1. DroidForums.net is currently undergoing a major software upgrade. If you are experiencing any problems logging in please: Contact Us

Hardware Hacks

Discussion in 'Droid X Roms' started by aliasxerog, Mar 9, 2011.

  1. aliasxerog
    Offline

    aliasxerog Premium Member Premium Member Developer

    Joined:
    Oct 24, 2010
    Messages:
    178
    Likes Received:
    0
    Trophy Points:
    0
    Can you guys help do some research on the encryption hardware and possibly how to disable it? Anything from technical documentation to possible helpful forum posts will do.
  2. snwboard333
    Offline

    snwboard333 New Member

    Joined:
    Mar 9, 2011
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    0
  3. jthompson
    Offline

    jthompson New Member

    Joined:
    Jun 15, 2010
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    0
    How about the bootloader from the xoom? just a idea
  4. aliasxerog
    Offline

    aliasxerog Premium Member Premium Member Developer

    Joined:
    Oct 24, 2010
    Messages:
    178
    Likes Received:
    0
    Trophy Points:
    0
    Well we can't flash a new bootloader without the device being unlocked. That's where the idea of having a hardware hack to unlock it came from.
  5. ahC_hED
    Offline

    ahC_hED New Member

    Joined:
    Mar 18, 2011
    Messages:
    171
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Chattanooga, Tn
    Could a secondary 'homemade-ish' bootloader be bootstrapped to bypass the signed bootloader?

    Sent from my jtagged Droid2 :)
  6. bladearrowney
    Offline

    bladearrowney New Member

    Joined:
    Oct 19, 2010
    Messages:
    25
    Likes Received:
    0
    Trophy Points:
    0
    putting a homemade-ish bootloader onto a moto phone was a trick used back in the day on the old V3 RAZR phones, there was a trick to get the bootloader to allow a downgrade to a modified version that had RSA removed and allowed, among other things, unlocking of the baseband. However, I'm pretty sure the encryption has moved on into bigger and badder systems, so while the same may be possible on the DX bootloader, implementing it has so far eluded everyone involved (or we all are just looking in the wrong places). Has anyone tried something similar to what was done back in the day, ie exploiting the RAMLOADER used in RSD Lite to trick the phone into allowing us to do things that we shouldn't be?

    http://www.fidalgo.net/~grubwerm/SU Ramldr and Motorola E815 RamLoader Hack/README_SU.TXT
  7. bladearrowney
    Offline

    bladearrowney New Member

    Joined:
    Oct 19, 2010
    Messages:
    25
    Likes Received:
    0
    Trophy Points:
    0
    I forgot something else, another trick we used to use on other motorola models (up until around the V9 where the game changed a bit) was to make use of "test point" locations on the physical pcb, which when shorted would result in the phone dropping into a "blank" mode when powered on, allowing bypass of all security entirely. Used to use this method to unlock the V3re and several other models back in the day. Problem with that is that this method generally applied to GSM phones, I never saw TP methods for CDMA devices. However, given that there was never much need to get around the encryption on older cdma devices, it was probably never fully explored or went poorly documented. Knowing moto, there is probably a similar method. Finding it though would be an entirely different story. First, we'd have to reverse engineer a schematic, etc, etc, etc... not to mention find someone with a MB810 or A955 board they are willing to donate to science.
  8. bladearrowney
    Offline

    bladearrowney New Member

    Joined:
    Oct 19, 2010
    Messages:
    25
    Likes Received:
    0
    Trophy Points:
    0
    technically incorrect, we can't flash a bootloader that is not properly signed. I can readily flash between D2.35 and D2.37 at will on my D2 without any issues. However, I have no experience in decompiling the binary to modify it, no experience in resigning it (which would probably require signing keys that we don't have), and no experience in attempting communication with the bootloader to probe for a potential exploit.

    However, that's where my previous comments come in, looking at what's been done in the past with manipulation of the RAMLOADER or as you said, via a hardware hack (most likely in the form of a test point in need of some grounding) we might find some success...
  9. d_vs_Goliath
    Offline

    d_vs_Goliath New Member

    Joined:
    Apr 19, 2010
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Southern Maryland

    I have a DX that's gone in the water. It wont do much of anything really but if it will help I will give it to the cause...
  10. Perk27
    Offline

    Perk27 New Member

    Joined:
    Feb 18, 2011
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    0
    I've got a extra one with a broke screen collecting dust, id be glad to donate to the cause.

    RTR
Search tags for this page

difference between droid x mb810 and mb810a

,

difference between mb810 and mb810a

,
difference mb810 mb810a
,
droid a855 hack tips & tricks service menu
,
mb810 droid x secret codes
,
mb810 motherboard schematics
,
mb810 secret codes
,

mb810 vs mb810a

,

mb810a

,
motorola a855 secret codes
,
motorola droid a855 vs x mb810
,
motorola mb810 unlocking
,
motorola mb810 vs mb810a
,

motorola mb810a

,
secret codes for mb810