Leak Updates

[txpayne]

Rsa2048

+1. I was a little confused what the hoopla was about koush's recovery. It means absolutely nothing as far as custom roms are concerned. The droid x "hackers" are the exact spot that milestone hackers are at. Which is not very far. The milestone has had a custom recovery for a while, but no custom roms yet. And they're not going to break it. It's great to think "android devs are awesome!!! Yahhh!!!!" but the fact of the matter is they are not going to crack an encrypted bootloader no matter how hard they try. If they can't crack the bootloader (and they can't, and won't), then they can't change the kernel. If they can't change the kernel, then no custom roms. X owners will have to wait for motorola to decide it's time to change your kernel. Koush is not going to crack a rsa2048 bit encrypted bootloader and if he does (which he won't), then we need him working for the nsa not cracking phones.

Simple as that. Koush's clockwork thing means nothing. People are going crazy over a minor news item.

someone else who thinks the way i do. Totally agree. The only way is if the keys leak. Not impossible but i would guess very improbable.

right, the keys can leak then we'd have it. But like you stated, its highly improbable. Why? Because those keys are probably only known to very few people, who undoubtedly love their job, have signed confidentiality agreements and would not risk leaking something that would almost certainly be traced back to them and get them fired and taken to court. Cracking this bootloader is a pipedream unfortunately that won't be realized.

No custom roms on the x. With koush's recovery, x owners can have heavily modified systems but without a way to change the kernel, x owners are at the mercy of motorola...for a loooong time to come.

rsa-2048 = 25195908475657893494027183240048398571429282126204032027777137836043662020 70759555626401852588078440691829064124951508218929855914917618450280848912 00728449926873928072877767359714183472702618963750149718246911650776133798 59095700097330459748808428401797429100642458691817195118746121515172654632 28221686998754918242243363725908514186546204357679842338718477444792073993 42365848238242811981638150106748104516603773060562016196762561338441436038 33904414952634432190114657544454178424020924616515723350778707749817125772 46796292638635637328991215483143816789988504044536402352738195137863656439 1212010397122822120720357 good luck

 

[czerdrill]

So just some clarifications here. Do we believe that from now on all leaks will be stopped? I had wondered about intentional leaking for beta testing...

And the Droid 1 leak that was not posted, can I assume this is later than the FRG22 that everybody has? Is it likely the final second update that's supposed to be coming?

Have all the leaks been from Motorola? Or are some of the leaks from wireless carriers like Verizon, or from elsewhere?

And I'm also trying to make sense out of this "encrypted bootloader" discussion. Since encrypted software can't actually run without decrypting it, the things people are saying don't quite make sense. Is there an explanation out there that does make sense?

I could hazard a guess that what's going is this: the bootloader is not encrypted but the software it loads is decrypted using a built-in public key, and so it will only boot stuff that has been encrypted with a private key that none of us have. But that's just one possible scheme among many.

Ultimately the problem with all such schemes is that they have to run on real physical hardware that can either be monitored or simulated, and you can just sit back and watch what happens, reverse engineer, and replace. How has Motorola beaten that basic fact?

This is exactly what it means. the bootloader loads the OS (kernel), and it can only boot a kernel or OS that has the been encrypted by the correct private keys (in other words signed ROMs). without the private keys you cannot create a ROM that can be decrypted by the public key. therefore putting a custom recovery on the x really doesn't accomplish much (other than the ability to backup i guess). you're not going to be able to put custom ROMs on the device if you don't have the private keys, and those private keys are not going to be leaked, nor is it going to be guessed with brute-force. anyone who thinks otherwise is confused.

i'm not sure why koush said on his website that we can now load custom ROMs when we really can't. it just creates this hysteria among people, and its simply not true. if motorola doesn't release an updated kernel, no dev is going to be able to put a new kernel on the phone. pretty much what koush and everyone did is use the same progress made on the milestone's bootloader and applied that to the x. the truth is, the progress is irrelevant...

 

[TheCrusher]

This is exactly what it means. the bootloader loads the OS (kernel), and it can only boot a kernel or OS that has the been encrypted by the correct private keys (in other words signed ROMs). without the private keys you cannot create a ROM that can be decrypted by the public key. therefore putting a custom recovery on the x really doesn't accomplish much (other than the ability to backup i guess). you're not going to be able to put custom ROMs on the device if you don't have the private keys, and those private keys are not going to be leaked, nor is it going to be guessed with brute-force. anyone who thinks otherwise is confused.

i'm not sure why koush said on his website that we can now load custom ROMs when we really can't. it just creates this hysteria among people, and its simply not true. if motorola doesn't release an updated kernel, no dev is going to be able to put a new kernel on the phone. pretty much what koush and everyone did is use the same progress made on the milestone's bootloader and applied that to the x. the truth is, the progress is irrelevant...

OK, so was someone just talking out of their ass when they said the keys could be changed OTA? Because if they're right then this whole scheme seems like much ado about nothing. Trivial to bypass.

 

[furbearingmammal]

Signatures can't be faked, especially if they're encrypted to THAT level of encryption, and if they're not matching up with the hardware-generated keys via the encrypted bootloader, it fails.

 

[MotoCache1]

The Droid X has had its recovery image hacked and replaced, so wohoo wohoo for people who want it.

For those of us paying attention, the bootloader on the Droid 1 was updated in many of the OTA updated phones so that custom recovery images are replaced on a reboot with the stock. What does that mean to you? The problem's being worked on by a the wizard who figured out how to make SBF files outside of a Motorola laboratory, but the fact is that even without a locked bootloader the people over at Moto/Verizon/Google can still mess with us.

Really, first I have heard of this. I got the OTA and run rooted stock with CW recovery, and not run into this very interesting. I would also like know if there may be a chance to get the second froyo leak :icon_eek:

I'm the said "wizard". Here's the link to my writeup. If you got the 2.2 OTA then your phone should have been affected unless you updated your boot image afterward. The first 2,875,392 bytes of the boot partition image are used along with a diff file to mathematically come up with the entire recovery partition image. If your boot image doesn't match the expected SHA1 hash (d104d2ec84a2d0660e786c0fb8174bfacb4079d6) then it won't happen. You will probably also find that your bootloader was quietly updated to 2C.7C (from 2C.6C). This time it wasn't one that will only boot a signed image, but what about next time?

 

[MotoCache1]

You will probably also find that your bootloader was quietly updated to 2C.7C (from 2C.6C). This time it wasn't one that will only boot a signed image, but what about next time?

I guess we can't edit messages in this particular sub-forum. I wanted to add that you'll find that even flashing on an SBF from a prior version (say ESE81) will not give you your old bootloader back. Good thing it isn't a locked one eh?

 

[furbearingmammal]

Nope, no edit in news, and believe me, you're not the first to wish it was otherwise -- have to get a Mod to do it for you, like I did in the message being referenced, oh "wizard".

It's a scary thought for the future of rooting and ROM-ing the Droid 1. Motorola/Verizon may have been sending a message, but I think it's more likely it was done as a proof of concept than anything else -- blocking the n00bs and making it harder to get a "full" root was secondary to proving they can do it.

 

[MotoCache1]

It's a scary thought for the future of rooting and ROM-ing the Droid 1. Motorola/Verizon may have been sending a message, but I think it's more likely it was done as a proof of concept than anything else -- blocking the n00bs and making it harder to get a "full" root was secondary to proving they can do it.

I'm more pessimistic than you. While I too see it as a test, I think it's more of a "let's see if this causes too many unintended consequences to gauge how big of a mess a fully locked boot loader would cause". I'm working on an uninstaller to back out the 2C.7C boot loader now. I have 2C.7C on my DEV phone from updating to the 2.2 OTA to be able to reproduce the issue (so I could figure out how to disable it). I'm backing it back down to 2C.6C however just to be safe. I already know how to revert the bootloader to a prior version, but it affects a bunch of other things too. I want to be able to back just the bootloader out without messing with anything else. We'll see if I can do it without bricking the unbrickable Droid. I guess it's worth the risk -- in the name of science. Fingers crossed.

 

[czerdrill]

This is exactly what it means. the bootloader loads the OS (kernel), and it can only boot a kernel or OS that has the been encrypted by the correct private keys (in other words signed ROMs). without the private keys you cannot create a ROM that can be decrypted by the public key. therefore putting a custom recovery on the x really doesn't accomplish much (other than the ability to backup i guess). you're not going to be able to put custom ROMs on the device if you don't have the private keys, and those private keys are not going to be leaked, nor is it going to be guessed with brute-force. anyone who thinks otherwise is confused.

i'm not sure why koush said on his website that we can now load custom ROMs when we really can't. it just creates this hysteria among people, and its simply not true. if motorola doesn't release an updated kernel, no dev is going to be able to put a new kernel on the phone. pretty much what koush and everyone did is use the same progress made on the milestone's bootloader and applied that to the x. the truth is, the progress is irrelevant...

OK, so was someone just talking out of their ass when they said the keys could be changed OTA? Because if they're right then this whole scheme seems like much ado about nothing. Trivial to bypass.

That I have no idea. I'm guessing no, but who knows. Can't really comment on that because I don't know

 

[furbearingmammal]

It's a scary thought for the future of rooting and ROM-ing the Droid 1. Motorola/Verizon may have been sending a message, but I think it's more likely it was done as a proof of concept than anything else -- blocking the n00bs and making it harder to get a "full" root was secondary to proving they can do it.

I'm more pessimistic than you. While I too see it as a test, I think it's more of a "let's see if this causes too many unintended consequences to gauge how big of a mess a fully locked boot loader would cause". I'm working on an uninstaller to back out the 2C.7C boot loader now. I have 2C.7C on my DEV phone from updating to the 2.2 OTA to be able to reproduce the issue (so I could figure out how to disable it). I'm backing it back down to 2C.6C however just to be safe. I already know how to revert the bootloader to a prior version, but it affects a bunch of other things too. I want to be able to back just the bootloader out without messing with anything else. We'll see if I can do it without bricking the unbrickable Droid. I guess it's worth the risk -- in the name of science. Fingers crossed.

Good luck, and everyone here who cares and is aware is holding their breath, I'm sure.

 

[hollowbox]

I can understand moto and verizon both wanting to lock down the phones......but doesn't this hurt google and android in the long run. I can't believe that the google development teams have not benefitted greatly from the independent devs work. You would think from googles point of view the more hacking the bettter. Can't we just get a nice vanilla android google experience beast like the droid 1 (or nexus) was......google needs to get back in the phone biz!

 

[furbearingmammal]

Google can't, though, because the carriers are locking down. Hard.

The more customization there is, the more "theft" of services there are.

Anyone remember the PlayStation 1? That was hackable, customizable, moddable, you name it. It was WILDLY popular as a result, and Sony sold a crapload of them. Then they locked it down and look at Sony sales since. It's the same thing, except with awesome cell phones. I can't say as I blame Verizon for demanding a locked bootloader, and I can't say as I blame Motorola for caving in to the demands.

But everyone suffers when they pull that kind of crap.

 

[Amagine]

I can understand moto and verizon both wanting to lock down the phones......but doesn't this hurt google and android in the long run. I can't believe that the google development teams have not benefitted greatly from the independent devs work. You would think from googles point of view the more hacking the bettter. Can't we just get a nice vanilla android google experience beast like the droid 1 (or nexus) was......google needs to get back in the phone biz!

Google will eventually. They sold out the Nexus One stocks a couple weeks ago (right after they stopped making them) and then said they are re starting production to keep up with demand.
I don't doubt that soon Google will take another spin at it. I would personally like it if Google made a "world" phone. Fullly quad band LTE/GSMdancedroid

 

[Amagine]

Google can't, though, because the carriers are locking down. Hard.

The more customization there is, the more "theft" of services there are.

Anyone remember the PlayStation 1? That was hackable, customizable, moddable, you name it. It was WILDLY popular as a result, and Sony sold a crapload of them. Then they locked it down and look at Sony sales since. It's the same thing, except with awesome cell phones. I can't say as I blame Verizon for demanding a locked bootloader, and I can't say as I blame Motorola for caving in to the demands.

But everyone suffers when they pull that kind of crap.

Yep. Look at the recording industry. I honestly haven't bought a CD in a while for a band I don't know or go to concerts for. Soon if they do lock it down, then the android movement will be lost for Verizon. It's honestly the only reason Verizon is doing well in the smart phone market without the Iphone. Blackberry was good for a while. But the driods gave moto and verizon new life. They could seriously nip their success if they get to aggressive at this point. If they do, you just might see the pendulum swing back toward RIM and Apple.
Android is really fragile right now as a platform.

 

[Amagine]

Google can't, though, because the carriers are locking down. Hard.

The more customization there is, the more "theft" of services there are.

Anyone remember the PlayStation 1? That was hackable, customizable, moddable, you name it. It was WILDLY popular as a result, and Sony sold a crapload of them. Then they locked it down and look at Sony sales since. It's the same thing, except with awesome cell phones. I can't say as I blame Verizon for demanding a locked bootloader, and I can't say as I blame Motorola for caving in to the demands.

But everyone suffers when they pull that kind of crap.

Yep. Look at the recording industry. I honestly haven't bought a CD in a while for a band I don't know or go to concerts for. Soon if they do lock it down, then the android movement will be lost for Verizon. It's honestly the only reason Verizon is doing well in the smart phone market without the Iphone. Blackberry was good for a while. But the driods gave moto and verizon new life. They could seriously nip their success if they get to aggressive at this point. If they do, you just might see the pendulum swing back toward RIM and Apple.
Android is really fragile right now as a platform.

I would also add. Why shouldn't Google just start charging for the OS if the telco's just lock down the OS after their unique customizations.