While I am hesitant to get too excited for this and I will wait until actual custom recovery is reached, I think for the time being we copy this information down and spread it as much as possible. Motorola already took notice, so finding all the remaining instances is their top priority.
DroidForums.net | Android Forum & News
This is a sample guest message. Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!
[Hoax!] Bootloader encryption possibly broken!
- Thread starter Jaxidian
- Start date
2048 bit encryption would take a lifetime with brute force IIRC.
kptphalkon
Active Member
It would probably take dozens of lifetimes to brute force that kind of encryption
I believe they cracked it because Moto didn't add a random number to their RSA encryption. See here for details: Sholes signing key leak explained
Amazing, my question is what's a key? Sorry for being a noob
Sent from my DROIDX
Sent from my DROIDX
kptphalkon
Active Member
Exactly...my only question is, will this method work for every moto droid? The x, 2, milestone, 2 global, milestone 2?
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 <== nonce (e)
97 6a 21 7a 67 41 37 9f 26 53 4a 61 7f 2a 86 ae ff 71 21 78 2e 61 4f 71 90 3e 00 27 fe 9b <== initialization vector
7e 21 a8 37 64 12 75 a3 47 13 54 42 12 48 58 12 71 a4 5e 41 a7 64 72 34 2a 6f e2 0a 97 8f <== sholes private key
He explained it via this: the vulnerability is that p is 0, which makes r=1, which makes s = sha1sum(data) - k
This is for the milestone, I don't think it has been confirmed for other phones.
Essentially, if you can sign this keys, you can create an sbf for a phone. Someone can make the clockwork_recovery.sbf then let us flash any kind of custom firmware.
97 6a 21 7a 67 41 37 9f 26 53 4a 61 7f 2a 86 ae ff 71 21 78 2e 61 4f 71 90 3e 00 27 fe 9b <== initialization vector
7e 21 a8 37 64 12 75 a3 47 13 54 42 12 48 58 12 71 a4 5e 41 a7 64 72 34 2a 6f e2 0a 97 8f <== sholes private key
He explained it via this: the vulnerability is that p is 0, which makes r=1, which makes s = sha1sum(data) - k
This is for the milestone, I don't think it has been confirmed for other phones.
Essentially, if you can sign this keys, you can create an sbf for a phone. Someone can make the clockwork_recovery.sbf then let us flash any kind of custom firmware.
kptphalkon
Active Member
Well, whether or not the method or vulnerability is the same or similar for other phones, I am excited
Dancedroid
Dancedroid
kptphalkon
Active Member
Having my droid 2 global unlocked with a truly custom kernel and ROM would be amazing!!!!
superpopmonk
Member
This is all very exciting, but I have two questions. One: isn't there a possibility that this could blow up like it did with that guy who hacked the ps3? And also, how soon can we expect to see results(by that I mean, new things that I can flash or change on my phone?). Just curious
Sent from my DROID2
Sent from my DROID2
So don't OTA. We will be ahead like D1 is if this works.
Sent from my DROIDX using Tapatalk
Sent from my DROIDX using Tapatalk
kptphalkon
Active Member
I already root and freeze bloatware, OTAs will not happen any time soon 
superpopmonk
Member
So if a phone is already rooted an OTA wouldn't affect it?
Sent from my DROID2
Sent from my DROID2