1. You want that $100.00 in your pocket or an Amazon Fire TV don't you? Well here's the deal. With our new updated look we are in desperate need of an updated logo. The 'old' one has certainly served us well, but it's time. Find all the details here: bit.ly/1q0k6Wa
  2. DroidForums.net is currently undergoing a major software upgrade. If you are experiencing any problems logging in please: Contact Us

Possible Ways to Crack the Bootloader

Discussion in 'Droid X Roms' started by aliasxerog, Mar 23, 2011.

  1. aliasxerog
    Offline

    aliasxerog Premium Member Premium Member Developer

    Joined:
    Oct 24, 2010
    Messages:
    178
    Likes Received:
    0
    Trophy Points:
    0
    I'm going to be taking a break on actual programming because I want to work on getting the bootloader unlocked. I will be getting those god damn keys sooner or later. That being said I need idea on how to do this. Throw them up here, with links to research.
  2. Snow02
    Offline

    Snow02 New Member

    Joined:
    Jan 12, 2011
    Messages:
    1,342
    Likes Received:
    9
    Trophy Points:
    0
    To be honest, if the efuse works the way I believe, you're not going to crack it short of a motorola leak.

    From what I've been able to find, the efuse is a one time programmable key. There is absolutely no reprogramming this. That leaves properly signing a replacement image as the only work around. Unfortunately, there isn't any way to readily glean that info from what we have to work with.

    As a disclaimer, I'm half talking out of my ass here. But again, from all the info I've been able to locate, you're going to need someone at moto to release that info.

    I know that's not very helpful, and man, it'd be nice to see happen, but I'd hate to see you sink a bunch of time all for naught.
  3. Sitrick2
    Offline

    Sitrick2 New Member

    Joined:
    Mar 11, 2011
    Messages:
    22
    Likes Received:
    0
    Trophy Points:
    0
    I don't know anything on the subject, but wanted to say thank god someone is taking this attitude. I've been doing every kind of google search I can think of trying to find useful info for you guys as far as drivers and whatnot, but am just not smart enough (yet) to know what I'm looking for (hitting up the library for some tech books later today to start educating myself on some of this stuff).

    Guess I really just want to say thanks for not giving up and continuing to fight the good fight. The community appreciates it.

    Sent from my DROIDX using DroidForums App
  4. DJxPanda
    Offline

    DJxPanda New Member

    Joined:
    Feb 16, 2011
    Messages:
    126
    Likes Received:
    0
    Trophy Points:
    0
    I agree 100% sir. Alias, the entire community is behind you and wants this to happen.we will do what we can to give u any info. Give it some time. It will come.
    I also am not a very knowledgeable person on the actual workings of the bootloader. But I am total up to help test. Ive tested the original ipod touch 2g tethered jailbreaks and whatnot so im always down to give back to the community in any way I can. :) once again, thank you for fighting the good fight and keeping the hopes and dreams of many alive.

    Sent from my DROIDX using DroidForums App
  5. KHeeney5
    Offline

    KHeeney5 New Member

    Joined:
    Nov 28, 2010
    Messages:
    544
    Likes Received:
    0
    Trophy Points:
    0
    -The way you are doing it now, we just need drivers now?
    -Find a way to pull the codes from a device or SBF file.
    -Find a way to edit an SBF file to accept changes
    -Pass around a petition to get the codes from Motorola.
    -Look into other Motorola devices (Xoom, D1) see if there is anything useful there.

    ...That's all I can think of.
  6. snwboard333
    Offline

    snwboard333 New Member

    Joined:
    Mar 9, 2011
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    0
    I've read that the keys are RSA2048 encrypted and i've also read that recently the RSA keys were cracked. If somehow it gets how how RSA was cracked would be able to crack the keys on the eFuse?
  7. 13th angel
    Offline

    13th angel Developer Developer

    Joined:
    Jan 16, 2011
    Messages:
    2,102
    Likes Received:
    1
    Trophy Points:
    0
    Location:
    Auburn, Alabama
    Ill kill your points 1 by 1 for ya...

    Need the drivers for a kexec module, not a standard droid kernel.
    Been tried, as far as I know the codes aren't in there because as I understand it the sbf file doesn't touch the bootloader.
    Pretty sure that's been tried for a while now....
    Xoom and d1 aren't really going to be helpful because they're already unlocked. Locked droids wont help because they're all encrypted the same way as I understand.

    Don't mean to be a spoil sport or anything, just most things have already been tried.

    Sent from my Liberated D2G
  8. UNC
    Offline

    UNC New Member

    Joined:
    Jan 12, 2010
    Messages:
    1,359
    Likes Received:
    1
    Trophy Points:
    0
    Location:
    Fayettenam,NC
    If the bootloader was simply "locked" all you would need would be the key, but since they are encrypted you will need to figure out what algorithm is used to create new keys as well as having an original key to use the algorithm with...

    I don't think it'll ever be cracked.. and the only people to blame are the tethering abusers... I don't think MOTO would've paid to develop the encryption unless the carriers put them up to it, and the only reason they would've blocked that is to stop tethering, since that's the only for-cost service that is being "stolen"... If everyone keeps abusing their service all phones will be locked, block sideloading, and have meters/throttling.

    The Thunderbolt has a folder named "throttle" in the /system so its coming soon.

    Sent from my ADR6400L using DroidForums App
  9. dfuser312553
    Offline

    dfuser312553 New Member

    Joined:
    Aug 27, 2010
    Messages:
    2,084
    Likes Received:
    0
    Trophy Points:
    0
    ^blame it on tether-ers? Hilarious
  10. Chloenaiter
    Offline

    Chloenaiter New Member

    Joined:
    Oct 30, 2010
    Messages:
    46
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    California
    I honestly don't know what I can do to help but I am willing to sacrifice my Droid X for testing if you need it :) (I have really good relations with my local verizon dealer so I could probably get another one easily dancedroid )
  11. droidx8791
    Offline

    droidx8791 Beta Team Theme Developer

    Joined:
    Dec 11, 2010
    Messages:
    188
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    South Georgia
    I am just learning to theme so im not very knowledgeable on programming at all lol. But when moto releases an ota what file or whatever do they use for the phone to accept it? Is there a way to get what you need from any of that? Probably a stupid noobie thought but I was just thinking in my little brain.

    Sent from my DROIDX using DroidForums App
  12. WugFresh
    Offline

    WugFresh Developer Developer

    Joined:
    Oct 4, 2010
    Messages:
    592
    Likes Received:
    0
    Trophy Points:
    0
    SHA-1 encryption has been broken by a team of researchers; Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu, and apparently they have been shadily distributing their paper, but its not readily publicly available. They used hash collisions to break the encryption. I personally know calculus, differential equations, greens and stokes theorem, and linear albegra, but this type of math is still way over my head. From my limited understanding on this...hash collisions would be the only real way to actually crack the encryption (vs. bypass, or the work you have been doing..), and considering that it has already been done, then I suppose that makes it a viable solution. I don't know if a team of researchers from Shandong University in China would care enough about the android hacker community to share their findings... but I suppose anything is possible. If in fact they were willing to share this information, the function could be used in a powerful computational program such as Maple, Matlab, or Mathmatica, to generate the private keys... but I think you might need the public key..? Like I said...I really only have a surface-level understanding of whats involved.

    The more practical but still highly unlikely method for getting the keys would be to get them from moto somehow... but the hacker community is too small for them to care.

    We could all stand outside of moto headquaters and wait for the ceo to walk towards his car and then.... lol.

    If you are interested in actually cracking it.. wish would be epic, and probably more likely than reverse engineering the radio baseband drivers (which seems to be the issue...right?), then hash collisions are the way to go, and those researchers are the ones with the knowledge on how to do it. I don't think they want to publicly distribute their work because SHA-1 encryption is still widely used and has been implemented as an industry standard since md5 encryption was broken.

    I hope that helps, or provides some hope... I personally have a DX and would love it to be cracked.. I wish I had a better understanding of the math involved. Regardless... I really appreciate your determination and commitment to this project, thank you for all your hard work.

    I will try and see if I can find some solid information on this... but I really think that those guys are the only ones with the info that relevant... that being, the actual solution. There are documented studies with hash collisions available.. but they don't have what you need. Those guys have the answer.

    {{ WugFresh }}
    Last edited: Mar 23, 2011
  13. Shadows9909
    Offline

    Shadows9909 New Member

    Joined:
    Dec 6, 2010
    Messages:
    90
    Likes Received:
    0
    Trophy Points:
    0
    Would the Xoom hold any useful information? as i understand its bootloader is locked, but can be unlocked? also as the above poster said, the bootloader and kernel are updated somehow through ota's? how does say maderstock change the kernel? Wouldn't their have to be some kind of key to allow it to change it? just some thoughts, rather new to this =P would love to get some cyanogen lovin on my DX dancedroid
  14. Brennan_Huber
    Offline

    Brennan_Huber Theme Developer Theme Developer

    Joined:
    Feb 1, 2011
    Messages:
    311
    Likes Received:
    11
    Trophy Points:
    0
    Location:
    TN
    I will for sure be following this! Im very interested in learning how. I think we all help each other out bounce ideas out and edit and change each others we should be able to crack it. Just need to know how then I say we go for it.

    Sent from my DROIDX
  15. ncdub
    Offline

    ncdub New Member

    Joined:
    Apr 26, 2010
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    0
    I just think we need to send someone into Motorolla under cover style! Get on the team that devs the phones and BOOM! We (our community) are in!

    Short of that though, I seriously wish anyone and everyone the best of luck!

    Sent from my DROIDX using DroidForums App
  16. 13th angel
    Offline

    13th angel Developer Developer

    Joined:
    Jan 16, 2011
    Messages:
    2,102
    Likes Received:
    1
    Trophy Points:
    0
    Location:
    Auburn, Alabama
    I think that's the one most likely of doing any good however it requires waiting till gb is released which some people don't want to do.

    Sent from my Liberated D2G
  17. swagmonster
    Offline

    swagmonster New Member

    Joined:
    Nov 4, 2010
    Messages:
    738
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    worcester,MA
    Im on it lol jk

    Sent from my DROID2 using DroidForums App
  18. droidx8791
    Offline

    droidx8791 Beta Team Theme Developer

    Joined:
    Dec 11, 2010
    Messages:
    188
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    South Georgia
    Well true 13angel but we already had froyo ota and P3droid has a developers dx with gingerbread ( i think)so there is gotta be something. When we got froyo ota our phones had to read some file to acknowledge it was legit. I might not be making any sense cause I don't know anything about the process.

    Sent from my DROIDX using DroidForums App
  19. WugFresh
    Offline

    WugFresh Developer Developer

    Joined:
    Oct 4, 2010
    Messages:
    592
    Likes Received:
    0
    Trophy Points:
    0
    I think it just parses your build.prop for ro.fingerprint and device and id, and then checks for all the stock apps... I could just be making that up though.. thats just what I thought...

    {{ WugFresh }}
  20. 13th angel
    Offline

    13th angel Developer Developer

    Joined:
    Jan 16, 2011
    Messages:
    2,102
    Likes Received:
    1
    Trophy Points:
    0
    Location:
    Auburn, Alabama
    Wouldnt it have to open the bootloader and all that jazz in order to upgrade the kernel to the gingerbread one though? That would require the key to be sent along with the ota update.
Search tags for this page
android bootloader crack
,
android bootloader cracking
,
android crack bootloader
,

bootloader crack

,
crack a bootloader
,
crack android bootloader
,

crack bootloader

,
cracking android bootloader
,
how to boot crack
,

how to crack a bootloader

,
how to crack andoid bootloader
,

how to crack bootloader

,
how to crack bootloder
,
how to hack a bootloader
,
unlock lgl35g bootloader torrent