What's new
DroidForums.net | Android Forum & News

This is a sample guest message. Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

Possible Ways to Crack the Bootloader

If the manufacturers wanted to they could all start using SHA-2 and we would all be screwed, there are simply to many possibilities to ever be able to crack that encryption scheme. You would need a leak... well... unless you somehow managed to invent and build a farm of quantum computers that simultaneously calculated every possible scenario using the law of superposition.. but I am afraid we are not quite there yet regarding computer technology.

Luckily for us I'm pretty sure they used SHA-1 on this device which still is no walk in the park, but should theoretically be crackable using hash collisions (with a little fairy dust, a few drops of phonix blood, and some unicorn tears for good measure).

@aliasxerog
I look forward to you bringing me up to speed so I can get started on this, I also agree with you about posting information here (unless for whatever it is not publicly available.. or shouldn't be posted but will help... then email it). When there's a will there a way! (well.. thats almost true regarding encryption.. lol). I have the will, and hopefully can learn the way.

However, I must say, that if by some chance we actually are able to crack it, I strongly doubt it would remain a viable solution for future devices, Moto and other manufacturers would just strike back with more beastly encryption. It's always a cat and mouse game.

Regardless, lets collide some hashes!

{{ WugFresh }}
 
Last edited:
I'm also willing to help out with what I can, I know a little about some programming/reverse engineering and I can do whatever research is needed.

Sent from my DROID2 of shame.
 
I'm also willing to help out with what I can, I know a little about some programming/reverse engineering and I can do whatever research is needed.

Sent from my DROID2 of shame.

Research is needed. Any resources on hash collisions or SHA-1 encryption you could dig up would be very beneficial. It doesn't matter how complicated, convoluted, or extrodinarily long they might be.. any good resource would help. 95% of the challenge is going to be understanding what the hell it is I actually am trying to do, but actually doing it will probably boil down to writing up a complex function, running it through software and then doing a bunch of testing. Right now information is needed and is the most valuable piece of the puzzle.

Last night, I sent an email to a math professor I had here to see if he would be willing to meet with me and go over whats involved. I didn't really specify the nature of my side project, I just told him that it involved hash collisions. I am hoping I get a response today. I fully plan on using any and every resource that's available to me, but regardless please help by posting information on this subject matter if you are able to do so.

I would like to actually know what I am talking about before I meet with people who have real expertise so I can ask them specific questions. No one person is going to teach me everything they know.

{{ WugFresh }}
 
Last edited:
If the manufacturers wanted to they could all start using SHA-2 and we would all be screwed, there are simply to many possibilities to ever be able to crack that encryption scheme. You would need a leak... well... unless you somehow managed to invent and build a farm of quantum computers that simultaneously calculated every possible scenario using the law of superposition.. but I am afraid we are not quite there yet regarding computer technology.

Luckily for us I'm pretty sure they used SHA-1 on this device which still is no walk in the park, but should theoretically be crackable using hash collisions (with a little fairy dust, a few drops of phonix blood, and some unicorn tears for good measure).

@aliasxerog
I look forward to you bringing me up to speed so I can get started on this, I also agree with you about posting information here (unless for whatever it is not publicly available.. or shouldn't be posted but will help... then email it). When there's a will there a way! (well.. thats almost true regarding encryption.. lol). I have the will, and hopefully can learn the way.

However, I must say, that if by some chance we actually are able to crack it, I strongly doubt it would remain a viable solution for future devices, Moto and other manufacturers would just strike back with more beastly encryption. It's always a cat and mouse game.

Regardless, lets collide some hashes!

{{ WugFresh }}

Wug, what u do to prevent moto goin nuts on the encryption is you release your finding a week or so before motos next phone comes out. Then more than likely, they will have alrdy sent out phones that have the exploit still. So those will b ok. Then, depending on what moto does, either look for a new exploit early, or enjoi ur cracked phone. Same deal happened with the iphone. What we hope for is that moto doesnt do a hardware or software change for the next phones.

Sent from my DROIDX using DroidForums App
 
Maybe a stupid question but has anyone looked through Motos open source files? I was looking through them this morning and found some private and public key check scripts....maybe not helpful?

Sent from my DROID2 of shame.
 
Should the key be buried in the ota somewhere? I know very little about this but I do have the verizon 2.3.340 ota zip file if needed.

Sent from my DROIDX using DroidForums App
 
I don't know if its included but if it is I garentee its encrypted just as much as the bootloader. Hash collisions are the way I see this going down.. straight up cracking the secure algorithm.

{{ WugFresh }}
 
Just thinking. Didn't 2.3.340 change the bootloader version? I guess just wishful thinking. As I stated I don't know much just throwing out ideas.

Sent from my DROIDX using DroidForums App
 
I don't know if its included but if it is I garentee its encrypted just as much as the bootloader. Hash collisions are the way I see this going down.. straight up cracking the secure algorithm.

{{ WugFresh }}

That's what pretty much everyone has been saying. It should be included in the gb update that's coming because it will have to install the new gb kernel. However it would be pure stupidity on moto's part not to encrypt it when they've been encrypting the bootloader too, would be the equivalent of just handing us the key and I don't see them doing that....

Sent from my Liberated D2G
 
No, I am trying to break SHA-1 encryption in the bootloader itself. I am researching the methods to do this and then consulting and math professor with a PhD for specific questions.. then I am going to try and get the private key with hash collisions. Thats my plan as of today.. this is only day one of my research though. I still think this is a viable approach.

My hope is that aliasxerog and other linux specialist will be able to take advantage of the mathamatical approach I am working out to actually be used on the android end. Theory vs. Practice is different though. I really hope it works/can work...

{{ WugFresh }}
 
Last edited:
I have solid ties at a few colleges in the area. I'll talk to my people and see what they can do. In the mean time, I'm gonna hit up the library for some info. Welcome to team FreeMyMoto, Wug :) very glad to have you on board!

Sent from my DROIDX using Tapatalk
 
Back
Top