bboard

-If the encryption block is 8 bytes or more, the encryption block is encrypted using C-CBC mode. The last residual block, if it is less than 8 bytes, is not encrypted

The size X of each encryption block other than last encryption block is calculated by the following formula referring to the Encryption Block Size Factor E.
X=64*2^E (bytes), E=0, ..., 5
The size of the last encryption block is equal to X or less.

* If the header part exists, the Unencrypted Header Size Factor H of the optional unencrypted header shall be specified in the corresponding Title Key & Usage Rule Entry of the encrypted object file and shall be used to decrypt the encrypted SD-Binding object file. The size Y of the optional unencrypted header is calculated by the following formula:
Y= 64*2^(H-1) (bytes), H=1, ..., 13

Posted by tomman
the .sb1 crypto remains uncracked as of today

Posted by http://read.pudn.com/downloads188/ebook/881633/SD%203.0/Part_3_Security_Specification_Ver3.00_Final_090612.pdf

The (essential) argument of this command as shown below is transferred securely in AKE command (ACMD45) (See Note (2)).

(2) In AKE command (ACMD45), Challenge1 (random number RN1) is generated by encrypting an
(essential) argument of the following “Protected Area Access Command” (shown in Table 2-2). SD Memory Card gets the (essential) argument of the following “Protected Area Access Command” by decrypting received Challenge1. Regarding the generation method of Challenge1, please see 3.2.1 of Content Protection for Recordable Media Specification SD Memory Card Book.

The one-way function result is calculated as
C2_G(d_1, d_2) = C2_E(d_1, d_2) ⊕ d_2.

Each K_mu is 56-bit value and is pre-computed by the manufacturer based on each Media Key and the Media ID using the C2-Oneway function. Here, each Media Key is assigned by the 4C Entity, LLC, and is unique for each application group defined by the SD Association. Figure 3-2 shows the procedure of the Media Unique Key calculation. As shown in Figure 3-2, each Media Unique Key (K_mu) is calculated as
K_mu =[C2_G (Media Key, Media ID)]_{lsb_56}.

C:\Program Files\MotoAndroidDepacker-1.2alpha3>dir
Volume in drive C has no label.
Volume Serial Number is 0000-0000

Directory of C:\Program Files\MotoAndroidDepacker-1.2alpha3

 5/13/2019            <DIR>         .
 5/13/2019            <DIR>         ..
 5/13/2019                 109,568  MotoAndroidDepacker.exe
 5/13/2019                     405  MotoAndroidDepacker.xml
       2 files                  109,973 bytes
       2 directories                    bytes free


C:\Program Files\MotoAndroidDepacker-1.2alpha3>MotoAndroidDepacker.exe

C:\Program Files\MotoAndroidDepacker-1.2alpha3>

UseStorage = ext

• ファイルによっては、コピー／移動できない� �合があります。
• 本 FOMA 端末に保存されている Flash、キャラ電は、microSDメモリーカードにコピー／移動できません。

• Some files can not be copied / moved.
• Flash and Chara-den stored in the FOMA terminal can not be copied / moved to microSD memory card.

Note 13 About the data that can be saved:
Captured image / voice etc

Note 5 About the data that can be saved:
Phonebook / sent / received mail / photographed image / bookmark / voice etc

•本FOMA端末で使用したmicroSDメモリーカードは、FOMA M702iGでもご利用になれます。た� し、その他のFOMA端末とはフォルダ構成が異なるため、そのまま他のmicroSDメモリーカード対応のFOMA端末に差し込んでもご利用できません。

• The microSD memory card used on this FOMA terminal can be used on the FOMA M702iG. However, because the folder configuration is different from other FOMA terminals, you can not use it as it is by inserting it into another microSD memory card compatible FOMA terminal.

unlock
lock
locked
unlocked
The storage card is currently %s. Do you want to %s it?
SD Card Lock
No storage card detected.
Failed toggling card lock.
Operation successful.

tomman@himawari:~$ mono --version
Mono JIT compiler version 4.6.2 (Debian 4.6.2.7+dfsg-1)
Copyright (C) 2002-2014 Novell, Inc, Xamarin Inc and Contributors. www.mono-project.com
        TLS:           __thread
        SIGSEGV:       altstack
        Notifications: epoll
        Architecture:  amd64
        Disabled:      none
        Misc:          softdebug 
        LLVM:          supported, not enabled.
        GC:            sgen

Posted by tomman
Almost all FOMA phones use a proprietary DoCoMo platform, MOAP. There are both Linux and Symbian-based versions of MOAP (MOAP-L/NOAP-S). Those Motorola phones are a notorious exception, as they are just standard Motorola P2K05/Synergy phones with the i-mode/DoJa bits replacing the usual Opera/JBlend stack.

IIRC Nokia Symbian phones could password-lock SD cards, but never knew how these phones did it.

All I remember is that it was a pain to reuse that cards on other phones should you forget to unlock them on a Nokia phone...

As for the MotoAndroidDepacker, I just ran it on my ol' XP laptop, where I only have .NET 3.5. But I've just tested on my Debian Stretch laptop:

tomman@himawari:~$ mono --version
Mono JIT compiler version 4.6.2 (Debian 4.6.2.7+dfsg-1)
Copyright (C) 2002-2014 Novell, Inc, Xamarin Inc and Contributors. www.mono-project.com
        TLS:           __thread
        SIGSEGV:       altstack
        Notifications: epoll
        Architecture:  amd64
        Disabled:      none
        Misc:          softdebug 
        LLVM:          supported, not enabled.
        GC:            sgen

...and it runs just fine with that Mono version, FWIW.

Sadly, Argon firmwares are signed, and noone cracked the RSA stuff as it was done for earlier 2G phones (it was pretty much a requirement to get rid of the signed .JAR requirement for accessing restricted APIs, like filesystem access or GPS; for 2G phones on platforms like Neptune LTE all you needed was a hacked bootloader to get rid of the RSA signature crap).

My RAZR V9x does the .dmj shit, but sadly the flex cable just broke a month ago and therefore the displays are dead, so the phone is pretty much unusable for those purposes as-is :/ (Mind you, it STILL works as a phone... as long as you have memorized your phone book, or use it as a modem)

You should assume that if it runs firmware AND works on Licensed Radio Spectrum™, it HAS to be signed. Sometimes it's even a requirement from carriers too. Things like BREW exist for the benefit of the carriers, not for the OEMs themselves (Nokia particularly hated BREW, and this is a reason of why Verizon rarely sold their phones). And then, there is good ol' "protect MUH IP" paranoia.

"RSA" is commonplace. Except for shit-tier garbage Chinese junkphones, all serious OEMs do sign their firmwares, and those phones often have several layers of security for preventing the run of unsigned/modified firmware.

Posted by Content Protection for Recordable Media Specification: Introduction and Common Cryptographic Elements
A properly formatted MKB shall have exactly one Verify Media Key Record as its first Record. Bytes 4 through 11 of the Record contain the value
 D_v = C2_E(K_m, DEADBEEF₁₆ || XXXXXXXX₁₆)
 where K_m is the correct final Media Key value, and XXXXXXXX₁₆ is an arbitrary 4-byte value.
The presence of the Verify Media Key Record in an MKB is mandatory, but the use of the Record by a device is not mandatory.

As an optimization, a device may attempt to decrypt D_v using its current K_m value during the processing of subsequent Records, checking each time for the condition
  [C2_D(K_m, D_v)]_{msb_32} == DEADBEEF₁₆
  where K_m is the current Media Key value.
If this condition is true, the device has already calculated the correct final K_m value, and may therefore stop processing the MKB.