Cryptographic Attack

As described in the introduction to the mbmloader-replacement attack, there's a cryptographic signature in the mbmloader, which is verified by the OMAP hardware. According to Texas Instrument's documents, this cryptographic signature is based on a 128-bit RSA key¹⁾. By cracking that key we would be able to load a modified mbmloader that didn't verify mbm's signature, thus being able to patching mbm to not check the boot image's signature.

We can obtain the signature and the ciphertext checked by the OMAP hardware. If a public key algorithm is used, we can obtain the public key. We can know the signature's formula (sha1 hash signed with rsa?). We can crack the key in reasonable time.

User kokone has done some very interesting work on this:

• ReadMBMLoader.c, ReadMBMLoader.h
• This program dumps the 4 Public Keys stored in PKCerts_ as .pem format. They are 2048 bits each and used to sign the different parts of the MBMLoader. Signing seems to be SHA-1 Hash with PKCS-1 Padding.
• Compile using g++ -c ReadMBMLoader.c
• Link using g++ -o ReadMBMLoader ReadMBMLoader.o -lcrypt -lopenssl
• To use the source cut out the 2560 bytes starting at 0x400 in the MTD0 dump and save the result as mbmloader_cert.
• kokone's notes: “I used openssl to create private keys and used csst to create the Certificates. CSST is using openssl internally for all the crypto stuff (most likely due to the FIPS certification). With this code I can read out my own public keys but i'm unable to verify the signature so far. The Rights setting tells the OMAP bootloader which keys are valid for which part of the mtd0 filesystem. I'm not really sure which part of the PKCert_ area is used for signing. My experiments are not conclusive. The significance of the MSV Mask is also unknown. According to the Register description of the 2430 the E-Fuses define a 160bit public key. My guess would be the SHA-1 Sum of the public key. One more thing: word ordering in the file is LSB first. The position of Signature Info and Signer Info is not fixed in stone and just a first guess.”
  • comment by maui: “MSV seems to be related to the Keys Access Registers (32 bits long) mentioned in the 6.4.8.13 section of the spruf98 TRM”.
  • new version, comments by kokone:
    • “It reads and tries to verify all parts of the MBMLoader (besides CHSETTINGS) including PKCerts, PPA and ISW.”
    • “The new ReadMBMLoader writes out the binaries contained in the ISW and PPA parts.”
    • “PPA contains only a single binary. ISW can contain up to four binaries.”
    • “No payload is verified inside the PPA header. The header contains a 160bit checksum (SHA1 for TI sample image) for each binary.”

ROM:87000780 ED CC F2 5A+                    DCB 0x96, 0x3F, 0x71, 0x19, 0xED, 0xCC, 0xF2, 0x5A, 0x41    ; srk_part_1 (1024bit)
ROM:87000780 41 43 8A 0B+                    DCB 0x43, 0x8A, 0xB, 0x40, 0, 0x38, 0x7A, 0xA9, 0x4B, 2     ; srk_part_1
ROM:87000780 40 00 38 7A+                    DCB 0xB0, 0xD9, 0x15, 0xBE, 0x73, 0xB3, 0x82, 0x3D, 0x9A    ; srk_part_1
ROM:87000780 A9 4B 02 B0+                    DCB 0x91, 0xF2, 0xB7, 0x6B, 0xEB, 0x34, 0x3E, 0xC7, 0xA     ; srk_part_1
ROM:87000780 D9 15 BE 73+                    DCB 0x33, 0x2E, 0xCF, 7, 0x53, 0xED, 0xD3, 0xBB, 0xBC       ; srk_part_1
ROM:87000780 B3 82 3D 9A+                    DCB 0x2B, 0xE5, 0x3E, 0x11, 0x2F, 0xEF, 0xEE, 0xD0, 0xB5    ; srk_part_1
ROM:87000780 91 F2 B7 6B+                    DCB 0xD2, 0x6C, 0x84, 0xC2, 0x22, 0xD1, 0xBE, 0xF7, 0xFA    ; srk_part_1
ROM:87000780 EB 34 3E C7+                    DCB 0x5E, 0xD6, 0x5A, 0x1C, 0x33, 0x1C, 0xB2, 0x56, 0xB     ; srk_part_1
ROM:87000780 0A 33 2E CF+                    DCB 0xCF, 0xFE, 0xA8, 0x39, 0x16, 0x69, 0x93, 0x22, 0x22    ; srk_part_1
ROM:87000780 07 53 ED D3+                    DCB 0x97, 0xC5, 0xA6, 0xF7, 0x95, 0x80, 0x34, 0x86, 0xA6    ; srk_part_1
ROM:87000780 BB BC 2B E5+                    DCB 0x9F, 0xA3, 0x89, 0xE2, 0xDE, 0x5D, 0x13, 0x7A, 0xE2    ; srk_part_1
ROM:87000780 3E 11 2F EF+                    DCB 0xBE, 0x92, 0xA6, 0x77, 0x44, 0x9E, 0x1F, 0xAB, 0x93    ; srk_part_1
ROM:87000780 EE D0 B5 D2+                    DCB 0x82, 0x90, 0x14, 0xB4, 0xAB, 0xAD, 0x47, 0x13, 0x53    ; srk_part_1
ROM:87000780 6C 84 C2 22+                    DCB 1, 0xF0, 0x3F, 0xCE, 0xD2, 0x41, 0x4E, 0x93, 0xE7       ; srk_part_1
ROM:87000780 D1 BE F7 FA+                    DCB 0x61                                                    ; srk_part_1

ROM:87000780 5E D6 5A 1C+                    DCB 1, 0, 1                       ; srk_1
ROM:87000780 33 1C B2 56+                    DCB 0
ROM:87000780 0B CF FE A8+                    DCD mbmloader_header.srk_part_1   ; anonymous_11
ROM:87000780 39 16 69 93+                    DCB 3, 0, 0x80, 0, 1, 0, 0, 0

ROM:87000780 22 22 97 C5+                    DCB 0xAA, 0x37, 0x78, 0x33, 0xEC, 0x35, 0xFE, 0xB0, 0xDC    ; srk_part_2 (1024bit)
ROM:87000780 A6 F7 95 80+                    DCB 0xC1, 0x76, 0xB5, 0x80, 0x46, 9, 0x77, 0x30, 0xBD       ; srk_part_2
ROM:87000780 34 86 A6 9F+                    DCB 0x53, 0x38, 0xB9, 0x75, 0x98, 0xAB, 0xCC, 0xD8, 0x73    ; srk_part_2
ROM:87000780 A3 89 E2 DE+                    DCB 0x2D, 0xB, 0xB1, 0xA2, 0x43, 0x90, 0x8E, 0x5D, 0x96     ; srk_part_2
ROM:87000780 5D 13 7A E2+                    DCB 2, 0x97, 0x95, 0x1A, 0x1C, 0x32, 0x5D, 0xE7, 0x63       ; srk_part_2
ROM:87000780 BE 92 A6 77+                    DCB 0x4E, 0xA, 0x7D, 0x47, 0x13, 0xCD, 0x50, 0x2E, 0x1C     ; srk_part_2
ROM:87000780 44 9E 1F AB+                    DCB 0x66, 0x69, 0x8D, 0xFA, 0xA6, 0xF9, 0x99, 0x7E, 0xA8    ; srk_part_2
ROM:87000780 93 82 90 14+                    DCB 0x19, 0x15, 0x4C, 0xBB, 0x37, 0x2D, 0x29, 0x93, 0xA1    ; srk_part_2
ROM:87000780 B4 AB AD 47+                    DCB 0xAF, 0x1F, 0xEA, 0x7B, 0x17, 6, 0xA0, 0xB9, 0x27       ; srk_part_2
ROM:87000780 13 53 01 F0+                    DCB 6, 0xE7, 0xD9, 0x11, 0xC8, 0x18, 0xA3, 0xE3, 0xAC       ; srk_part_2
ROM:87000780 3F CE D2 41+                    DCB 0xED, 0x33, 0x6B, 0x5B, 0x92, 0xC9, 8, 0x63, 0xF7       ; srk_part_2
ROM:87000780 4E 93 E7 61+                    DCB 0x82, 0x76, 0xF5, 0x99, 0x83, 0x75, 0x24, 0xE7, 0xA1    ; srk_part_2
ROM:87000780 01 00 01 00+                    DCB 0x7B, 0xF5, 0x68, 0xE6, 0x91, 0x56, 0x49, 0x51, 0x88    ; srk_part_2
ROM:87000780 C0 07 00 87+                    DCB 0x71, 0xEE, 0xBF, 0xBD, 0x61, 0xAB, 0x2E, 0x79, 0x1A    ; srk_part_2
ROM:87000780 03 00 80 00+                    DCB 0xDE, 0x55                                              ; srk_part_2

ROM:87000780 01 00 00 00+                    DCB 1, 0, 1                       ; srk_2
ROM:87000780 AA 37 78 33+                    DCB 0
ROM:87000780 EC 35 FE B0+                    DCD mbmloader_header.srk_part_2   ; anonymous_13
ROM:87000780 DC C1 76 B5+                    DCB 3, 0, 0x80, 0, 1, 0, 0, 0

ROM:87000780 80 46 09 77+                    DCB 0x6B, 0xD3, 0x98, 0xE2, 0xD6, 0xF0, 0xF8, 0xCF, 0xFC   ; sha1_hash (160bit)
ROM:87000780 30 BD 53 38+                    DCB 0xD4, 0x96, 0x72, 0x5E, 0xB3, 0xA8, 0xB3, 0x6B, 0xF9   ; sha1_hash
ROM:87000780 B9 75 98 AB+                    DCB 0xB1, 0x16                                             ; sha1_hash

From 0x86FFDA00 addr:

DCB "CertPK_",0                   ; CertPK.cert_mark
DCD 0			       ; CertPK.cert_version
DCD 0			       ; CertPK.cert_type
DCD 0			       ; CertPK.minver_pk
DCD 0			       ; CertPK.minver_ppa
DCD 0			       ; CertPK.minver_rd1
DCD 0			       ; CertPK.minver_rd2
DCD 0			       ; CertPK.minver_isw
DCD 0			       ; CertPK.minver_ki
DCD 0			       ; CertPK.minver_pau
DCD 0			       ; CertPK.minver_pas
DCD 0			       ; CertPK.watchdog_param
DCD 1			       ; CertPK.keys_number
DCD 0			       ; CertPK.key_01.key_id
DCD 1			       ; CertPK.key_01.key_type
DCD 0b100000000		       ; CertPK.key_01.key_rights
DCD 65537			       ; CertPK.key_01.modul_length
DCD 0x796B0F69		       ; CertPK.key_01.e_value
DCB "îÝjÉnÊ!‹¦m–K!ÄW塶/",0x17,"Ì",0x19,"Þ",0x1F,0xB,"6<zڊ‰áºŸ6>3†eÍÊÒ%èâMò*/,ûÙ"; CertPK.key_01.modul
DCB "Ï]“m%",0xFF,"2ž˜„”ªåû~",7,3,"ÑNϱÊ",0xD,"+",0x24,"û¦§½œm)E|a",0xB,"Þ¡cšý˜UÈ]…«"; CertPK.key_01.modul
DCB " ƒµì¸‘",0x10,"ÂC;",0x24,"ýÁÓzÀŒ",0xE,"~ßÚɆ×ù¹ð´",5,"a½Oúe‰_§5xn»IÈ",0x15,"µßü9J"; CertPK.key_01.modul
DCB "³—Æ",0x1E,"–ƒTd3",0x1A,"tÕ;",9,"Rl)²Ð",0x24,"þ(æÓç:_mÕ¡2Xð",0x24,0x10,"™·egUŽ+T",0xC,""; CertPK.key_01.modul
DCB 0x17,"ÔG",0xF,"\;:J",0x16,"…Õ",0x15,"• L§çË/Z•¹¿",0xC,"h2ÉB«¨Ô!ø",5,"Ü",0x1D,"ï¶A8ßÈáxµ"; CertPK.key_01.modul
DCB "„#‚~á",3,0,0,0              ; CertPK.key_01.modul
DCD 2			       ; CertPK.key_02.key_id
DCD 0			       ; CertPK.key_02.key_type
DCD 0b11100		       ; CertPK.key_02.key_rights
DCD 256			       ; CertPK.key_02.modul_length
DCD 0x10001		       ; CertPK.key_02.e_value
DCB "éô",0xD,"҃",0x1C,"Qls2",4,"v9",4,"¶",0xF,"z",0xE,"p",0xC,"¬%Œ1",6,"ŠÈ–",0xFF,"UÆh¬y",0x15; CertPK.key_02.modul
DCB "½’JÂ-",7,"…Ö",9,0x17,"KÇ?",0x13,"ì¡",2,0x1A,"À",0x12,"X¢aÀÍÊÙ",0xFF,"‹›",0x1C,"rJ/³",0xFF,"*ÆÚ"; CertPK.key_02.modul
DCB " %I¤Ë!",0xB,"ˆ",0x1F,"¦ñò*Ò+za’&+“ü",0x16,"i",8,"‰›",1,"kù`",0x12,"°=T",8,"ùÝϋ=Ú",4; CertPK.key_02.modul
DCB "…`Ún‘@‡ó}Ï61íÝdú¬vd",0x17,"ã",7,"múhÈ",0xC,"78åu´]#ÆÇìÐôûÒJé",1,"Ô¹꿶( "; CertPK.key_02.modul
DCB "j÷",0x11,"°¸ÅŸ",0x15,"1‘ä–¿",4,"…¹",0x1D,"½J",0x18,"E",0x11,"÷J¿¿",3,0xE,"‡›Ñt=ãóÂ),D\"; CertPK.key_02.modul
DCB "½Ú¼ž",6,"‰ÃZôbá«",0x1C,"s1‡",0x19,"´",0x1F,"£è",0x1F,"HA",0x13,0x15,"–ðôo–~ºVsÉÇÕq",8,"å"; CertPK.key_02.modul
DCD 3			       ; CertPK.key_03.key_id
DCD 0			       ; CertPK.key_03.key_type
DCD 0b10			       ; CertPK.key_03.key_rights
DCD 256			       ; CertPK.key_03.modul_length
DCD 0x10001		       ; CertPK.key_03.e_value
DCB "ß°‹",0x1A,"xñBÏÛe;",0x14,"›CFk",0x22,"±K®¬Ò{ÇàãY¬¢a#ð¦1ÇY’¢",0xB,"Q",0xFF,"õ˜ˆ¦ç-ð&"; CertPK.key_03.modul
DCB "ûӛ[½u!",0x1E,"Ä",0x16,"^’ÀBêž",6,"Ê",0x16,"1j l¯",0xE,"v4ÍôêŠÛîGR",2,"q/ôێ»Iç"; CertPK.key_03.modul
DCB "H…V”Á|7žK",0x16,"e-",0x1F,"M°vÖiC_ºÔ39‚|@º+’®¨Îg=Å",0x14,"3",0x14,"§",5,0x13,"Éj‹ýF["; CertPK.key_03.modul
DCB "",0xB,"éÔÞ:i",4,"à¿¥ï-TÆ",0x15,"8ó@",6,"ƒ.£Ç",0x22,"ï±x;",2,0x1D,"x>æ/ád¢®",0x1F,4,"­"; CertPK.key_03.modul
DCB 0x16,"(º©^G",0x1F,0x11,"™Ô–",0xE," '",0x19,"Q.:Ü",6,"¤z‹*",5,"Õï",0xC,"e",0x11,"‹ù[",0xE,"Ký¿<€o"; CertPK.key_03.modul
DCB "›Ä",0x10,"×ÞèïÅ2?z",0x24,"²‘",9,"BN^",7,"-%",0x13,"úF¿4qÁ"; CertPK.key_03.modul
DCD 4			       ; CertPK.key_04.key_id
DCD 0			       ; CertPK.key_04.key_type
DCD 0b100000		       ; CertPK.key_04.key_rights
DCD 256			       ; CertPK.key_04.modul_length
DCD 0x10001		       ; CertPK.key_04.e_value
DCB "åCF¦´JEº",0x1E,"/Këj8)®³“=`ݖ’¦naܸ!2mïÕ",0x19," OTYpuaû*ɵùr@b|",0xE,"à‡ÒÃ"; CertPK.key_04.modul
DCB "ϋØ,mÈÄT{øMë ¨Úôs¡ä[¯",7,"2ˆ’",0x15,"R7¡“‘š&.lÜ×",0xA; CertPK.key_04.modul
DCB "¥¦ºæ",9,0x1F,"m¥áP¼¡—âC",0xF,0x1A,"¾§Ûø>",0x1B,2,"ékHÑëÄ<|®¯ã",0xFF,"ûjF",0x12,"2]•·æ",0x22,"'"; CertPK.key_04.modul
DCB 0xE,3,"”jÅê­A",6,"UxՐT",0xD,"•,–GSMëª",0xF,"/ 9H_C¥¸S°ãh»¯y",0x1E,"cµ}J•8",0x16,"ò"; CertPK.key_04.modul
DCB "Ջ",0x16,"®fJ",0x12,"Ãa½†Q¼°",9,0xF,0x22,"Œ©",0x14,"ò",0x22,"ê)",0xD,0x1A,"Êaӊ",0x11,"’",0x22,"SM",0x11,"\"; CertPK.key_04.modul
DCB "‘ߟ",0x11,"hئ—ý™Ñ©-ù´œÝ×móe©Ñ",7,"¸¦"; CertPK.key_04.modul
DCD 0, 0, 0, 0, 0,	0, 0, 0, 0, 0, 0, 0, 0,	0, 0, 0, 0; CertPK.zero_hole_1
DCD 0, 0, 0, 0, 0,	0, 0, 0, 0, 0, 0, 0, 0,	0, 0, 0, 0; CertPK.zero_hole_1
DCD 0, 0, 0, 0, 0,	0, 0, 0, 0, 0, 0, 0, 0,	0, 0, 0, 0; CertPK.zero_hole_1
DCD 0, 0, 0, 0, 0,	0, 0, 0, 0, 0, 0, 0, 0,	0, 0, 0, 0; CertPK.zero_hole_1
DCD 0, 0, 0, 0, 0,	0, 0, 0, 0, 0, 0, 0, 0,	0, 0, 0, 0; CertPK.zero_hole_1
DCD 0, 0, 0, 0, 0,	0, 0, 0, 0, 0, 0, 0, 0,	0, 0, 0, 0; CertPK.zero_hole_1
DCD 0, 0, 0, 0, 0,	0, 0, 0, 0, 0, 0, 0, 0,	0, 0, 0, 0; CertPK.zero_hole_1
DCD 0, 0, 0, 0, 0,	0, 0, 0, 0, 0, 0, 0, 0,	0, 0, 0, 0; CertPK.zero_hole_1
DCD 0, 0, 0, 0, 0,	0, 0, 0, 0, 0, 0, 0, 0,	0, 0, 0, 0; CertPK.zero_hole_1
DCD 0, 0, 0, 0, 0,	0, 0, 0, 0, 0, 0, 0, 0,	0, 0, 0, 0; CertPK.zero_hole_1
DCD 0, 0, 0, 0, 0,	0, 0, 0, 0, 0, 0, 0, 0,	0, 0, 0, 0; CertPK.zero_hole_1
DCD 0, 0, 0, 0, 0,	0, 0, 0, 0, 0, 0, 0, 0,	0, 0, 0, 0; CertPK.zero_hole_1
DCD 0, 0, 0		       ; CertPK.zero_hole_1
DCD 0b1111110		       ; CertPK.rights
DCD 0xFFFFFFFF		       ; CertPK.msv
DCD 1			       ; CertPK.msv_mask
DCD 0, 0, 0, 0, 0,	0, 0, 0, 0, 0, 0, 0, 0,	0, 0, 0, 0; CertPK.zero_hole_2
DCD 0, 0, 0, 0, 0,	0, 0, 0, 0, 0, 0, 0, 0;	CertPK.zero_hole_2
DCB "¡dxJ",0,0,0,0,"ß",1,0,0,0,0,0,0; CertPK.digest.signer_info
DCD 0			       ; CertPK.digest.signature_info
DCD 1			       ; CertPK.digest.key_id
DCD 0xD7A86661, 0x87FC8D58, 0x3F839BF2, 0x25699BAD, 0x19A4B4E6; CertPK.digest.digest
DCD 0x930445CA, 0xB46C57B3, 0xFA521876, 0x1D029A22, 0xAEFC8EFF; CertPK.digest.digest
DCD 0x267794F4, 0xABE5BD1B, 0x16FB8D77, 0xF25C6530, 0xCB98023A; CertPK.digest.digest
DCD 0x3425E8BC, 0xF4DE906B, 0xA3E7C23B, 0x1465B943, 0x45B4F3D6; CertPK.digest.digest
DCD 0x2DF5401F, 0x97282ACB, 0x39EB6CBA, 0x78E8F204, 0x3C4BA8A8; CertPK.digest.digest
DCD 0xB33C24A8, 0x9D9F5490, 0xE56EE8C5, 0x1409DFCD, 0x6CC94CEE; CertPK.digest.digest
DCD 0x82BBA93, 0xE76A76F6,  0x1216C1B0, 0x87DF3E2D,	0x89456E62; CertPK.digest.digest
DCD 0x58D29682, 0xD7A79EDA, 0xEFAB3226, 0x20547263, 0xD134E92A; CertPK.digest.digest
DCD 0x84B2DA53, 0xF638DD4F, 0x62624DA1, 0xF0C94E31, 0x65633077; CertPK.digest.digest
DCD 0x82106B81, 0x1015F930, 0x193E44F1, 0xBBC3278B, 0xAD08870F; CertPK.digest.digest
DCD 0x6F93C29A, 0x404AA68A, 0x8B6C00FC, 0xEDCD155D, 0x2007CCEE; CertPK.digest.digest
DCD 0xCDA74740, 0x627BC39B, 0x235B1828, 0xC401A6E6, 0x2DF88978; CertPK.digest.digest
DCD 0xA5EDA095, 0x870A132C, 0x2DC84FB0, 0x7AFBF656; CertPK.digest.digest
DCD 0, 0, 0, 0, 0,	0, 0, 0, 0, 0, 0, 0, 0,	0, 0, 0, 0; zero_hole_02
DCD 0, 0, 0, 0, 0,	0, 0, 0, 0, 0, 0, 0, 0,	0, 0, 0, 0; zero_hole_02
DCD 0, 0, 0, 0, 0,	0	       ; zero_hole_02
DCB "CertPPA",0                   ; CertPPA.cert_mark
DCD 0			       ; CertPPA.cert_version
DCD 0			       ; CertPPA.cert_type
DCD 0			       ; CertPPA.minver_src
DCD 0			       ; CertPPA.minver_pk
DCD 0			       ; CertPPA.minver_ppa
DCD 0			       ; CertPPA.minver_rd1
DCD 0			       ; CertPPA.minver_rd2
DCD 0			       ; CertPPA.minver_isw
DCD 0x1DC,	0x1474,	0x12D4378A, 0xF1CC7717,	0x720919A6; CertPPA.image_01.data_byte
DCD 0x306817C4, 0x5B11F5EB	       ; CertPPA.image_01.data_byte
DCD 0, 0, 0, 0, 0,	0, 0, 0, 0, 0, 0, 0, 0,	0, 0, 0, 0; CertPPA.zero_hole
DCB 0xFF,"݂J",0,0,0,0,"0",2,0,0,0,0,0,0; CertPPA.digest.signer_info
DCD 0			       ; CertPPA.digest.signature_info
DCD 2			       ; CertPPA.digest.key_id
DCD 0xBD9EA071, 0x8B7C12A,	0xEFEDC0C7, 0x2799AE04,	0xF4AE345C; CertPPA.digest.digest
DCD 0x3660EA7A, 0x16E58B17, 0x5EFFBC31, 0x437B78A0, 0x4DDA0BE; CertPPA.digest.digest
DCD 0xD9A71628, 0xEF979544, 0xAD9E9DD6, 0x403C59D0, 0x15DA32A4; CertPPA.digest.digest
DCD 0x7339614C, 0x3B11C49A, 0x2279C929, 0xED10D6FA, 0xC39C8B34; CertPPA.digest.digest
DCD 0x70A47387, 0x8E7CB8C6, 0x905CCCA1, 0xE6895D42, 0xE379BD1D; CertPPA.digest.digest
DCD 0x251378BF, 0x9386000B, 0x6513F57B, 0x34D1E52,	0x433EDF07; CertPPA.digest.digest
DCD 0xF9D22D57, 0x8A9F6C30, 0x6733A7B6, 0xD01EBF3C, 0x47467E7D; CertPPA.digest.digest
DCD 0xF5E9892C, 0x33F49C5F, 0xBB57F38E, 0xC43C9444, 0xC831AE3E; CertPPA.digest.digest
DCD 0xAE69E48D, 0x82F64D33, 0x6A69343C, 0xF508A846, 0x997D52BA; CertPPA.digest.digest
DCD 0x17659A87, 0xA8C0878F, 0x11F54CB7, 0xCACBC518, 0xEDB19A5E; CertPPA.digest.digest
DCD 0xB8070730, 0xAB855A9D, 0x3AA5D168, 0x1C5F030C, 0xD7453F86; CertPPA.digest.digest
DCD 0xEB052A9E, 0xC2C89D1,	0x6696D978, 0x54928722,	0xF62E0ED5; CertPPA.digest.digest
DCD 0x5F6EB336, 0xCC198693, 0xCE9F8E93, 0x4495B8AA; CertPPA.digest.digest

ROM:87000000 43	65 72 74+		     DCB "CertISW",0                   ; cert_mark
ROM:87000000 49	53 57 00+		     DCD 0			       ; cert_version
ROM:87000000 00	00 00 00+		     DCD 0			       ; cert_type
ROM:87000000 00	00 00 00+		     DCD 0			       ; minver_src
ROM:87000000 00	00 00 00+		     DCD 0			       ; minver_pk
ROM:87000000 00	00 00 00+		     DCD 0			       ; minver_ppa
ROM:87000000 00	00 00 00+		     DCD 0			       ; minver_rd1
ROM:87000000 00	00 00 00+		     DCD 0			       ; minver_rd2
ROM:87000000 00	00 00 00+		     DCD 0			       ; minver_isw
ROM:87000000 00	00 00 00+		     DCD 0			       ; watchdog_param
ROM:87000000 00	00 00 00+		     DCD 0			       ; use_DMA
ROM:87000000 00	00 00 00+		     DCD 1			       ; images_number
ROM:87000000 01	00 00 00+		     DCD 0x350,	0xBB3C,	0x5B276134, 0xE8DB7FAA,	0x19484C32; image_01.data_byte
ROM:87000000 50	03 00 00+		     DCD 0xFF8CCD72, 0xCE925D68	       ; image_01.data_byte
ROM:87000000 3C	BB 00 00+		     DCD 0, 0, 0, 0, 0,	0, 0	       ; image_02.data_byte
ROM:87000000 34	61 27 5B+		     DCD 0, 0, 0, 0, 0,	0, 0	       ; image_03.data_byte
ROM:87000000 AA	7F DB E8+		     DCD 0, 0, 0, 0, 0,	0, 0	       ; image_04.data_byte
ROM:87000000 32	4C 48 19+		     DCD 0x16793A22		       ; magic_1
ROM:87000000 72	CD 8C FF+		     DCD 0b11111111111111111111111111111111; reg_bitfield
ROM:87000000 68	5D 92 CE+		     DCD 0x48004D30		       ; reg_table.reg_address
ROM:87000000 00	00 00 00+		     DCD 0			       ; reg_table.reg_value
ROM:87000000 00	00 00 00+		     DCD 0x48004934		       ; reg_table.reg_address
ROM:87000000 00	00 00 00+		     DCD 0			       ; reg_table.reg_value
ROM:87000000 00	00 00 00+		     DCD 0x48004948		       ; reg_table.reg_address
ROM:87000000 00	00 00 00+		     DCD 0			       ; reg_table.reg_value
ROM:87000000 00	00 00 00+		     DCD 0x48004944		       ; reg_table.reg_address
ROM:87000000 00	00 00 00+		     DCD 1			       ; reg_table.reg_value
ROM:87000000 00	00 00 00+		     DCD 0x48004940		       ; reg_table.reg_address
ROM:87000000 00	00 00 00+		     DCD 0x1F419		       ; reg_table.reg_value
ROM:87000000 00	00 00 00+		     DCD 0x48004D40		       ; reg_table.reg_address
ROM:87000000 00	00 00 00+		     DCD 0x8A00C00		       ; reg_table.reg_value
ROM:87000000 00	00 00 00+		     DCD 0x48004D00		       ; reg_table.reg_address
ROM:87000000 00	00 00 00+		     DCD 0x770077		       ; reg_table.reg_value
ROM:87000000 00	00 00 00+		     DCD 0x48004904		       ; reg_table.reg_address
ROM:87000000 00	00 00 00+		     DCD 0x37			       ; reg_table.reg_value
ROM:87000000 00	00 00 00+		     DCD 0x48004924		       ; reg_table.reg_address
ROM:87000000 00	00 00 00+		     DCD 0			       ; reg_table.reg_value
ROM:87000000 00	00 00 00+		     DCD 0x48004D20		       ; reg_table.reg_address
ROM:87000000 00	00 00 00+		     DCD 0			       ; reg_table.reg_value
ROM:87000000 00	00 00 00+		     DCD 0			       ; reg_table.reg_address
ROM:87000000 00	00 00 00+		     DCD 0			       ; reg_table.reg_value
ROM:87000000 22	3A 79 16+		     DCD 0			       ; reg_table.reg_address
ROM:87000000 FF	FF FF FF+		     DCD 0			       ; reg_table.reg_value
ROM:87000000 30	4D 00 48+		     DCD 0			       ; reg_table.reg_address
ROM:87000000 00	00 00 00+		     DCD 0			       ; reg_table.reg_value
ROM:87000000 34	49 00 48+		     DCD 0			       ; reg_table.reg_address
ROM:87000000 00	00 00 00+		     DCD 0			       ; reg_table.reg_value
ROM:87000000 48	49 00 48+		     DCD 0			       ; reg_table.reg_address
ROM:87000000 00	00 00 00+		     DCD 0			       ; reg_table.reg_value
ROM:87000000 44	49 00 48+		     DCD 0			       ; reg_table.reg_address
ROM:87000000 01	00 00 00+		     DCD 0			       ; reg_table.reg_value
ROM:87000000 40	49 00 48+		     DCD 0			       ; reg_table.reg_address
ROM:87000000 19	F4 01 00+		     DCD 0			       ; reg_table.reg_value
ROM:87000000 40	4D 00 48+		     DCD 0			       ; reg_table.reg_address
ROM:87000000 00	0C A0 08+		     DCD 0			       ; reg_table.reg_value
ROM:87000000 00	4D 00 48+		     DCD 0			       ; reg_table.reg_address
ROM:87000000 77	00 77 00+		     DCD 0			       ; reg_table.reg_value
ROM:87000000 04	49 00 48+		     DCD 0			       ; reg_table.reg_address
ROM:87000000 37	00 00 00+		     DCD 0			       ; reg_table.reg_value
ROM:87000000 24	49 00 48+		     DCD 0			       ; reg_table.reg_address
ROM:87000000 00	00 00 00+		     DCD 0			       ; reg_table.reg_value
ROM:87000000 20	4D 00 48+		     DCD 0			       ; reg_table.reg_address
ROM:87000000 00	00 00 00+		     DCD 0			       ; reg_table.reg_value
ROM:87000000 00	00 00 00+		     DCD 0			       ; reg_table.reg_address
ROM:87000000 00	00 00 00+		     DCD 0			       ; reg_table.reg_value
ROM:87000000 00	00 00 00+		     DCD 0			       ; reg_table.reg_address
ROM:87000000 00	00 00 00+		     DCD 0			       ; reg_table.reg_value
ROM:87000000 00	00 00 00+		     DCD 0			       ; reg_table.reg_address
ROM:87000000 00	00 00 00+		     DCD 0			       ; reg_table.reg_value
ROM:87000000 00	00 00 00+		     DCD 0			       ; reg_table.reg_address
ROM:87000000 00	00 00 00+		     DCD 0			       ; reg_table.reg_value
ROM:87000000 00	00 00 00+		     DCD 0			       ; reg_table.reg_address
ROM:87000000 00	00 00 00+		     DCD 0			       ; reg_table.reg_value
ROM:87000000 00	00 00 00+		     DCD 0			       ; reg_table.reg_address
ROM:87000000 00	00 00 00+		     DCD 0			       ; reg_table.reg_value
ROM:87000000 00	00 00 00+		     DCD 0			       ; reg_table.reg_address
ROM:87000000 00	00 00 00+		     DCD 0			       ; reg_table.reg_value
ROM:87000000 00	00 00 00+		     DCD 0			       ; reg_table.reg_address
ROM:87000000 00	00 00 00+		     DCD 0			       ; reg_table.reg_value
ROM:87000000 00	00 00 00+		     DCD 0			       ; reg_table.reg_address
ROM:87000000 00	00 00 00+		     DCD 0			       ; reg_table.reg_value
ROM:87000000 00	00 00 00+		     DCD 0			       ; reg_table.reg_address
ROM:87000000 00	00 00 00+		     DCD 0			       ; reg_table.reg_value
ROM:87000000 00	00 00 00+		     DCD 0			       ; reg_type_01
ROM:87000000 00	00 00 00+		     DCD 0x300			       ; reg_type_02
ROM:87000000 00	00 00 00+		     DCD 0x350			       ; image_offset
ROM:87000000 00	00 00 00+		     DCD 0, 0, 0, 0, 0,	0, 0, 0, 0, 0, 0, 0, 0,	0, 0, 0, 0; zero_hole
ROM:87000000 00	00 00 00+		     DCD 0, 0, 0, 0, 0,	0, 0, 0, 0, 0, 0, 0, 0,	0, 0; zero_hole
ROM:87000000 00	00 00 00+		     DCB "R˜áJ",0,0,0,0,"=",6,0,0,0,0,0,0; digest.signer_info
ROM:87000000 00	00 00 00+		     DCD 0			       ; digest.signature_info
ROM:87000000 00	00 00 00+		     DCD 3			       ; digest.key_id
ROM:87000000 00	00 00 00+		     DCD 0x4A48BF21, 0x940B453A, 0xC5C5BA67, 0x6BA6C77D, 0xC0FE59BC; digest.digest
ROM:87000000 00	00 00 00+		     DCD 0xCDAED48D, 0xDC5C41D6, 0x333F0623, 0x8BAC25C3, 0xD20F69D0; digest.digest
ROM:87000000 00	00 00 00+		     DCD 0x63CB77B1, 0x5B3A0ED7, 0xF10A6D92, 0x5E1F295C, 0x81B8F599; digest.digest
ROM:87000000 00	00 00 00+		     DCD 0x1787029C, 0x5D5E451D, 0x22BA947, 0x1FA22546,	0xA5505EC2; digest.digest
ROM:87000000 00	00 00 00+		     DCD 0xC51E8524, 0xC687C8E7, 0x65B150F4, 0x79B9F6C0, 0x54FCC9C1; digest.digest
ROM:87000000 00	00 00 00+		     DCD 0x14E43098, 0x924BB7C7, 0xDB4EAEC1, 0x91D9793B, 0x28E99A45; digest.digest
ROM:87000000 00	00 00 00+		     DCD 0x42EF3B0C, 0xEF9C6D53, 0xBFAC37B6, 0x33E3F772, 0x562267DC; digest.digest
ROM:87000000 00	00 00 00+		     DCD 0x9D540977, 0x72846245, 0xC38C155, 0x1B67016A,	0x2BD0EEE6; digest.digest
ROM:87000000 00	00 00 00+		     DCD 0x7F5678D9, 0x3D0F19CB, 0x81FAE646, 0x96BC7A90, 0xB18158AB; digest.digest
ROM:87000000 00	00 00 00+		     DCD 0x666062B2, 0x1FB6FE1E, 0xEC981A48, 0x62FFE4A3, 0xAEA9F0F; digest.digest
ROM:87000000 00	00 00 00+		     DCD 0xF080BB37, 0xBD1FA3E2, 0x11E9EEB8, 0x115989D,	0xCBA73C37; digest.digest
ROM:87000000 00	00 00 00+		     DCD 0x5E37B25F, 0xCE37FCFD, 0x56B80980, 0xEF83FF74, 0x8F3EE0D0; digest.digest
ROM:87000000 00	00 00 00+		     DCD 0x671C0FC7, 0xE6E658FE, 0xF44A658D, 0x8DADF920; digest.digest

The key is apparently RSA 2048. A brute force attack on it is out of the question.

Finding a new key whose sha1 hash collides with the one stored in hardware would be a very difficult task too, but as far as we know it has not been proven to be as hard as cracking the key directly. The generate & test method is probably useless here, though. This statement was being left from the beginning when the certificates inside mbmloader was not fully understood. The hardware stores the hash of the root public key for validating the public key inside mbmloader's pk cert section. And the private key of it is used to sign the sha1 hash of the ISW content. So finding a hash collision means to modify the ISW content in a way that could benefit us(like patching further signature checking) while retaining the same hash value.

Moreover, finding a fast hash collision on the sha1(root_public_key)(not the brute-force way from RSA components → modulus → hash), even succeeded, will simply repeat the public key → private key problem.

First of all - read this Cryptoanalisys on Wikipedia

As we know may be useful thease methods:

Classical cryptanalysis:

• Frequency analysis
• Index of coincidence
• Kasiski examination

Hash functions:

• Birthday attack
• Rainbow table

Attack models:

• Chosen-ciphertext attack
• Chosen-plaintext attack
• Ciphertext-only attack
• Known-plaintext attack

Side channel attacks:

• Power analysis
• Timing attack

External attacks:

• Black-bag cryptanalysis
• Rubber-hose cryptanalysis

Useful literature for studying:

1. U.S. Patent 4405829
2. Cracking RSA-500
3. Cracking RSA-500
4. A. Menezes, P. van Oorschot, S. Vanstone. RSA public-key encryption // Handbook of Applied Cryptography. , 1996.
5. Boneh, Dan (1999). "Twenty Years of attacks on the RSA Cryptosystem". Notices of the American Mathematical Society (AMS) 46 (2): 203–213.
6. Factorisation of RSA-768
7. Factorisation of RSA-768
8. Applied Cryptography sources in C, Brus Shnaier
9. Applied Crypto, Brus Shnaier