What's new
DroidForums.net | Android Forums & News

This is a sample guest message. Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

Possible Ways to Crack the Bootloader

Technically it should be possible on normal hardware. I read a bunch today about setting up machines specifically for doing hash collisions.. all about hardware stuff. No super computer necessary... at least for SHA-1

{{ WugFresh }}
 
Not the same though its super it would ls port say you call this encryption
Sent from my ADR6300 using DroidForums App
 
PalmerCurling said:
I have solid ties at a few colleges in the area. I'll talk to my people and see what they can do. In the mean time, I'm gonna hit up the library for some info. Welcome to team FreeMyMoto, Wug :) very glad to have you on board!

Sent from my DROIDX using Tapatalk
Click to expand...

Awsome, glad to join in. With team name like that it can only end with one result ;) It would really be epic. I just hope that what I am thinking of is actually possible to do on this device.. I need more information on the bootloader itself, sbf files, and anything you guys have already discovered that failed. Is everything documented up to this point? My major lack of knowledge is on the android end. I know a good deal but not about the the lowest level of abstraction from the hardware, ie my understanding of the kernel is minimal. If what I am thinking of actually has any chance of working its going to require a full understanding of all the elements involved. Even if I can wrap my head around the mathamatical approach, without an understanding of the what it is I am trying to break... I will have no chance.

{{ WugFresh }}
 
WugFresh said:
No, I am trying to break SHA-1 encryption in the bootloader itself. I am researching the methods to do this and then consulting and math professor with a PhD for specific questions.. then I am going to try and get the private key with hash collisions. Thats my plan as of today.. this is only day one of my research though. I still think this is a viable approach.

My hope is that aliasxerog and other linux specialist will be able to take advantage of the mathamatical approach I am working out to actually be used on the android end. Theory vs. Practice is different though. I really hope it works/can work...

{{ WugFresh }}
Click to expand...

I know what your doing.... I was answering the other post too lol.

Sent from my Liberated D2G
 
13th angel said:
WugFresh said:
No, I am trying to break SHA-1 encryption in the bootloader itself. I am researching the methods to do this and then consulting and math professor with a PhD for specific questions.. then I am going to try and get the private key with hash collisions. Thats my plan as of today.. this is only day one of my research though. I still think this is a viable approach.

My hope is that aliasxerog and other linux specialist will be able to take advantage of the mathamatical approach I am working out to actually be used on the android end. Theory vs. Practice is different though. I really hope it works/can work...

{{ WugFresh }}
Click to expand...

I know what your doing.... I was answering the other post too lol.

Sent from my Liberated D2G
Click to expand...

I don't even know what I am doing, how do you know.. lol.. please tell me! I think I know what I am doing... but I need to read way more. I hope for FreeMyMoto victory, but either way, I am going to get a minor in cryptography in the process.. lol. The amount I learned today is crazy and I still am just scratching the surface. What's the deal with FreeMyMoto though.. do you guys have a fund? Can you buy me a textbook if I find one that I think is actually worth it or am I on my own..? Just curious...

If not its ok.. I can just photocopy like a mad man.. I certainly have done that before.

{{ WugFresh }}
 
Last edited:
WugFresh said:
13th angel said:
I know what your doing.... I was answering the other post too lol.

Sent from my Liberated D2G
Click to expand...

I don't even know what I am doing, how do you know.. lol.. please tell me! I think I know what I am doing... but I need to read way more. I hope for FreeMyMoto victory, but either way, I am going to get a minor in cryptography in the process.. lol. The amount I learned today is crazy and I still am just scratching the surface. What's the deal with FreeMyMoto though.. do you guys have a fund? Can you buy me a textbook if I find one that I think is actually worth it or am I on my own..? Just curious...

If not its ok.. I can just photocopy like a mad man.. I certainly have done that before.

{{ WugFresh }}
Click to expand...

Lmao I think you know what I meant you troll!

I'll try to do some research for ya over the weekend if I can. I got volunteered into helping my moms work move this weekend (its not too bad but its time consuming. She works at the local guitar shop as an accountant).

Sent from my Liberated D2G
 
WugFresh said:
No, I am trying to break SHA-1 encryption in the bootloader itself. I am researching the methods to do this and then consulting and math professor with a PhD for specific questions.. then I am going to try and get the private key with hash collisions. Thats my plan as of today.. this is only day one of my research though. I still think this is a viable approach.

My hope is that aliasxerog and other linux specialist will be able to take advantage of the mathamatical approach I am working out to actually be used on the android end. Theory vs. Practice is different though. I really hope it works/can work...

{{ WugFresh }}
Click to expand...

The likelihood of finding a hash collision in SHA-1 is slim to none. I think it's more likely that you take twelve flights, they all crash and youre the lone survivor in all twelve. Not trying to be a party pooper but hash collisions are not the way to go...

Sent from my Droid using Tapatalk
 
czerdrill said:
WugFresh said:
No, I am trying to break SHA-1 encryption in the bootloader itself. I am researching the methods to do this and then consulting and math professor with a PhD for specific questions.. then I am going to try and get the private key with hash collisions. Thats my plan as of today.. this is only day one of my research though. I still think this is a viable approach.

My hope is that aliasxerog and other linux specialist will be able to take advantage of the mathamatical approach I am working out to actually be used on the android end. Theory vs. Practice is different though. I really hope it works/can work...

{{ WugFresh }}
Click to expand...

The likelihood of finding a hash collision in SHA-1 is slim to none. I think it's more likely that you take twelve flights, they all crash and youre the lone survivor in all twelve. Not trying to be a party pooper but hash collisions are not the way to go...

Sent from my Droid using Tapatalk
Click to expand...

It was done in 2005, documentation exists on the project, its now 2010, I have a lot of resources at my disposal and frankly I don't care if its near impossible.. the fact of the matter is that it IS possible.. I am not suggesting its probable, just that it has been done, so why can't it be done again. All the other solutions haven't come to fruition, so not giving the one a chance that might actually work would be giving up. If it were SHA2, I would say, you are 100% correct, forget it.. I wouldn't even bother. But SHA1 is actually in the realm of possibility. If its possible and hasn't been done yet.. then it's worth a shot.

If hash collisions arent the way to break SHA1 encryption then what is? Giving up? Sending moto sad faces?

{{ WugFresh }}
 
Pmoser said:
Do you Suggest we beat it out of MOTO I'm down for that too

Sent from my ADR6300 using DroidForums App
Click to expand...

we could probably get a large enough mob together :)

Maybe a n00b request, but can someone explain what's really going on with the keys/bootloader.

Here's my understanding:
The bootloader is coded so that it checks something in the kernel for validation to make sure it's "valid"/"signed" by motorola. This "something" can change if moto sees fit by updating the bootloader and kernel in the same update. Thus allowing the new bootloader to validate the new key in the kernel.

The bootloader is also locked in some way so that it cannot be updated without a similar form of validation.

So, each new update from moto will likely have a different set of keys, making it that much harder to determine a common "pattern" and finding those pesky bits we long for.

Is this pretty much right?

Is the bootloader protected by a swappable key like I'm assuming the kernel is? Either way, is it easier to target the bootloader or the kernel? If we discover the key that the bootloader expects from the kernel, then we can just never update the bootloader and begin signing kernels that it'll accept.

Again, just trying to wrap my head around the actual situation. How close am I?
 
I will let someone like aliasxerog answer that question.. he would do it more justice than me.. I am focusing specifically on bettering my chances to break SHA1 encryption, the android end is still not concrete enough for me to answer that confidently.

{{ WugFresh }}
 
You must log in or register to reply here.

Similar threads

I
Possible way to unlock the bootloader! Here me out on this!
Replies
4
Views
3K
Graymayre
G
A
Twitter and Motorola's Stance
2 3 4
Replies
54
Views
11K
aliasxerog
A
A
Let's start trying to crack the bootloader!
Replies
11
Views
6K
jtsativa420
J
M
Motorola's bootloader allegedly cracked!
Replies
1
Views
4K
mohitrocks
M
R
Cracked my screen today :(
Replies
6
Views
3K
captdroid
C
Back
Top