Deciphering phone and embedded security - Part 2: What really happens during an unlock operation

[Part one covers the general Android architecture, including a look at the basic Android platform and the associated framework, as well as commonly used terminology like "rooting" and "flashing."]

Now that we have learned the basics and common terms of the Android world, let's link it all together to see what really happens during Rooting.

• Baseband Processor (BP): BP manages all radio functions of the smart phone and runs the GSM protocol stack.
• Application Processor (AP): General purpose processor to manage user-interfaces and applications.

The first hardware generation of smart phones did nothing but integrated the feature phone and a PDA into one case. The keypad and display of the baseband processor is removed. What remains of the feature phone is a GSM modem controlled by AT commands sent from the AP with each processor including its own memory (RAM and Flash).

With the latest and greatest smartphones, the industry has produced highly integrated products, uniting the AP and BP in one physical package. To further complicate and reduce cost, there is no need to have independent RAM and Flash chips for AP and BP. Rather, a single RAM and Flash chip is divided by assigning portions of the RAM and Flash to each of the two processors.

BP and AP are not expected to converge as there are good reasons for keeping them separate (even though they are on same package). Another important point to note is that due to good real-time radio performance, BP runs a real time OS (RTOS) like Nucleus or ThreadX while the OS on application processor may vary (Linux, Android, iOS, Symbion, Windows 8, etc.).

• Flash: This includes the main non-volatile memory that includes the operating system along with applications. Often a smart phone would include NOR Flash which is byte addressable and much faster for boot as well as kind of cache for applications. NAND Flash on the other hand is much slower and less reliable; however it is cheaper to manufacturer in bulk and is often used as main storage in the phone (media etc). Main interest is on NOR Flash as we are not really concerned about Data Flash, it being not associated with the Flashing procedure.

It is important to note that besides the usual OS and other standard stuff, Flash includes the main software components,

1. MCU (Mobile Control Unit) - main program/software that runs on the phone.
2. PPM (Post Programmable Memory) - determines languages available in the phone. This is also called as "language pack"
3. CNT (Content) - default pictures and sounds in the phone's gallery. This could be part of the Main Flash or a separate chip.

• EEPROM: contains various settings specific to your phone, including calibration for various devices present in your phone, like the battery, camera, light sensor, RF part, etc.

Unlike in old generation phones, many of the latest phones now emulate EEPROM as part of Flash memory so there is no physical EEPROM, however this is dependent on phone manufacturer.

• OTP (One Time Programmable) Memory: These are arrays of one time programmable fuses that are part of the application processor and within the device package. These are burnt at the factory and the user does not have access to them, and they cannot be modified.