
echo "test"

# calc bootloader hash of encrypted bootloader
bootloaderHash=$(openssl dgst -mac cmac -macopt cipher:aes-128-cbc -macopt hexkey:$key tmp_bootloader_enc.bin | cut -d' ' -f2)
# get length of encrypted bootloader
bootloaderLength=$(stat --printf="%s" tmp_bootloader_enc.bin)
# set bootloader load address
bootloaderLoadAddress=0x80108000
# set bootloader entry point
bootloaderEntryPoint=0x80108000 

# Swap endianess of Length, LoadAddress, EntryPoint
v=$(printf "%08x" $bootloaderLength)
bootloaderLength=${v:6:2}${v:4:2}${v:2:2}${v:0:2}
v=$(printf "%08x" $bootloaderLoadAddress)
bootloaderLoadAddress=${v:6:2}${v:4:2}${v:2:2}${v:0:2}
v=$(printf "%08x" $bootloaderEntryPoint)
bootloaderEntryPoint=${v:6:2}${v:4:2}${v:2:2}${v:0:2}

# add bootloader data to BCT
echo $bootloaderLoadAddress 	| xxd -r -p | dd conv=notrunc of=tmp_bct.bin seek=3940 bs=1
echo $bootloaderEntryPoint	| xxd -r -p | dd conv=notrunc of=tmp_bct.bin seek=3944 bs=1
echo $bootloaderHash		| xxd -r -p | dd conv=notrunc of=tmp_bct.bin seek=3952 bs=1
echo $bootloaderLength 	| xxd -r -p | dd conv=notrunc of=tmp_bct.bin seek=3936 bs=1

#create bootloader block
dd if=/dev/zero of=tmp_bootloader_block.bin bs=1 count=520192
#put bootloader in block
dd conv=notrunc if=tmp_bootloader_enc.bin of=tmp_bootloader_block.bin bs=1


###############################################################################
########### BCT ###############################################################
###############################################################################
# remove HASH from BCT
dd if=tmp_bct.bin of=tmp_bct_trimmed.bin bs=1 skip=16

# encrypt BCT
openssl aes-128-cbc -e -K $key -iv 00000000000000000000000000000000 -nopad -nosalt -in tmp_bct_trimmed.bin -out tmp_bct_trimmed_enc.bin

# hash encrypted BCT
BCT_hash=$(openssl dgst -mac cmac -macopt cipher:aes-128-cbc -macopt hexkey:$key tmp_bct_trimmed_enc.bin | cut -d' ' -f2)

#create BCT_block image
dd if=/dev/zero of=tmp_bct_block.bin bs=1 count=8192  
#put hash in Image
echo $BCT_hash 		| xxd -r -p | dd conv=notrunc of=tmp_bct_block.bin seek=0 bs=1
#put BCT in Image
dd conv=notrunc if=tmp_bct_trimmed_enc.bin of=tmp_bct_block.bin seek=16 bs=1



###############################################################################
########### Flash Image########################################################
###############################################################################
# create spi flash image with ones/zeros
dd if=/dev/zero bs=512 count=8192 |   tr '\000' '\377' > flashImage.bin # to proof that dumped image is same as generated
#dd if=/dev/zero of=flashImage.bin bs=512 count=8192 # for flashing

#put BCT_Block in image
dd conv=notrunc if=tmp_bct_block.bin of=flashImage.bin seek=0 bs=1

#put Bootloader_block in image
dd conv=notrunc if=tmp_bootloader_block.bin of=flashImage.bin seek=1048576 bs=1



###############################################################################
########### Remove Tmp files ##################################################
###############################################################################
rm tmp_*.bin

BCT

Boot Configuration Table

What is it and how to get it

The boot configuration table contains information about which bootloader to boot. On the Surface RT it is stored on the SPI flash. Go to , to dump it directly from SPI. Or do it with nvflash (recommended): sudo ./utils/nvflash_v1.13.87205 --getbct --bct surfacert.bin --configfile ./utils/flash.cfg

Decompiling and Compiling

Decompiling

To decompile your BCT into a configuration file, use the tool bct_dump. Usage: bct_dump <your-bct-file> Tip you can add > <output-file> to reroute the output to a file.

Compiling

Compiling configuration file

Adding a Bootloader to BCT

# Refernence: https://github.com/NVIDIA/cbootimage-configs/blob/master/tegra30/nvidia/cardhu/cardhu-a05-2gb-emmc.img.cfg

Version       = 0x00000001;
Bctcopy       = 1;
Bctfile       = <your-bct-file>;
BootLoader    = <bootloader-file-name>,<load-address>,<entry-point>,Complete;

Example:

Version       = 0x00000001;
Bctcopy       = 1;
Bctfile       = surfacert-custom.bct;
BootLoader    = mtd0-bootloader,0x80808000,0x80808000,Complete;

Doing this will create a image file of your BCT and the bootloader you provided. The BCT will automatically updated with the correct sizes and hashes.