Possible Ways to Crack the Bootloader

[13th angel]

I am just learning to theme so im not very knowledgeable on programming at all lol. But when moto releases an ota what file or whatever do they use for the phone to accept it? Is there a way to get what you need from any of that? Probably a stupid noobie thought but I was just thinking in my little brain.

Sent from my DROIDX using DroidForums App

I think that's the one most likely of doing any good however it requires waiting till gb is released which some people don't want to do.

Sent from my Liberated D2G

 

[swagmonster]

Im on it lol jk

Sent from my DROID2 using DroidForums App

 

[droidx8791]

Well true 13angel but we already had froyo ota and P3droid has a developers dx with gingerbread ( i think)so there is gotta be something. When we got froyo ota our phones had to read some file to acknowledge it was legit. I might not be making any sense cause I don't know anything about the process.

Sent from my DROIDX using DroidForums App

 

[WugFresh]

I think it just parses your build.prop for ro.fingerprint and device and id, and then checks for all the stock apps... I could just be making that up though.. thats just what I thought...

{{ WugFresh }}

 

[13th angel]

I think it just parses your build.prop for ro.fingerprint and device and id, and then checks for all the stock apps... I could just be making that up though.. thats just what I thought...

{{ WugFresh }}

Wouldnt it have to open the bootloader and all that jazz in order to upgrade the kernel to the gingerbread one though? That would require the key to be sent along with the ota update.

 

[WugFresh]

I think it just parses your build.prop for ro.fingerprint and device and id, and then checks for all the stock apps... I could just be making that up though.. thats just what I thought...

{{ WugFresh }}

Wouldnt it have to open the bootloader and all that jazz in order to upgrade the kernel to the gingerbread one though? That would require the key to be sent along with the ota update.

Ahh.. I see what you are saying, yes it would.. but rest assured that key is also encrypted/hidden somehow and also probably not easy to locate on the file. But you are correct... there has to exist something on that file to let it do what it does. I suppose that could be a course of action... I just don't see that being a way to get around the encryption scheme though. It's not like the gb image is gonna have a txt file on it called moto keys.. lol.. I wish though...

{{ WugFresh }}

 

[13th angel]

I think it just parses your build.prop for ro.fingerprint and device and id, and then checks for all the stock apps... I could just be making that up though.. thats just what I thought...

{{ WugFresh }}

Wouldnt it have to open the bootloader and all that jazz in order to upgrade the kernel to the gingerbread one though? That would require the key to be sent along with the ota update.

Ahh.. I see what you are saying, yes it would.. but rest assured that key is also encrypted and also probably not easy to locate on the file. But you are correct... there has to exist something on that file to let it do what it does...

{{ WugFresh }}

Even if its encrypted its still there. Probably encrypted just as heavily but still, gives another shot at something to crack.

 

[WugFresh]

Wouldnt it have to open the bootloader and all that jazz in order to upgrade the kernel to the gingerbread one though? That would require the key to be sent along with the ota update.

Ahh.. I see what you are saying, yes it would.. but rest assured that key is also encrypted/hidden somehow and also probably not easy to locate on the file. But you are correct... there has to exist something on that file to let it do what it does. I suppose that could be a course of action... I just don't see that being a way to get around the encryption scheme though. It's not like the gb image is gonna have a txt file on it called moto keys.. lol.. I wish though...

{{ WugFresh }}

Even if its encrypted its still there. Probably encrypted just as heavily but still, gives another shot at something to crack.

If you're trying to crack the encryption, it won't matter.. either way you are doing hash collisions. Its math not roulette.

{{ WugFresh }}

 

[13th angel]

true but its another thing to try lol. By the way, great find on that long post earlier about the SHA - 1 encryption being broken.

 

[KHeeney5]

I agree with the posts above. There is some sort of equation we have to find that Motorola uses for encryption. I wrote an encryption program last year and math is how it works.

 

[fox_dye]

Im with the guys up top. I don't think this thing will be cracked by anyone. Its like looking for one grain of sand on every beach on the world. I just hope there is a leak when this thing hits eol.

Sent from a galaxy far far away......

 

[aliasxerog]

SHA-1 encryption has been broken by a team of researchers; Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu, and apparently they have been shadily distributing their paper, but its not readily publicly available. They used hash collisions to break the encryption. I personally know calculus, differential equations, greens and stokes theorem, and linear albegra, but this type of math is still way over my head. From my limited understanding on this...hash collisions would be the only real way to actually crack the encryption (vs. bypass, or the work you have been doing..), and considering that it has already been done, then I suppose that makes it a viable solution. I don't know if a team of researchers from Shandong University in China would care enough about the android hacker community to share their findings... but I suppose anything is possible. If in fact they were willing to share this information, the function could be used in a powerful computational program such as Maple, Matlab, or Mathmatica, to generate the private keys... but I think you might need the public key..? Like I said...I really only have a surface-level understanding of whats involved.

Well RSA is just linear algebra, as it SHA-*. It's just linear algebra on a vector quantity or matrix instead of a single number.

I have been looking into hash collisions, but I'm not sure how viable it would be to pad our modded bootloader with 0x00's to actually collide.

 

[aliasxerog]

I agree with the posts above. There is some sort of equation we have to find that Motorola uses for encryption. I wrote an encryption program last year and math is how it works.

http://http://www.di-mgt.com.au/rsa_alg.html

 

[fox_dye]

All I can say is that I hope this thing gets cracked and whoever does it or gets a hold of a leaked sbf that is unlocked will get a fat donation cause I just got this thing cause my wife is a tight a** and wouldn't let me get a tb.

Sent from a galaxy far far away......

 

[WugFresh]

SHA-1 encryption has been broken by a team of researchers; Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu, and apparently they have been shadily distributing their paper, but its not readily publicly available. They used hash collisions to break the encryption. I personally know calculus, differential equations, greens and stokes theorem, and linear albegra, but this type of math is still way over my head. From my limited understanding on this...hash collisions would be the only real way to actually crack the encryption (vs. bypass, or the work you have been doing..), and considering that it has already been done, then I suppose that makes it a viable solution. I don't know if a team of researchers from Shandong University in China would care enough about the android hacker community to share their findings... but I suppose anything is possible. If in fact they were willing to share this information, the function could be used in a powerful computational program such as Maple, Matlab, or Mathmatica, to generate the private keys... but I think you might need the public key..? Like I said...I really only have a surface-level understanding of whats involved.

Well RSA is just linear algebra, as it SHA-*. It's just linear algebra on a vector quantity or matrix instead of a single number.

I have been looking into hash collisions, but I'm not sure how viable it would be to pad our modded bootloader with 0x00's to actually collide.

Well then I have a solid understanding of all of the components involved if that's really what it is... and I think I still have my Matlab textbook somewhere in my room in the rubble.. lol. The problem is I lack understanding on the android end.. like where are the input values coming from? Your understanding of linux vs mine is very different... you are on a whole other level than me. My understanding of the way the recovery works and all that is very limited.. But if I don't have to understand any of that ridiculousness, and I am just presented with input values and a really difficult math problem... I certainly could take a stab at it.. I also am presently at college so there are plenty of graduate students I could hit up if I were completely lost. I'm just not a legit programmer like you are.. I know a little.. enough to do the things I have tried to build.. but I followed what you have been doing and that stuff is completely foreign to me.

I can offer my brain for math.... as for the rest.. I really am lost.

I don't understand how the bootloader actually works... so the second part of your post is hard for me to understand.

{{ WugFresh }}