While I am hesitant to get too excited for this and I will wait until actual custom recovery is reached, I think for the time being we copy this information down and spread it as much as possible. Motorola already took notice, so finding all the remaining instances is their top priority.
[Hoax!] Bootloader encryption possibly broken!
- Thread starter Jaxidian
- Start date
2048 bit encryption would take a lifetime with brute force IIRC.
kptphalkon
Active Member
- Joined
- Dec 31, 2010
- Messages
- 1,380
- Reaction score
- 6
It would probably take dozens of lifetimes to brute force that kind of encryption
teh_g
Member
- Joined
- Oct 14, 2010
- Messages
- 383
- Reaction score
- 0
I believe they cracked it because Moto didn't add a random number to their RSA encryption. See here for details: Sholes signing key leak explained
Amazing, my question is what's a key? Sorry for being a noob
Sent from my DROIDX
Sent from my DROIDX
kptphalkon
Active Member
- Joined
- Dec 31, 2010
- Messages
- 1,380
- Reaction score
- 6
Exactly...my only question is, will this method work for every moto droid? The x, 2, milestone, 2 global, milestone 2?
teh_g
Member
- Joined
- Oct 14, 2010
- Messages
- 383
- Reaction score
- 0
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 <== nonce (e)
97 6a 21 7a 67 41 37 9f 26 53 4a 61 7f 2a 86 ae ff 71 21 78 2e 61 4f 71 90 3e 00 27 fe 9b <== initialization vector
7e 21 a8 37 64 12 75 a3 47 13 54 42 12 48 58 12 71 a4 5e 41 a7 64 72 34 2a 6f e2 0a 97 8f <== sholes private key
He explained it via this: the vulnerability is that p is 0, which makes r=1, which makes s = sha1sum(data) - k
This is for the milestone, I don't think it has been confirmed for other phones.
Essentially, if you can sign this keys, you can create an sbf for a phone. Someone can make the clockwork_recovery.sbf then let us flash any kind of custom firmware.
97 6a 21 7a 67 41 37 9f 26 53 4a 61 7f 2a 86 ae ff 71 21 78 2e 61 4f 71 90 3e 00 27 fe 9b <== initialization vector
7e 21 a8 37 64 12 75 a3 47 13 54 42 12 48 58 12 71 a4 5e 41 a7 64 72 34 2a 6f e2 0a 97 8f <== sholes private key
He explained it via this: the vulnerability is that p is 0, which makes r=1, which makes s = sha1sum(data) - k
This is for the milestone, I don't think it has been confirmed for other phones.
Essentially, if you can sign this keys, you can create an sbf for a phone. Someone can make the clockwork_recovery.sbf then let us flash any kind of custom firmware.
kptphalkon
Active Member
- Joined
- Dec 31, 2010
- Messages
- 1,380
- Reaction score
- 6
Well, whether or not the method or vulnerability is the same or similar for other phones, I am excited
Dancedroid
Dancedroid
teh_g
Member
- Joined
- Oct 14, 2010
- Messages
- 383
- Reaction score
- 0
kptphalkon
Active Member
- Joined
- Dec 31, 2010
- Messages
- 1,380
- Reaction score
- 6
Having my droid 2 global unlocked with a truly custom kernel and ROM would be amazing!!!!
superpopmonk
Member
- Joined
- Jan 12, 2011
- Messages
- 99
- Reaction score
- 0
This is all very exciting, but I have two questions. One: isn't there a possibility that this could blow up like it did with that guy who hacked the ps3? And also, how soon can we expect to see results(by that I mean, new things that I can flash or change on my phone?). Just curious
Sent from my DROID2
Sent from my DROID2
- Joined
- Dec 14, 2010
- Messages
- 217
- Reaction score
- 0
So don't OTA. We will be ahead like D1 is if this works.
Sent from my DROIDX using Tapatalk
Sent from my DROIDX using Tapatalk
kptphalkon
Active Member
- Joined
- Dec 31, 2010
- Messages
- 1,380
- Reaction score
- 6
I already root and freeze bloatware, OTAs will not happen any time soon 
superpopmonk
Member
- Joined
- Jan 12, 2011
- Messages
- 99
- Reaction score
- 0
So if a phone is already rooted an OTA wouldn't affect it?
Sent from my DROID2
Sent from my DROID2
Most reactions - Past 7 days
-
37 -
27 -
27 -
18 -
15 -
14 -
9 -
7 -
N
1
Similar threads
