Bootstomp: on the Security of Bootloaders in Mobile Devices

Total Page:16

File Type:pdf, Size:1020Kb

Bootstomp: on the Security of Bootloaders in Mobile Devices BootStomp: On the Security of Bootloaders in Mobile Devices Nilo Redini, Aravind Machiry, Dipanjan Das, Yanick Fratantonio, Antonio Bianchi, Eric Gustafson, Yan Shoshitaishvili, Christopher Kruegel, and Giovanni Vigna fnredini, machiry, dipanjan, yanick, antoniob, edg, yans, chris, [email protected] University of California, Santa Barbara Abstract by proposing simple mitigation steps that can be im- plemented by manufacturers to safeguard the bootloader Modern mobile bootloaders play an important role in and OS from all of the discovered attacks, using already- both the function and the security of the device. They deployed hardware features. help ensure the Chain of Trust (CoT), where each stage of the boot process verifies the integrity and origin of 1 Introduction the following stage before executing it. This process, in theory, should be immune even to attackers gaining With the critical importance of the integrity of today’s full control over the operating system, and should pre- mobile and embedded devices, vendors have imple- vent persistent compromise of a device’s CoT. However, mented a string of inter-dependent mechanisms aimed at not only do these bootloaders necessarily need to take removing the possibility of persistent compromise from untrusted input from an attacker in control of the OS in the device. Known as “Trusted Boot” [6] or “Verified the process of performing their function, but also many Boot,” [8], these mechanisms rely on the idea of a Chain of their verification steps can be disabled (“unlocked”) to of Trust (CoT) to validate each component the system allow for development and user customization. Apply- loads as it begins executing code. Ideally, this proce- ing traditional analyses on bootloaders is problematic, as dure can verify cryptographically that each stage, from hardware dependencies hinder dynamic analysis, and the a Hardware Root of Trust through the device’s file sys- size, complexity, and opacity of the code involved pre- tem, is both unmodified and authorized by the hardware’s clude the usage of many previous techniques. manufacturer. Any unverified modification of the various In this paper, we explore vulnerabilities in both the bootloader components, system kernel, or file system im- design and implementation of mobile bootloaders. We age should result in the device being rendered unusable examine bootloaders from four popular manufacturers, until a valid one can be restored. and discuss the standards and design principles that they Ideally, this is an uncircumventable, rigid process, re- strive to achieve. We then propose BOOTSTOMP, a moving any possibility of compromise, even when at- multi-tag taint analysis resulting from a novel combina- tackers can achieve arbitrary code execution on the high- tion of static analyses and dynamic symbolic execution, level operating system (e.g., Android or iOS). However, designed to locate problematic areas where input from an hardware vendors are given a great amount of discretion attacker in control of the OS can compromise the boot- when implementing these bootloaders, leading to varia- loader’s execution, or its security features. Using our tions in both the security properties they enforce and the tool, we find six previously-unknown vulnerabilities (of size of the attack surface available to an adversary. which five have been confirmed by the respective ven- Unfortunately, analyzing the code of bootloaders to dors), as well as rediscover one that had been previously- locate vulnerabilities represents a worst-case scenario reported. Some of these vulnerabilities would allow an for security analysts. Bootloaders are typically closed- attacker to execute arbitrary code as part of the boot- source [21], proprietary programs, and tend to lack loader (thus compromising the entire chain of trust), or typical metadata (such as program headers or debug- to perform permanent denial-of-service attacks. Our tool ging symbols) found in normal programs. By their also identified two bootloader vulnerabilities that can be very nature, bootloaders are tightly coupled with hard- leveraged by an attacker with root privileges on the OS ware, making dynamic analysis outside of the often- to unlock the device and break the CoT. We conclude uncooperative target platform impractical. Manual reverse-engineering is also very complicated, as boot- abilities (which could lead to persistent compromise loaders typically do not use system calls or well-known of the device) as well as two unlock-bypass vulner- libraries, leaving few semantic hints for an analyst to fol- abilities. low. • We propose mitigations against such attacks, which In this paper, we first explore the security properties, are trivial to retrofit into existing implementations. implementations, and weaknesses of today’s mobile de- In the spirit of open science, we make our analysis tool vice bootloaders. We begin with a discussion of the 1 proposed standards and guidelines a secure bootloader publicly available to the community . should possess, and what, instead, is left to the discretion of manufacturers. We then showcase four real-world An- 2 Bootloaders in Theory droid bootloader implementations on the market today. Then, we present a static analysis approach, imple- Today’s mobile devices incorporate a number of secu- mented in a tool called BOOTSTOMP, which uses a novel rity features aimed at safeguarding the confidentiality, combination of static analysis techniques and under- integrity, and availability of users’ devices and data. In constrained symbolic execution to build a multi-tag taint this section, we will discuss Trusted Execution Environ- analysis capable of identifying bootloader vulnerabili- ments, which allow for isolated execution of privileged ties. Our tool highlighted 36 potentially dangerous paths, code, and Trusted Boot, aimed at ensuring the integrity and, for 38.3% of them, we found actual vulnerabilities. and provenance of code, both inside and outside of TEEs. In particular, we were able to identify six previously- unknown vulnerabilities (five of them already confirmed by the vendors), as well as rediscover one that had been 2.1 TEEs and TrustZone previously-reported (CVE-2014-9798). Some of these vulnerabilities would allow an adversary with root privi- A Trusted Execution Environment (TEE) is the notion leges on the Android OS to execute arbitrary code as part of separating the execution of security-critical (“trusted”) of the bootloader. This compromises the entire chain of code from that of the traditional operating system (“un- trust, enabling malicious capabilities such as access to trusted”) code. Ideally, this isolation is enforced using the code and storage normally restricted to TrustZone, hardware, such that even in the event the un-trusted OS and to perform permanent denial-of-service attacks (i.e., is completely compromised, the data and code in the TEE device bricking). Our tool also identified two bootload- remain unaffected. ers that can be unlocked by an attacker with root privi- Modern ARM processors, found in almost all mobile leges on the OS. phones sold today, implement TrustZone[1], which pro- We finally propose a modification to existing, vulner- vides a TEE with hardware isolation enforced by the ar- able bootloaders, which can quickly and easily protect chitecture. When booted, the primary CPU creates two them from any similar vulnerabilities due to compromise “worlds”–known as the “secure” world and “non-secure” of the high-level OS. These changes leverage hardware world, loads the un-trusted OS (such as Android) into the features already present in mobile devices today and, non-secure world, and a vendor-specific trusted OS into when combined with recommendations from Google [8] the secure world. The trusted OS provides various cryp- and ARM [6], enforce the least-privilege principle, dra- tographic services, guards access to privileged hardware, matically constraining the attack surface of bootloaders and, in recent implementations, can be used to verify the and allowing for easier verification of the few remaining integrity of the un-trusted OS while it is running. The un- attackable components. trusted kernel accesses these commands by issuing the In summary, our contributions are as follows: Secure Monitor Call (SMC) instruction, which both trig- • We perform a study of popular bootloaders present gers the world-switch operation, and submits a command on mobile devices, and compare the security proper- the Trusted OS and its services should execute. ties they implement with those suggested by ARM ARM Exception Levels (EL). In addition to being in and Google. either the secure or non-secure world, ARM processors • We develop a novel combination of program anal- support “Exception Levels,” which define the amount of ysis techniques, including static analysis as well privilege to various registers and hardware features the as symbolic execution, to detect vulnerabilities in executing code has. The 64-bit ARM architecture defines bootloader implementations that can be triggered four such levels, EL0-EL3. EL0 and EL1 map directly to from the high-level OS. the traditional notion of “user-mode” and “kernel mode,” • We implement our technique in a tool, called BOOT- and are used for running unprivileged user applications STOMP, to evaluate modern, real-world bootload- ers, and find six previously-unknown critical vulner- 1https://github:com/ucsb-seclab/bootstomp and standard OS kernels respectively. EL2 is used for im- using the Root of Trust Public Key (ROTPK),
Recommended publications
  • HUAWEI P8 LITE 2017 (SCHWARZ) Dein Spiel. Deine Regeln
    Endgeräte-Produktinformation I Produkte für unterwegs HUAWEI P8 LITE 2017 (SCHWARZ) Dein Spiel. Deine Regeln. Artikelnummer| EAN-Code 99926093 | 6901443176625 Voraussichtlicher Verkaufsstart 04-2017 Abmessungen und Gewicht 147,2 x 73,0 x 7,6 mm | ca. 147 g Farbe Schwarz Stand-by-Zeit | Sprechzeit bis zu 658 Std. | bis zu 1.140 Minuten Akku Li-Polymer, 3.000 mAh SAR-Wert 0,96 W/kg Frequenzbänder GSM in MHz 1800, 1900, 850, 900 Frequenzbänder UMTS in MHz 1900, 2100, 850, 900 Frequenzbänder LTE in MHz 1800, 2100, 2600, 800, 900 Betriebssystem Android 7.0 Kamera 12 Megapixel Display TFT Displaytechnologie, 16,7 Mio Farben, 1.080 x 1.920 Pixel Prozessor 2,1 GHz, Typ HiSilicon Kirin 655 Octa-Core Arbeitsspeicher | Datenspeicher 3 GB | 16 GB Speichererweiterung (optional) microSD, max. 128 GB Navigation: Empfänger und A-GPS, GPS-Empfänger, Glonass Navigations-Software Hardware und Schnittstellen Bluetooth, USB (Erkennung Datenträger am USB-Port), W-LAN Sondereigenschaften Variante: Open Market, Single-SIM Endgeräte-Display-Abbildung ist symbolisch, der Inhalt kann je nach Software-Version abweichen HigHligHts . Fingerabdrucksensor zum schnellen Entsperren . Android 7.0 mit EMUI 5.0 . 13,2 cm (5,2’’)-IPS-Display . Hauptkamera: 12 MP, AF, Blitz, Frontkamera: 8 MP . 3 GB interner Speicher, mittels microSD-Karte um bis zu 128 GB erweiterbar Änderungen bzgl. Lieferumfang und Leistungsmerkmalen vorbehalten. Die Angaben zu Betriebszeiten sind als Nennwerte zu verstehen und gelten für neue, nach Seite 1 Herstellervorschriften in Betrieb genommene Akkus bei optimaler Netzversorgung. Abweichungen sind je nach Einsatz möglich. Endgeräte-Produktinformation I Produkte für unterwegs HUAWEI P8 LITE 2017 (SCHWARZ) lieferumfang .
    [Show full text]
  • HR Kompatibilitätsübersicht
    HR-imotion Kompatibilität/Compatibility 2018 / 11 Gerätetyp Telefon 22410001 23010201 22110001 23010001 23010101 22010401 22010501 22010301 22010201 22110101 22010701 22011101 22010101 22210101 22210001 23510101 23010501 23010601 23010701 23510320 22610001 23510420 Smartphone Acer Liquid Zest Plus Smartphone AEG Voxtel M250 Smartphone Alcatel 1X Smartphone Alcatel 3 Smartphone Alcatel 3C Smartphone Alcatel 3V Smartphone Alcatel 3X Smartphone Alcatel 5 Smartphone Alcatel 5v Smartphone Alcatel 7 Smartphone Alcatel A3 Smartphone Alcatel A3 XL Smartphone Alcatel A5 LED Smartphone Alcatel Idol 4S Smartphone Alcatel U5 Smartphone Allview P8 Pro Smartphone Allview Soul X5 Pro Smartphone Allview V3 Viper Smartphone Allview X3 Soul Smartphone Allview X5 Soul Smartphone Apple iPhone Smartphone Apple iPhone 3G / 3GS Smartphone Apple iPhone 4 / 4S Smartphone Apple iPhone 5 / 5S Smartphone Apple iPhone 5C Smartphone Apple iPhone 6 / 6S Smartphone Apple iPhone 6 Plus / 6S Plus Smartphone Apple iPhone 7 Smartphone Apple iPhone 7 Plus Smartphone Apple iPhone 8 Smartphone Apple iPhone 8 Plus Smartphone Apple iPhone SE Smartphone Apple iPhone X Smartphone Apple iPhone XR Smartphone Apple iPhone Xs Smartphone Apple iPhone Xs Max Smartphone Archos 50 Saphir Smartphone Archos Diamond 2 Plus Smartphone Archos Saphir 50x Smartphone Asus ROG Phone Smartphone Asus ZenFone 3 Smartphone Asus ZenFone 3 Deluxe Smartphone Asus ZenFone 3 Zoom Smartphone Asus Zenfone 5 Lite ZC600KL Smartphone Asus Zenfone 5 ZE620KL Smartphone Asus Zenfone 5z ZS620KL Smartphone Asus
    [Show full text]
  • 4G Hang Hívásra Alkalmas Készülékek
    4G Hang hívásra alkalmas készülékek Alcatel: ▪ Alcatel 1S 2020 ▪ Alcatel 1S 2020 ▪ Alcatel 1X ▪ Alcatel 1X (2019) ▪ Alcatel K1 4G ▪ Alcatel U5 Apple: ▪ Apple iPhone 11 ▪ Apple iPhone 11 Pro ▪ Apple iPhone 11 Pro Max ▪ Apple iPhone 11 Pro Max ▪ Apple iPhone 11Pro ▪ Apple iPhone 6 ▪ Apple iPhone 6 ▪ Apple iPhone 6 Plus ▪ Apple iPhone 6 Plus ▪ Apple iPhone 6S ▪ Apple iPhone 6S ▪ Apple iPhone 6S ▪ Apple iPhone 6S Plus ▪ Apple iPhone 6S Plus ▪ Apple iPhone 6S Plus ▪ Apple iPhone 7 ▪ Apple iPhone 7 ▪ Apple iPhone 7 Plus ▪ Apple iPhone 7 Plus ▪ Apple iPhone 8 ▪ Apple iPhone 8 ▪ Apple iPhone 8 Plus ▪ Apple iPhone 8 Plus ▪ Apple iPhone SE ▪ Apple iPhone SE ▪ Apple iPhone X ▪ Apple iPhone X ▪ Apple iPhone XR ▪ Apple iPhone XS ▪ Apple iPhone XS Max Blackberry ▪ BlackBerry Athena ▪ BlackBerry Key 2 ▪ BlackBerry KEY2 LE ▪ BlackBerry Luna CAT: ▪ CAT S52 ▪ CAT S61 Honor: ▪ Honor 20 DS ▪ Honor 8A ▪ Honor 8S ▪ Honor 10 ▪ Honor 10 Lite ▪ Honor 20 Lite ▪ Honor 20 Pro ▪ Honor 8A ▪ Honor 8S ▪ Honor 9 Lite ▪ Honor View20 Huawei: ▪ Huawei Mate 10 Pro ▪ Huawei Mate 20 ▪ Huawei Mate 20 Lite ▪ Huawei Mate 20 Pro ▪ Huawei Mate 20X 5G ▪ Huawei Nova 5T ▪ Huawei Nova 3e ▪ Huawei P Smart ▪ Huawei P Smart ▪ Huawei P Smart 2019 ▪ Huawei P Smart Z ▪ Huawei P Smart Z ▪ Huawei P10 ▪ Huawei P10 ▪ Huawei P10 ▪ Huawei P10 Lite ▪ Huawei P10 Plus ▪ Huawei P10 Plus ▪ Huawei P20 ▪ Huawei P20 Lite ▪ Huawei P20 Lite ▪ Huawei P20 Lite ▪ Huawei P20 Pro ▪ Huawei P30 ▪ Huawei P30 Lite ▪ Huawei P30 Pro ▪ Huawei P40 Lite ▪ Huawei P40 Pro ▪ Huawei P8 Lite ▪ Huawei P8 Lite 2017 ▪ Huawei
    [Show full text]
  • Huawei Amended Answer to Third Amended
    IN THE UNITED STATES DISTRICT COURT FOR THE EASTERN DISTRICT OF TEXAS MARSHALL DIVISION OPTIS WIRELESS TECH., LLC, ET AL., Plaintiffs, Civil Action No. 2:17-cv-123 JRG-RSP v. JURY TRIAL REQUESTED HUAWEI TECHS. CO. LTD., ET AL., Defendants. DEFENDANTS HUAWEI DEVICE USA INC., AND HUAWEI DEVICE CO., LTD.’S AMENDED ANSWER TO PLAINTIFFS’ THIRD AMENDED COMPLAINT FOR PATENT INFRINGEMENT Huawei Device USA Inc. and Huawei Device Co., Ltd. (collectively “Huawei”), by and through their undersigned counsel of record, hereby file their Answer to the Third Amended Complaint for Patent Infringement filed by Plaintiffs Optis Wireless Technology, LLC, Optis Cellular Technology, LLC, and PanOptis Patent Management, LLC (collectively, “PanOptis” or “Plaintiffs”) as follows. Huawei Device USA, Inc. alleges counterclaims as set forth after the Huawei’s Answer. NATURE OF THE ACTION 1. Huawei admits that this is an action for patent infringement. Huawei denies the remaining allegations in paragraph 1. PARTIES 2. Huawei lacks knowledge or information sufficient to form a belief as to the truth of the allegations of paragraph 2 and therefore denies the allegations. 3. Huawei lacks knowledge or information sufficient to form a belief as to the truth of the allegations of paragraph 3 and therefore denies the allegations. 4. Huawei lacks knowledge or information sufficient to form a belief as to the truth of the allegations of paragraph 4 and therefore denies the allegations. 5. Huawei admits that Huawei Technologies Co. Ltd. (“Huawei Technologies”) is a Chinese corporation with a principal place of business at Huawei Industrial Base, Bantian, Longgang, Shenzhen, Guangdong, China, 518129.
    [Show full text]
  • Mobile- H2 2018
    Barometer of mobile Internet connections in Turkey Publication of August 12 th , 2019 H2 2018 – H1 2019 nPerf is a trademark owned by nPerf SAS, 87 rue de Sèze 69006 LYON – France. Contents 1 Summary of results ...................................................................................................................... 2 1.1 Summary table and nPerf score, all technologies combined .............................................. 2 1.2 Our analysis ........................................................................................................................... 3 2 Overall results 2G/3G/4G ............................................................................................................. 3 2.1 Data amount and distribution ............................................................................................... 3 2.2 Success rate 2G/3G/4G ........................................................................................................ 4 2.3 Download speed 2G/3G/4G .................................................................................................. 4 2.4 Upload speed 2G/3G/4G ....................................................................................................... 6 2.5 Latency 2G/3G/4G ................................................................................................................ 7 2.6 Browsing test 2G/3G/4G....................................................................................................... 8 2.7 Streaming test 2G/3G/4G ....................................................................................................
    [Show full text]
  • HUAWEI P8 (WEISS) Entdecke Deine Kreativität
    Endgeräte-Produktinformation I Produkte für unterwegs HUAWEI P8 (WEISS) Entdecke deine Kreativität Artikelnummer| EAN-Code 99922933 |6901443059508 Voraussichtlicher Verkaufsstart 05-2015 Abmessungen und Gewicht 144,9 x 71,8 x 6,4 mm | ca. 144 g Farbe Mystic Champagne Stand-by-Zeit | Sprechzeit bis zu 480 Std. | bis zu 830 Minuten Akku Li-Polymer, 2680 mAh SAR-Wert 0,473 W/kg Frequenzbänder GSM 1800, 1900, 850, 900 MHz Frequenzbänder UMTS 1700, 1900, 2100, 850, 900 MHz Frequenzbänder LTE 1800, 2100, 2600, 800 MHz Betriebssystem Android 5.0 Kamera 13 Megapixel Display LCD Displaytechnologie, 16,7 Mio Farben, 1080 x 1920 Pixel Prozessor 2 GHz, Typ HiSilicon Kirin 930 Octa-Core, Mali T628 Grafikprozessor Arbeitsspeicher | Datenspeicher 3 GB Speichererweiterung (optional) MicroSD, max. 128 GB Navigation: Empfänger und A-GPS, GPS-Empfänger Navigations-Software Hardware und Schnittstellen Bluetooth, Micro-USB, USB (Erk. Dtr. am USB-Port), W-LAN (b/g/n) Endgeräte-Display-Abbildung ist symbolisch, der Inhalt Sondereigenschaften Simple UI, NFC, 4FF (Nano-SIM) kann je nach Software-Version abweichen HigHligHts . Gesteigerte Leistung durch Octa-Core-Prozessor . Beste Bildqualität dank 13 Megapixel-Kamera . Intelligentes Netzwerkmanagement optimiert die Performance . Regisseur Modus und Lichtmalerei fördert die Kreativität . Feinster 6,4 mm Metall Unibody lieferumfang . Huawei P8 Änderungen bzgl. Lieferumfang und Leistungsmerkmalen vorbehalten. Die Angaben zu Betriebszeiten sind als Nennwerte zu verstehen und gelten für neue, nach Seite 1 Herstellervorschriften in Betrieb genommene Akkus bei optimaler Netzversorgung. Abweichungen sind je nach Einsatz möglich. Endgeräte-Produktinformation I Produkte für unterwegs HUAWEI P8 (WEISS) . Akku . Headset . USB-Kabel . Netzladegerät . Kurzanleitung . Garantiekarte netz-standards . Unterstützte GSM-Frequenzen in MHz: 1800, 1900, 850, 900 .
    [Show full text]
  • ETUI W Kolorze Czarnym ALCATEL A3
    ETUI w kolorze czarnym ALCATEL A3 5.0'' CZARNY ALCATEL PIXI 4 4.0'' 4034A CZARNY ALCATEL PIXI 4 5.0'' 5045X CZARNY ALCATEL POP C3 4033A CZARNY ALCATEL POP C5 5036A CZARNY ALCATEL POP C7 7041X CZARNY ALCATEL POP C9 7047D CZARNY ALCATEL U5 5044D 5044Y CZARNY HTC 10 CZARNY HTC DESIRE 310 CZARNY HTC DESIRE 500 CZARNY HTC DESIRE 516 CZARNY HTC DESIRE 610 CZARNY HTC DESIRE 616 CZARNY HTC DESIRE 626 CZARNY HTC DESIRE 650 CZARNY HTC DESIRE 816 CZARNY HTC ONE A9 CZARNY HTC ONE A9s CZARNY HTC ONE M9 CZARNY HTC U11 CZARNY HUAWEI ASCEND G510 CZARNY HUAWEI ASCEND Y530 CZARNY HUAWEI ASCEND Y600 CZARNY HUAWEI G8 GX8 CZARNY HUAWEI HONOR 4C CZARNY HUAWEI HONOR 6X CZARNY HUAWEI HONOR 7 LITE 5C CZARNY HUAWEI HONOR 8 CZARNY HUAWEI HONOR 9 CZARNY HUAWEI MATE 10 CZARNY HUAWEI MATE 10 LITE CZARNY HUAWEI MATE 10 PRO CZARNY HUAWEI MATE S CZARNY HUAWEI P10 CZARNY HUAWEI P10 LITE CZARNY HUAWEI P10 PLUS CZARNY HUAWEI P8 CZARNY HUAWEI P8 LITE 2017 CZARNY HUAWEI P8 LITE CZARNY HUAWEI P9 CZARNY HUAWEI P9 LITE CZARNY HUAWEI P9 LITE MINI CZARNY HUAWEI Y3 2017 CZARNY HUAWEI Y3 II CZARNY HUAWEI Y5 2017 Y6 2017 CZARNY HUAWEI Y5 Y560 CZARNY HUAWEI Y520 Y540 CZARNY HUAWEI Y541 CZARNY HUAWEI Y6 II CZARNY HUAWEI Y625 CZARNY HUAWEI Y7 CZARNY iPHONE 5C CZARNY iPHONE 5G CZARNY iPHONE 6 4.7'' CZARNY iPHONE 7 4.7'' 8 4.7'' CZARNY iPHONE 7 PLUS 5.5'' 8 PLUS CZARNY iPHONE X A1865 A1901 CZARNY LENOVO K6 NOTE CZARNY LENOVO MOTO C CZARNY LENOVO MOTO C PLUS CZARNY LENOVO MOTO E4 CZARNY LENOVO MOTO E4 PLUS CZARNY LENOVO MOTO G4 XT1622 CZARNY LENOVO VIBE C2 CZARNY LENOVO VIBE K5 CZARNY
    [Show full text]
  • Barometer of Mobile Internet Connections in Poland
    Barometer of Mobile Internet Connections in Poland Publication of July 21, 2020 First half 2020 nPerf is a trademark owned by nPerf SAS, 87 rue de Sèze 69006 LYON – France. Contents 1 Summary of results ...................................................................................................................... 2 1.1 nPerf score, all technologies combined ............................................................................... 2 1.2 Our analysis ........................................................................................................................... 3 2 Overall results 2G/3G/4G ............................................................................................................. 3 2.1 Data amount and distribution ............................................................................................... 3 2.2 Success rate 2G/3G/4G ........................................................................................................ 4 2.3 Download speed 2G/3G/4G .................................................................................................. 4 2.4 Upload speed 2G/3G/4G ....................................................................................................... 5 2.5 Latency 2G/3G/4G ................................................................................................................ 5 2.6 Browsing test 2G/3G/4G....................................................................................................... 6 2.7 Streaming test 2G/3G/4G ....................................................................................................
    [Show full text]
  • Prisliste-Tnb.Pdf
    Model SERVICE TYPE Customer inc MVA Huawei 10i Display replacement 1791 Huawei Ascend G6 Display replacement 1571 Huawei Honor 10 Lite Display replacement 1559 Huawei Honor 7 Display replacement 1889 Huawei Honor 8 Display replacement 2514 Huawei Honor 9 Display replacement 2541 Huawei Honor 9 Lite Display replacement 1620 Huawei Honor View 20 Display replacement 2363 Huawei Mate 10 Lite Display replacement 1736 Huawei Mate 10 Pro Display replacement 3290 Huawei Mate 20 Lite Display replacement 1683 Huawei Mate 20 Pro Display replacement 3509 Huawei Mate 7 Ascend Display replacement 2478 Huawei Mate 8 Display replacement 3135 Huawei Mate 9 Display replacement 2419 Huawei Mate 9 Pro Display replacement 3346 Huawei Mate S Display replacement 2355 Huawei Mediapad T3 10 Display replacement 1423 Huawei Nova Display replacement 1923 Huawei Nova 5T Display replacement 2121 Huawei P Smart Display replacement 1670 Huawei P Smart 2019 Display replacement 1461 Huawei P10 Display replacement 2464 Huawei P10 Lite Display replacement 1858 Huawei P10 Plus Display replacement 2748 Huawei P20 Display replacement 2523 Huawei P20 Lite Display replacement 1759 Huawei P20 Pro Display replacement 4026 Huawei P30 Display replacement 3156 Huawei P30 Lite Display replacement 2210 Huawei P30 Pro Display replacement 4130 Huawei P8 Display replacement 2586 Huawei P8 Lite (2017) Display replacement 1465 Huawei P9 Display replacement 2245 Huawei P9 Lite Display replacement 1705 Huawei P9 Lite Mini Display replacement 1236 Huawei P9 Plus Display replacement 2213 Huawei
    [Show full text]
  • Cennik Urządzeń Dla Ofert Z Taryfą T Na WWW
    Cennik urządzeń dla ofert z taryfą T na WWW. 1. W okresie od dnia 6.06.2018 r. do wyczerpania zapasów właściwych dla ofert promocyjnych lub ich wycofania T-Mobile Polska S.A. („Operator”) oferuje sprzęt zgodnie z poniższym. Wymienione poniżej urządzenia i warunki cenowe dotyczą Warunków Ofert Promocyjnych odsyłających w swej treści do niniejszego dokumentu. 2. Wartości podane poniżej w tabeli w ppkt. 2.1. (za wyjątkiem wierszy tabel zatytułowanych „Typowa suma Abonamentu i raty”) wskazują wyrażoną w złotych polskich wysokość pierwszej raty wynikającej z Umowy Sprzedaży na Raty. „Typowa suma Abonamentu i raty” to suma Abonamentu i miesięcznej stałej raty (tj. innej niż pierwsza), właściwa dla większości cykli czasu określonego Umowy. Uwzględnia ona ewentualny upust za zgody marketingowe. Kwota „Typowej sumy Abonamentu i raty” podawana jest poniżej wyłącznie w celu dodatkowego ułatwienia w znalezieniu właściwej kolumny. 2.1. Telefony w pełnej dostępności dotyczy „Taryfa T z telefonem „6x1” na 24 miesiące Raty w T-Mobile”, „Taryfa T z telefonem „3x1” na 24 miesiące Raty w T-Mobile” oraz „Taryfa T z telefonem WWW na 24 miesiące Raty w T-Mobile”. T2 Bez limitu T1 Bez limitu T1 10 GB: T1 T1 Oferta GB: GB: T2 5GB 5GB 2GB T2 10GB Typowa suma Abonamentu i raty 89,95 79,95 69,95 59,95 49,95 Maxcom Strong MM920 9 9 Nokia 3310 (3G) Dual SIM 9 9 Alcatel Pixi 4 (5) 9 9 9 Alcatel PIXI 4 (4) 9 9 Samsung Galaxy J3 (2016) 9 49 LG K4 (2017) 9 9 MyPhone City XL** 9 9 89 Huawei Y6 2017 9 9 99 LG K8 (2017) 9 9 99 Huawei P9 lite mini 9 9 99 LG K10 (2017) 9
    [Show full text]
  • FAQ Aircraft
    FAQ Aircraft How do I control Tello? You can control Tello directly via Tello app or with a supported Bluetooth remote controller connected to the Tello app. Supported devices iOS: Requires iOS 9.0 or later. Compatible with iPhone 5s, iPhone SE, iPhone 6, iPhone 6 Plus, iPhone 6s, iPhone 6s Plus, iPhone 7, iPhone 7 Plus, iPhone 8, iPhone 8 Plus, iPhone X, iPad mini 4 and iPad mini 4 Wi-Fi + Cellular. Android: Android version 4.4.0 or later. Compatible with Samsung S7, Samsung S6 edge, Samsung S5, Samsung Galaxy note 4, Samsung Galaxy note 3, Huawei Honor 8, Huawei Honor 9, Huawei P8 Max, Huawei P10, Huawei Honor V8, Huawei P9, Huawei nova2, Xiaomi 6, Xiaomi Note3, Redmi 4A, OnePlus5, vivoX6, Google Pixel1 XL, Google Pixel2. *Support for additional devices available as testing and development continues. For the latest information, please refer to the official Tello website. *Not available for Android tablets. What kind of interesting things can Tello do during flight? Tello can perform eight different flips, fly up and down from your hand in Bounce mode, or automatically record short videos with EZ Shots. Can Tello fly indoors? Yes, Tello is safe to fly indoors. Tello can also fly outdoors, but it is only recommended to do so in windless conditions. Is Tello waterproof? No. Camera What does Tello's camera feature? Tello's camera is capable of capturing photos and recording videos. With EZ Shots, users can fly in three specific patterns while recording short videos. Where are my captured photos and video saved? How can I export them? Photos and video will save to your smartphone.
    [Show full text]
  • Huawei's Mobile Processors
    Huawei's mobile processors Dezső Sima Vers. 2.1 November 2018 Sima Dezső, 2018 Huawei's mobile processors • 1. Overview • 2. Examples: The Kirin 950 • 2.1 The Kirin 950 • 2.2 The Kirin 960 • 2.3 The Kirin 970 • 2.4 The Kirin 980 • 3. References 1. Overview 1. Overview (1) Huawei [1] • Huawei Technologies Co. Ltd. is a Chinese multinational networking and telecommunications equipment and services company headquartered in Shenzhen China. • It was founded in 1987 and became the world's largest telecom equipment manufacturer. • The name Huawei (华为) means Chinese achievement. • Recently it has about 180 000 employees. Figure: Huawei's logo [1] Figure: Huawei's headquarter in Shenzen [1] 1. Overview (2) HiSilicon [2] • HiSilicon, a global fabless semiconductor and IC design company, headquartered in Shenzhen, China. • It was founded in 2004 as a subsidiary of Huawei. • It has offices and research centers worldwide, the number of the employees is about 7000. • HiSilicon purchases licenses mainly from ARM and designs in the first line application processors for mobiles. It filed over 5,000 patents. 1. Overview (3) 1. Overview Worldwide smartphone shipments by vendors Q4/2009 to Q4/2016 (million units) [3] 1. Overview (4) Worldwide market share of application processors in 2015 used in smartphones (based on revenue) [4] Market Processor lines Vendor Cores ISA share (examples) Qualcomm Snapdragon Qualcomm designed Krait cores ARMv7 42 % (USA) 200-800 ARM Cortex A line ARMv7/v8 Apple Apple A7-A9 Apple designed Cyclone core 21 % ARMv8 (USA) Apple A10 2xbig./4x LITTLE cores 8xARM Cortex A53 ARMv7 MediaTek Helio x10 (ARM big.LITTLE) 19 % (Taiwan) Helio X20 2xARM Cortex A72/8x A53 ARMv8 (ARM big.LITTLE) Samsung Exynos ARM Cortex A line ARMv7 (S.
    [Show full text]