[Diy_efi] Re: Reversing EPROM decryption board (Don Paauw)

Don Paauw dpaauw
Tue Jun 13 18:02:16 UTC 2006


At 05:56 AM 6/13/06 +0100, you wrote:
>Hello Don,
>   
>  thanks for the answer.
>   
>  I tried to make the checksum of vectors correct by some trivial mehods -
assuming 8 and 16 bit ADD and 8 bit XOR is done on the area. That didn't
work, and I had always fear that they could check the vector table against
actual addresses of ISRs... (unused entrys point to the reset entry point).
But I will try again with the checksum, adding some bit shifting in
between....
>   
>  If address bus is not "walked" in correct sequence, PEELs do not decrypt
data anymore. And I do not know the sequence...
>   
>  As for the monitor board, could I do it like this:
>  1) use NVRAM
>  2) connect it in parallel to address and data bus
>  3) connect its /W to /R of EPROM
>  4) keep its /R high
>  5) connect its /CS to /CS of EPROM
>   
>  Regards,
>  NG 

Conceptually this is correct but check all of the timing specs.  For NVRAM,
make sure it is fast enough and if there is only one bank of EPROMs, make
sure the /CS is actually moving.  You will be loading the address & data
busses with more capacitance but only one or two more chips should be fine.
You'll probably want to gate the RAM /CS for a clean shutdown.
It sounds like you are already driving the address lines, so if you can
control
the control signals as well, then there should be no speed or timing problems.

Address sequencing may be checked by rules like: address are sequential unless
a branch or data access is seen, ISR vectors are constant, etc.

-- Don




More information about the Diy_efi mailing list