Possible Ways to Crack the Bootloader

[kptphalkon]

As far as the hash collision theory goes...what about setting up some kind of distributed computing network like folding@home. Imagine how fast it could possibly get cracked and how many people would donate their spare cpu time to this project.

 

[czerdrill]

No, I am trying to break SHA-1 encryption in the bootloader itself. I am researching the methods to do this and then consulting and math professor with a PhD for specific questions.. then I am going to try and get the private key with hash collisions. Thats my plan as of today.. this is only day one of my research though. I still think this is a viable approach.

My hope is that aliasxerog and other linux specialist will be able to take advantage of the mathamatical approach I am working out to actually be used on the android end. Theory vs. Practice is different though. I really hope it works/can work...

{{ WugFresh }}

The likelihood of finding a hash collision in SHA-1 is slim to none. I think it's more likely that you take twelve flights, they all crash and youre the lone survivor in all twelve. Not trying to be a party pooper but hash collisions are not the way to go...

Sent from my Droid using Tapatalk

It was done in 2005, documentation exists on the project, its now 2010, I have a lot of resources at my disposal and frankly I don't care if its near impossible.. the fact of the matter is that it IS possible.. I am not suggesting its probable, just that it has been done, so why can't it be done again. All the other solutions haven't come to fruition, so not giving the one a chance that might actually work would be giving up. If it were SHA2, I would say, you are 100% correct, forget it.. I wouldn't even bother. But SHA1 is actually in the realm of possibility. If its possible and hasn't been done yet.. then it's worth a shot.

If hash collisions arent the way to break SHA1 encryption then what is? Giving up? Sending moto sad faces?

{{ WugFresh }}

Well that's what I meant. If we're being technical SHA-2 is in the realm of possibility too. Possibility doesn't equate to probability, as you have implied.

What I'm saying is trying to find a hash collision is not like finding a needle in a haystack. It's like finding a needle in a haystack, if by haystack I meant the universe.

Can you provide a link to the documentation on SHA-1 hash collisions being discovered? I would like to read about it. Again, not saying it's impossible. hashing is algorithmic so it's inherently possible but I don't think it's probable or logical to search for hash collisions as a way to crack the bootloader.

On a side note, I think sending moto sad faces will yield a better result then searching for hash collisions in SHA-1!

Sent from my Droid using Tapatalk

 

[WugFresh]

As far as the hash collision theory goes...what about setting up some kind of distributed computing network like folding@home. Imagine how fast it could possibly get cracked and how many people would donate their spare cpu time to this project.

Lol.. that would be a once in a lifetime experience to be apart of. The day the android community collectively beat moto. Sounds very interesting.. would require another level of sophistication I hadn't even thought of.. I'm not there yet in my brain or in my research to know if that could actually go down and if it would be as beneficial as you would think it to be. I like what you are saying though. If that actually went down, I know just the man for the network expertise.. plus he has access to tier 1 servers. Imagine how crazy that would be.

{{ WugFresh }}

 

[WugFresh]

http://www.schneier.com/blog/archives/2005/02/sha1_broken.html

{{ WugFresh }}

 

[OneTenderRebel]

There was an episode of the Wonder Years where all the students protest school and go outside and sing "all we are asking is give peace a chance". What if we did that outside the Moto HQ's????

 

[czerdrill]

http://www.schneier.com/blog/archives/2005/02/sha1_broken.html

{{ WugFresh }}

Well...no. It's "broken" in the sense that they won't have to brute force it and can theoretically find a hash collision sooner. That doesn't mean it's cracked though, or that a collision was found. Like I mentioned even SHA-2 can be broken in that respect because it is absolutely possible that you find the collision before exhausting brute force.

The author of that blog alludes to exactly what I said before in his "update" link at the bottom of the post you referred me to. But it's almost non news. Yes it's "broken" because hash collisions do exist but finding those collisions are for all intents and purposes impossible. By the logic there every encryption is broken because every encryption can, in theory, contain at least one collision. For practicality purposes, though, it's not anything to worry about.

Sent from my Droid using Tapatalk

 

[lfylove]

This is an interesting thread wish there was some way I could help but I have no skills srry

Sent from my Droid using DroidForums App

 

[WugFresh]

@czerdrill I hear your voice of reason and raise you my voice of insanity. I know for a fact that regardless of what you say it's never going to be cracked by a nay sayer with no alternate solution.

Are you looking for me to give up based on your uninformed feeling? Tell you that I think I have no chance...? Well I simply don't think that, at least not yet. I believe that in this world, if you seek out the right people, remain oriented towards a common goal.. anything is possible.

I will say however, if my prof. also calls me a looney, I might reconsider the attempt.

{{ WugFresh }}

 

[czerdrill]

@czerdrill I hear your voice of reason and raise you my voice of insanity. I know for a fact that regardless of what you say it's never going to be cracked by a nay sayer with no alternate solution.

Are you looking for me to give up based on your uninformed feeling? Tell you that I think I have no chance...? Well I simply don't think that, at least not yet. I believe that in this world, if you seek out the right people, remain oriented towards a common goal.. anything is possible.

I will say however, if my prof. also calls me a looney, I might reconsider the attempt.

{{ WugFresh }}

Haha well I can't argue with that. One thing is for certain, you're gonna be far smarter then you are now whether or not you are successful once your research is done. So who cares?

I believe anything is possible too. The bootloader will be cracked...when moto gives us the keys lol.

Now I'm interested in your prof's take on this haha but it's hardly an uninformed feeling...

Sent from my Droid using Tapatalk

 

[WugFresh]

The author of that blog is the internationally renowned guru on security. Maybe he has a student or colleague I could contact.

{{ WugFresh }}

 

[13th angel]

Wug, any idea of where you want me to start looking for info (like any specific thing like how they got it down to 2^63 instead of 2^80). I have no clue where to start looking to be honest lol.

Edit: found something that said it was actually down to 2^52 operations to crack it as of 2009, ill link where it says if you want Wug.

Sent from my Liberated D2G

 

[OneTenderRebel]

The author of that blog is the internationally renowned guru on security. Maybe he has a student or colleague I could contact.

{{ WugFresh }}

woah woah woah who hands out these titles??? I am the guru of security. I have been known as that since the days of elementary school when I was the school crossing guard for like 2 days. So you need to call him something else.

 

[WugFresh]

@czerdrill I hear your voice of reason and raise you my voice of insanity. I know for a fact that regardless of what you say it's never going to be cracked by a nay sayer with no alternate solution.

Are you looking for me to give up based on your uninformed feeling? Tell you that I think I have no chance...? Well I simply don't think that, at least not yet. I believe that in this world, if you seek out the right people, remain oriented towards a common goal.. anything is possible.

I will say however, if my prof. also calls me a looney, I might reconsider the attempt.

{{ WugFresh }}

Haha well I can't argue with that. One thing is for certain, you're gonna be far smarter then you are now whether or not you are successful once your research is done. So who cares?

I believe anything is possible too. The bootloader will be cracked...when moto gives us the keys lol.

Now I'm interested in your prof's take on this haha but it's hardly an uninformed feeling...

Sent from my Droid using Tapatalk

Maybe not uninformed... I am not that dense, I hear what you're saying, but I just think screw it. Maybe I could utilize some unconventional mathematical approach that I am not yet aware of, that will randomly extrude data to work with in sets.. and I will hit the loto. I could program some very obscure functions, and by uniformed, I guess I ment.. non expert.. just as I am now. Until I consult numerous experts and they all tell me I am nuts, I assume it can be done.

{{ WugFresh }}

 

[dfuser312553]

^^Lawlz

Unrelated to OP but....

Bottom tweet

 

[13th angel]

^^Lawlz

Unrelated to OP but....

Bottom tweet

Saw that.... one before that was worth putting in though. Atleast he's trying even though no luck yet.

Sent from my Liberated D2G