In September 2013 I received the Entertain Mini and was surprised to see how many features it packed without any of the software being covered by GPL or LGPL. I decided to investigate if this really was the case and was not surprised to find that it actually ran a fully feature Linux/Busybox system.
The box comes with a 4 MB NOR flash and a 64 MB NAND flash that are both AES encrypted with a chip specific key. It is not easy to get hold of this key as it uses the STTKDMA engine in the STi7111 with a combination of values found in the flash and the chip id. Should you be able to retrieve this key then decryption of the flashes is relatively straightforward:
static const unsigned char fw_key[] = {
0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80, 0x90, 0xa0, 0xb0, 0xc0, 0xd0, 0xe0, 0xf0, 0x00
};
static void reverse_buffer(unsigned char *buffer, int len)
{
int i;
for(i=0; i<len/2; i++) {
unsigned char tmp = buffer[i];
buffer[i] = buffer[len-i-1];
buffer[len-i-1] = tmp;
}
}
static void decrypt_block(unsigned char *flash_block)
{
AES_KEY wctx;
unsigned char temp[16];
memcpy(temp, fw_key, sizeof(fw_key));
reverse_buffer(temp, 0x10);
AES_set_decrypt_key(temp, 128, &wctx);
reverse_buffer(flash_block, 0x10);
AES_decrypt(flash_block, flash_block, &wctx);
reverse_buffer(flash_block, 0x10);
}
The NOR flash contains the Linux 2.6.23.17_stm23_0121-P021-7111 kernel and BusyBox v1.2.2 (ADB 1.2.20). It is mostly used for receiving the real firmware OTA and writing this to the NAND flash. The filesystem comes as a zlib compressed initial ramdisk. There are some pretty obvious pieces of software in the image that is licensed under GPL and LGPL.
The NAND flash contains the real firmware and runs the same Linux 2.6.23.17 kernel and BusyBox v1.2.2 (however it is compiled with a few extra features). The root filesystem is based on a custom version of squashfs 3.4 that uses the LZO algorithm for compression. The main application is a 20 MB application based on Qt 4.6.4 and Qt Webkit 4.8.0.
Before April 2014 Canal Digital has been distributing this box in the Scandinavian countries without making it clear to the end-user that it contains a lot of software licensed under GPL and LGPL. I contacted them at the end of November 2013 to resolve this matter and at the beginning of April 2014 they have come close to resolving their license obligations (after 40+ e-mails back and forth). The Canal Digital support homepage for the product now includes a PDF detailing the open source licenses associated with the software found on the box including an offer to receive the source code for the GPL and LGPL licensed parts.
Canal Digital has refused to deliver the tools needed for creating the custom squashfs based LZO root filesystem and tools for putting together a complete image. Also a number of the kernel modules are unavailable in source form.
Canal Digital has put a lot of effort into hiding their GPL/LGPL violation by e.g. utilizing chip specific keys to encrypt the firmware. They have also done a very poor job of delivering source code that matches the binaries they distribute, and I have multiple times needed to point to missing parts. Maybe they thought the encryption would keep everybody from detecting what they actually distribute?
Should you want to inspect the rootfs as of September 2013 to make sure that GPL/LGPL compliance has been met, here is the NAND rootfs and NOR rootfs.