Skip to content

Tools for parsing/extracting/packing Qualcomm mbn MCFG (Modem Configuration) files

License

Notifications You must be signed in to change notification settings

sbaresearch/mbn-mcfg-tools

Repository files navigation

MBN MCFG Tools

DISCLAIMER: This tool is still under development and started as a hastily written script because we needed something to parse MBN files, so please do not expect a polished tool.

This project provides a python library/application for parsing Qualcomm MBN configuration files and the contained configuration items.

Warning

The format assumed by the parsers results from reverse engineering and is partially copied from similar projects (see Related Repos below). We do NOT know how accurate the format is and how much the format changes between differing versions of configuration files. This uncertainty of whether we got the format right is especially true for the parsers for individual configuration items which were auto generated from here and whose results are often inaccurate.

MBN MCFG Files

MBN files are ELF files loadable by Qualcomm modems used not only to load executables but also to load configuration. When used for modem configuration, these ELF files contain a Qualcomm-specific segment — the MCFG segment likely standing for modem configuration — containing the configuration and a secure boot header. However, the modems we tested with only checked the hashes in the secure boot header and ignored wrong/missing signatures for MBN MCFG files.

The MBN modem configuration file format (or what we assume it to be) can be found here.

Installation

To install the mbn-tool:

python3 -m venv <venvname>
source <venvname>/bin/activate
pip install .

Usage

Our package provides a CLI tool to pack/unpack MBN files.

Note

When modifying an extracted MBN file, please note that currently, when changing a value of type "bytes", changes to its "ascii" property are ignored. Furthermore, only changes to the file meta and the files in the files directory are packed into an MBN file when using our tool to repack a file.

To extract the file row_common.mbn into the directory row_common_extracted:

mbn-tool -e row_common.mbn row_common_extracted

To pack the extracted configuration file row_common_extracted into the MBN file row_common_packed.mbn:

mbn-tool -p row_common_packed.mbn row_common_extracted

To check the hashes in the secure boot header for validity:

mbn-tool -c row_common.mbn

To extract all MBN files inside a sample folder (e.g. bash):

folder="mbn/Google_MBN/20231105/20231105_Google_Pixel_5_mbn_0A_Snapdragon_765G_5G_SM7250/mcfg_sw"; for i in $(find "$folder" | grep ".mbn$"); do mbn-tool -e "${i}" "${i}_extracted"; done

Related Repositories