diff --git a/Readme.md b/Readme.md index a96a838..cd5cb8a 100644 --- a/Readme.md +++ b/Readme.md @@ -320,4 +320,42 @@ Enter 'help' for a list of built-in commands. /data/app/MAINAPP # id uid=0(root) gid=999(MAINAPP) egid=0(root) groups=1(system),2(hwdev),999(MAINAPP),999(MAINAPP) -``` \ No newline at end of file +``` + +## System Analysis +The bootloader is U-Boot. + +This is the partition scheme: +``` +dev: size erasesize name +mtd0: 000c0000 00020000 "boot" <- U-Boot image +mtd1: 00080000 00020000 "nvram_fac" <- U-Boot environment +mtd2: 000c0000 00020000 "boot_res" <- Boot resources, ie: boot logo +mtd3: 00400000 00020000 "kernel" <- kernel binary +mtd4: 00600000 00020000 "ramdisk" <- ramdisk containit init and kernel modules +mtd5: 00600000 00020000 "base" <- base system, including binaries and libraries +mtd6: 06e00000 00020000 "data" <- user data, application executables, library and assets +``` + +The file [init.rc](https://git.lsd.cat/g/pax-pwn/src/master/firmware/tree/startup/init.rc) gives an idea on how the system is started and how different debug levels are handled. + +`/usr/bin/tm` is the binary responsible for the GUI management. The system password is AES encrypted and is stored in a user readable property: + + + +A lot of interesting functions are done trough kernel modules, [available here](https://git.lsd.cat/g/pax-pwn/src/master/firmware/tree/startup/modules). + +Hardware driver are implemented via a low level kernel module and a higher level abastraction module, and are available via the `libosal.so` library. +In the case of this hardware revision of the S900, For the RFID reader: + +``` +pcd_rc663.ko -> Hardware driver +pcd_base.ko -> Middleware, creates +libosal.so -> Shared library, provides the OsPicc* functions trough interacting with /dev/pcd +``` + +For the magnetic stripe reader the family of functions is `OSMsr*` that uses the `/dev/msr` device and for SmartCards there are the `OsIcc*` functions that use the `/dev/usercard` device. + + + +The graphic interface library is `libxui.so`.