├── README.md
├── .DS_Store
└── 574.4
    ├── .DS_Store
    ├── binary
        ├── .DS_Store
        └── SecureROM.s5l8930xsi.RELEASE.bin
    ├── cert
        ├── .DS_Store
        ├── s5l8930xsi.pem
        └── x509out.txt
    └── mappings
        ├── .DS_Store
        ├── import.py
        └── symbols.txt


/README.md:
--------------------------------------------------------------------------------
1 | # BootROM
2 | 


--------------------------------------------------------------------------------
/.DS_Store:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bat0s/BootROM/HEAD/.DS_Store


--------------------------------------------------------------------------------
/574.4/.DS_Store:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bat0s/BootROM/HEAD/574.4/.DS_Store


--------------------------------------------------------------------------------
/574.4/binary/.DS_Store:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bat0s/BootROM/HEAD/574.4/binary/.DS_Store


--------------------------------------------------------------------------------
/574.4/cert/.DS_Store:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bat0s/BootROM/HEAD/574.4/cert/.DS_Store


--------------------------------------------------------------------------------
/574.4/mappings/.DS_Store:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bat0s/BootROM/HEAD/574.4/mappings/.DS_Store


--------------------------------------------------------------------------------
/574.4/binary/SecureROM.s5l8930xsi.RELEASE.bin:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bat0s/BootROM/HEAD/574.4/binary/SecureROM.s5l8930xsi.RELEASE.bin


--------------------------------------------------------------------------------
/574.4/mappings/import.py:
--------------------------------------------------------------------------------
 1 | '''
 2 |     
 3 | Copied from 
 4 | http://reverseengineering.stackexchange.com/questions/11874/how-to-automatically-rename-some-ida-functions-from-a-given-list/11875
 5 | 
 6 | '''
 7 | 
 8 | import idaapi
 9 | import idautils
10 | import idc
11 | 
12 | def do_rename(l):
13 |     splitted = l.split()
14 |     straddr = splitted[0]
15 |     strname = splitted[1].replace("\r", "").replace("\n", "")
16 |     
17 |     if straddr.find(":") != -1: #assuming form segment:offset
18 |         #removing segment, offset should be unique, if it isn't so, we should handle it differently
19 |         straddr = straddr.split(":")[1]
20 |     
21 |     eaaddr = int(straddr, 16)
22 |     idc.MakeCode(eaaddr)
23 |     idc.MakeFunction(eaaddr)
24 |     idc.MakeNameEx(int(straddr, 16), strname, idc.SN_NOWARN)
25 | 
26 | 
27 | if __name__ == "__main__":
28 |     path = AskFile(0, "*", "Choose symbolization file:")
29 |     f = open( path, "r")
30 |     for l in f:
31 |         do_rename(l)
32 |     f.close()


--------------------------------------------------------------------------------
/574.4/cert/s5l8930xsi.pem:
--------------------------------------------------------------------------------
 1 | -----BEGIN CERTIFICATE-----
 2 | MIIEuzCCA6OgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBiMQswCQYDVQQGEwJVUzETMBEGA1UEChM
 3 | KQXBwbGUgSW5jLjEmMCQGA1UECxMdQXBwbGUgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxFjAUBg
 4 | NVBAMTDUFwcGxlIFJvb3QgQ0EwHhcNMDYwNDI1MjE0MDM2WhcNMzUwMjA5MjE0MDM2WjBiMQswC
 5 | QYDVQQGEwJVUzETMBEGA1UEChMKQXBwbGUgSW5jLjEmMCQGA1UECxMdQXBwbGUgQ2VydGlmaWNh
 6 | dGlvbiBBdXRob3JpdHkxFjAUBgNVBAMTDUFwcGxlIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQU
 7 | AA4IBDwAwggEKAoIBAQDkkakJH5HbHkdQ6wXtXnmELes2oldMVeyLGYne+Uts9QerIjAC6Bg++F
 8 | AJ039BqJj50cpmnCRrEdCju+QbKsMflZ56DKRHi1vUFjczy8QPTc4UadHJGXL1XQ7Vf1+b8iUDu
 9 | lWPTV0N8WQ1IxVLFVkds5T39pyez1C6wVhQZ48ItCD3y6wsIG9wtj8BMIy3Q88PnT3zK0koGsj+
10 | zrW5DtleHNbLPbU6rfQPDgCSC7EhFi501TwN22IWq6NxkkdTVcGvL0Gz+PvjcM3mo0xFfh9Ma1C
11 | WQYnEdGILEINBhzOKgbEwWOxaBDKMaLOPHd5lc/9nXmW8Sdh2nzMUZaF3lMktAgMBAAGjggF6MI
12 | IBdjAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUK9BpR5R2Cf70a
13 | 40uQKb3R01/CF4wHwYDVR0jBBgwFoAUK9BpR5R2Cf70a40uQKb3R01/CF4wggERBgNVHSAEggEI
14 | MIIBBDCCAQAGCSqGSIb3Y2QFATCB8jAqBggrBgEFBQcCARYeaHR0cHM6Ly93d3cuYXBwbGUuY29
15 | tL2FwcGxlY2EvMIHDBggrBgEFBQcCAjCBthqBs1JlbGlhbmNlIG9uIHRoaXMgY2VydGlmaWNhdG
16 | UgYnkgYW55IHBhcnR5IGFzc3VtZXMgYWNjZXB0YW5jZSBvZiB0aGUgdGhlbiBhcHBsaWNhYmxlI
17 | HN0YW5kYXJkIHRlcm1zIGFuZCBjb25kaXRpb25zIG9mIHVzZSwgY2VydGlmaWNhdGUgcG9saWN5
18 | IGFuZCBjZXJ0aWZpY2F0aW9uIHByYWN0aWNlIHN0YXRlbWVudHMuMA0GCSqGSIb3DQEBBQUAA4I
19 | BAQBcNplMLXi37Yyb3PN3m/J20ncwT8EfhYOFG5k9RzfyqZtAjizUsZAS2L70c5vu0mQPy3lPNN
20 | iiPvl4/2vIB+x9OYOLUyDTOMSxv5pPCmv/K/xZpwUJfBdAVhEedNO3iyM7R6PVbyTi69G3cN8PR
21 | eEnyvFteO3ntRcXqNx+IjXKJdXZD9Zr1KIkIxH3oayPc4FgxhtbCS+SsvhESPBgOJ4V9T0mZyCK
22 | M2r3DYLP3uujL/lTaltkwGMzd/c6ByxW69oPIQ7aunMZT7XZNn/Bh1XZp5m5MkL72NVxnn6hUrc
23 | bvZNCJBIqxw8dtk2cXmPIS4AXUKqK1drk/NAJBzewdXUh
24 | -----END CERTIFICATE-----


--------------------------------------------------------------------------------
/574.4/mappings/symbols.txt:
--------------------------------------------------------------------------------
  1 | ROM:82D0 get_product
  2 | ROM:94BC get_manufacturer
  3 | ROM:62C bootrom_start
  4 | ROM:90A4 printf
  5 | ROM:8F78 vsnprintf
  6 | ROM:8FC4 snprintf
  7 | ROM:5C88 putchar
  8 | ROM:5A5C jump_to
  9 | ROM:4C84 wait_for_image
 10 | ROM:686C aes_crypto_cmd
 11 | ROM:84DC memmove
 12 | ROM:5CC8 panic
 13 | ROM:438C malloc
 14 | ROM:3FD4 malloc_function
 15 | ROM:3B94 free_function
 16 | ROM:5730 reboot
 17 | ROM:5758 reboot_loop
 18 | ROM:554 enable_cpu_irq
 19 | ROM:540 disable_cpu_irq
 20 | ROM:594 enable_cpu_fiq
 21 | ROM:584 disable_cpu_fiq
 22 | ROM:5E4 wait_for_interrupt
 23 | ROM:6480 clear_icache
 24 | ROM:63F8 clear_dcache
 25 | ROM:649C clear_all_cache
 26 | ROM:4398 parse_certificate_and_signature
 27 | ROM:7808 parse_certificate_and_signature_function
 28 | ROM:9144 memcmp
 29 | ROM:84D0 bcopy
 30 | ROM:749C image_load
 31 | ROM:44FC blockdev
 32 | ROM:5DC8 disable_cpu_fiq_and_cpu_irq
 33 | ROM:5DEC enable_cpu_fiq_and_cpu_irq
 34 | ROM:2068 sha1_calculate_function
 35 | ROM:A7C aes_hw_crypto_cmd
 36 | ROM:3CC4 heap_add_chunk
 37 | ROM:3B6C get_next_alloc
 38 | ROM:3B58 right_shift_three
 39 | ROM:83D8 memzero
 40 | ROM:83C0 memset
 41 | ROM:9020 strlen
 42 | ROM:3B5C get_min_alloc
 43 | ROM:3B80 get_zone
 44 | ROM:3D68 link_chunk
 45 | ROM:3B74 get_prev_chunk
 46 | ROM:543C get_clock_hz
 47 | ROM:9460 get_cpid
 48 | ROM:94D0 get_cprv
 49 | ROM:83A0 get_cpfm
 50 | ROM:82B0 get_scep
 51 | ROM:4DD4 get_bdid
 52 | ROM:83BC get_ibfl
 53 | ROM:946C get_ecid
 54 | ROM:5E54 task_init
 55 | ROM:5EE4 start_idle_task
 56 | ROM:5B8 enable_vfp
 57 | ROM:3E8 read_control_register_data
 58 | ROM:3F0 write_control_register_data
 59 | ROM:3F8 read_aux_register_data
 60 | ROM:400 write_aux_register_data
 61 | ROM:408 write_domain_register_data
 62 | ROM:410 write_tlb0
 63 | ROM:5F0 load_and_jump_to_image
 64 | ROM:6364 setup_restrictions
 65 | ROM:62C4 setup_allowed_range
 66 | ROM:6280 flag_load
 67 | ROM:629C flag_check
 68 | ROM:41CC parse_footer
 69 | ROM:43CC decrypt_shsh_tag
 70 | ROM:405C store_data_to_buffer
 71 | ROM:473A KBAG_is_aes192
 72 | ROM:4740 KBAG_is_aes256
 73 | ROM:4FB4 mmu_init
 74 | ROM:64BC mmu_map_address
 75 | ROM:5518 miu_init
 76 | ROM:D20 gpio_custom_io
 77 | ROM:C94 gpio_pulldown_configure
 78 | ROM:5580 _udelay
 79 | ROM:5408 chipid_get_gpio_epoch
 80 | ROM:E00 gpio_pin_state
 81 | ROM:50B4 gpio_setup
 82 | ROM:2344 spi_on_off
 83 | ROM:7450 free_memz
 84 | ROM:9128 strcmp
 85 | ROM:9178 strnlen
 86 | ROM:8FE8 strncpy
 87 | ROM:2344 spi_on_off
 88 | ROM:712C usb_shutdown
 89 | ROM:7468 memz_create
 90 | ROM:9088 putchar_secure
 91 | ROM:721C putchar_function
 92 | ROM:4380 free
 93 | ROM:6948 sha1_calculate
 94 | ROM:43C0 sha1_calculate_wrapper
 95 | ROM:7EDC blockdev_write_hook
 96 | ROM:8068 blockdev_read_hook
 97 | ROM:7D10 no_reasonable_default_block_write_routine
 98 | ROM:7D08 no_reasonable_default_block_read_routine
 99 | ROM:7D18 no_reasonable_default_erase_routine
100 | ROM:6348 check_if_untrusted_images_permitted
101 | ROM:630C range_check
102 | ROM:500C aes_check
103 | ROM:90C8 strncat
104 | ROM:2000 copy_block_to_sha1_engine
105 | ROM:1618 nor0_prepare
106 | ROM:6920 prepare_block_device_node
107 | ROM:7CF8 add_to_bdev_list
108 | ROM:690C check_if_nor0_prepared
109 | ROM:2370 spi_setup_function
110 | ROM:4FA8 spi_setup
111 | ROM:1850 vic0_intenable
112 | ROM:81D4 get_block_device
113 | ROM:A24C __umodsi3
114 | ROM:A10C __divsi3
115 | ROM:9FFC _uidiv
116 | ROM:858 __ashldi3
117 | ROM:6FF4 usb_create_string_descriptor
118 | ROM:2308 spi_status
119 | ROM:5D6C task_setup
120 | ROM:94C4 get_vid
121 | ROM:82BC get_pid
122 | ROM:82D8 get_system_info
123 | ROM:7490 get_image_for_tag
124 | ROM:55FC clock_gate_switch
125 | ROM:954 aes_hw_crypto_operation
126 | ROM:81FC DataCacheOperation
127 | ROM:A5C wait_for_dma_channel
128 | ROM:5F5C task_yield
129 | ROM:91C dma_setup
130 | ROM:66A4 arm_setup
131 | ROM:5A4 give_full_access_cp10_cp11
132 | ROM:6098 tasks_run
133 | ROM:1008 h2fmi_wait_for_done
134 | ROM:61E4 timer_get_system_microtime
135 | ROM:57B8 timer_get_rtc_ticks
136 | ROM:6250 has_elapsed
137 | ROM:294C usb_phy_init
138 | ROM:6220 udelay
139 | ROM:8940 do_printf
140 | ROM:880C vsnprintf_help
141 | ROM:1824 interrupt_install
142 | ROM:3664 usbIRQHandler
143 | ROM:2F48 usb_start
144 | ROM:3030 usb_setup
145 | ROM:69D4 change_state
146 | ROM:3E08 memalign
147 | ROM:3534 synopsys_otg_handle_endpoint_in


--------------------------------------------------------------------------------
/574.4/cert/x509out.txt:
--------------------------------------------------------------------------------
 1 | Certificate:
 2 | Data:
 3 | Version: 3 (0x2)
 4 | Serial Number: 2 (0x2)
 5 | Signature Algorithm: sha1WithRSAEncryption
 6 | Issuer: C=US, O=Apple Inc., OU=Apple Certification Authority, CN=Apple Root CA
 7 | Validity
 8 | Not Before: Apr 25 21:40:36 2006 GMT
 9 | Not After : Feb  9 21:40:36 2035 GMT
10 | Subject: C=US, O=Apple Inc., OU=Apple Certification Authority, CN=Apple Root CA
11 | Subject Public Key Info:
12 | Public Key Algorithm: rsaEncryption
13 | RSA Public Key: (2048 bit)
14 | Modulus (2048 bit):
15 | 00:e4:91:a9:09:1f:91:db:1e:47:50:eb:05:ed:5e:
16 | 79:84:2d:eb:36:a2:57:4c:55:ec:8b:19:89:de:f9:
17 | 4b:6c:f5:07:ab:22:30:02:e8:18:3e:f8:50:09:d3:
18 | 7f:41:a8:98:f9:d1:ca:66:9c:24:6b:11:d0:a3:bb:
19 | e4:1b:2a:c3:1f:95:9e:7a:0c:a4:47:8b:5b:d4:16:
20 | 37:33:cb:c4:0f:4d:ce:14:69:d1:c9:19:72:f5:5d:
21 | 0e:d5:7f:5f:9b:f2:25:03:ba:55:8f:4d:5d:0d:f1:
22 | 64:35:23:15:4b:15:59:1d:b3:94:f7:f6:9c:9e:cf:
23 | 50:ba:c1:58:50:67:8f:08:b4:20:f7:cb:ac:2c:20:
24 | 6f:70:b6:3f:01:30:8c:b7:43:cf:0f:9d:3d:f3:2b:
25 | 49:28:1a:c8:fe:ce:b5:b9:0e:d9:5e:1c:d6:cb:3d:
26 | b5:3a:ad:f4:0f:0e:00:92:0b:b1:21:16:2e:74:d5:
27 | 3c:0d:db:62:16:ab:a3:71:92:47:53:55:c1:af:2f:
28 | 41:b3:f8:fb:e3:70:cd:e6:a3:4c:45:7e:1f:4c:6b:
29 | 50:96:41:89:c4:74:62:0b:10:83:41:87:33:8a:81:
30 | b1:30:58:ec:5a:04:32:8c:68:b3:8f:1d:de:65:73:
31 | ff:67:5e:65:bc:49:d8:76:9f:33:14:65:a1:77:94:
32 | c9:2d
33 | Exponent: 65537 (0x10001)
34 | X509v3 extensions:
35 | X509v3 Key Usage: critical
36 | Certificate Sign, CRL Sign
37 | X509v3 Basic Constraints: critical
38 | CA:TRUE
39 | X509v3 Subject Key Identifier:
40 | 2B:D0:69:47:94:76:09:FE:F4:6B:8D:2E:40:A6:F7:47:4D:7F:08:5E
41 | X509v3 Authority Key Identifier:
42 | keyid:2B:D0:69:47:94:76:09:FE:F4:6B:8D:2E:40:A6:F7:47:4D:7F:08:5E
43 | 
44 | X509v3 Certificate Policies:
45 | Policy: 1.2.840.113635.100.5.1
46 | CPS: https://www.apple.com/appleca/
47 | User Notice:
48 | Explicit Text: Reliance on this certificate by any party assumes acceptance of the then applicable standard terms and conditions of use, certificate policy and certification practice statements.
49 | 
50 | Signature Algorithm: sha1WithRSAEncryption
51 | 5c:36:99:4c:2d:78:b7:ed:8c:9b:dc:f3:77:9b:f2:76:d2:77:
52 | 30:4f:c1:1f:85:83:85:1b:99:3d:47:37:f2:a9:9b:40:8e:2c:
53 | d4:b1:90:12:d8:be:f4:73:9b:ee:d2:64:0f:cb:79:4f:34:d8:
54 | a2:3e:f9:78:ff:6b:c8:07:ec:7d:39:83:8b:53:20:d3:38:c4:
55 | b1:bf:9a:4f:0a:6b:ff:2b:fc:59:a7:05:09:7c:17:40:56:11:
56 | 1e:74:d3:b7:8b:23:3b:47:a3:d5:6f:24:e2:eb:d1:b7:70:df:
57 | 0f:45:e1:27:ca:f1:6d:78:ed:e7:b5:17:17:a8:dc:7e:22:35:
58 | ca:25:d5:d9:0f:d6:6b:d4:a2:24:23:11:f7:a1:ac:8f:73:81:
59 | 60:c6:1b:5b:09:2f:92:b2:f8:44:48:f0:60:38:9e:15:f5:3d:
60 | 26:67:20:8a:33:6a:f7:0d:82:cf:de:eb:a3:2f:f9:53:6a:5b:
61 | 64:c0:63:33:77:f7:3a:07:2c:56:eb:da:0f:21:0e:da:ba:73:
62 | 19:4f:b5:d9:36:7f:c1:87:55:d9:a7:99:b9:32:42:fb:d8:d5:
63 | 71:9e:7e:a1:52:b7:1b:bd:93:42:24:12:2a:c7:0f:1d:b6:4d:
64 | 9c:5e:63:c8:4b:80:17:50:aa:8a:d5:da:e4:fc:d0:09:07:37:
65 | b0:75:75:21
66 | -----BEGIN CERTIFICATE-----
67 | MIIEuzCCA6OgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBiMQswCQYDVQQGEwJVUzET
68 | MBEGA1UEChMKQXBwbGUgSW5jLjEmMCQGA1UECxMdQXBwbGUgQ2VydGlmaWNhdGlv
69 | biBBdXRob3JpdHkxFjAUBgNVBAMTDUFwcGxlIFJvb3QgQ0EwHhcNMDYwNDI1MjE0
70 | MDM2WhcNMzUwMjA5MjE0MDM2WjBiMQswCQYDVQQGEwJVUzETMBEGA1UEChMKQXBw
71 | bGUgSW5jLjEmMCQGA1UECxMdQXBwbGUgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkx
72 | FjAUBgNVBAMTDUFwcGxlIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
73 | ggEKAoIBAQDkkakJH5HbHkdQ6wXtXnmELes2oldMVeyLGYne+Uts9QerIjAC6Bg+
74 | +FAJ039BqJj50cpmnCRrEdCju+QbKsMflZ56DKRHi1vUFjczy8QPTc4UadHJGXL1
75 | XQ7Vf1+b8iUDulWPTV0N8WQ1IxVLFVkds5T39pyez1C6wVhQZ48ItCD3y6wsIG9w
76 | tj8BMIy3Q88PnT3zK0koGsj+zrW5DtleHNbLPbU6rfQPDgCSC7EhFi501TwN22IW
77 | q6NxkkdTVcGvL0Gz+PvjcM3mo0xFfh9Ma1CWQYnEdGILEINBhzOKgbEwWOxaBDKM
78 | aLOPHd5lc/9nXmW8Sdh2nzMUZaF3lMktAgMBAAGjggF6MIIBdjAOBgNVHQ8BAf8E
79 | BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUK9BpR5R2Cf70a40uQKb3
80 | R01/CF4wHwYDVR0jBBgwFoAUK9BpR5R2Cf70a40uQKb3R01/CF4wggERBgNVHSAE
81 | ggEIMIIBBDCCAQAGCSqGSIb3Y2QFATCB8jAqBggrBgEFBQcCARYeaHR0cHM6Ly93
82 | d3cuYXBwbGUuY29tL2FwcGxlY2EvMIHDBggrBgEFBQcCAjCBthqBs1JlbGlhbmNl
83 | IG9uIHRoaXMgY2VydGlmaWNhdGUgYnkgYW55IHBhcnR5IGFzc3VtZXMgYWNjZXB0
84 | YW5jZSBvZiB0aGUgdGhlbiBhcHBsaWNhYmxlIHN0YW5kYXJkIHRlcm1zIGFuZCBj
85 | b25kaXRpb25zIG9mIHVzZSwgY2VydGlmaWNhdGUgcG9saWN5IGFuZCBjZXJ0aWZp
86 | Y2F0aW9uIHByYWN0aWNlIHN0YXRlbWVudHMuMA0GCSqGSIb3DQEBBQUAA4IBAQBc
87 | NplMLXi37Yyb3PN3m/J20ncwT8EfhYOFG5k9RzfyqZtAjizUsZAS2L70c5vu0mQP
88 | y3lPNNiiPvl4/2vIB+x9OYOLUyDTOMSxv5pPCmv/K/xZpwUJfBdAVhEedNO3iyM7
89 | R6PVbyTi69G3cN8PReEnyvFteO3ntRcXqNx+IjXKJdXZD9Zr1KIkIxH3oayPc4Fg
90 | xhtbCS+SsvhESPBgOJ4V9T0mZyCKM2r3DYLP3uujL/lTaltkwGMzd/c6ByxW69oP
91 | IQ7aunMZT7XZNn/Bh1XZp5m5MkL72NVxnn6hUrcbvZNCJBIqxw8dtk2cXmPIS4AX
92 | UKqK1drk/NAJBzewdXUh
93 | -----END CERTIFICATE-----


--------------------------------------------------------------------------------