• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Root Bootloader cracked **Update - This was a fake **

Status
Not open for further replies.
This is saying that Motorola was notified of the vulnerability 3 months ago. The actual cracking of the key could have been done any time since then, or even before then.
 
Piiman said:
Sholes signing key leak explained

The Motorola(r) sholes platform uses a trusted bootloader environment. Signatures are stored as part of the CDT stored on the NAND flash. mbmloader verifies the signature on mbm before passing control. mbm verifies all other signatures before allowing the device to boot.
There is a vulnerability in the way that Motorola generated the signatures on the sections stored in the CDT. This vulnerability is very simple. Like on the PlayStation 3, Motorola forgot to add a random value to the signature in order to mask the private key. This allowed the private key and initialization vector to be cracked.
The keys can be cracked using Mathematica. Read up on how the Elgamal signature scheme works.
Ok, what does this mean?

Please refer to the following table:
Boot chain component Status OMAP secure bootrom secure Secure keystore replaceable mbmloader secure, but irrelevant, replaceable but unnecessary mbm secure, but irrelevant, replaceable but unnecessary recovery replaceable (providing new keys is recommended) system replaceable (providing new keys is recommended) bootimage replaceable (providing new keys is recommended) I do not plan on doing any more work on this. But all information has been handed over to people who are working on this. Follow the FreeMyMoto people for their progress.
Advisory history


  • December 20th, 2010 — Motorola notified of keystore vulnerability. No response received from Motorola.
  • February 20th, 2011 — Motorola notified again of keystore vulnerability. No response received from Motorola.
  • February 27th, 2011 — Motorola notified that keystore vulnerability will be disclosed to public on March 20th. No response received from Motorola.
  • March 20th, 2011 — Keystore signature generation vulnerability publically disclosed including private key leak. Response received from Motorola legal.
Click to expand...


Do you really think Motorola will push the issue? Please correct me if I am wrong but I thought the encrytion was embedded with the processor which is now outdated. No new phones will be able to take advantage (Atrix, Bionic) because they used a different processor which would carry it's own encryption. Might have it all screwed up. Read up on it at 3 am during a bout of insomnia.
 
woodstorm said:
Do you really think Motorola will push the issue? Please correct me if I am wrong but I thought the encrytion was embedded with the processor which is now outdated. No new phones will be able to take advantage (Atrix, Bionic) because they used a different processor which would carry it's own encryption. Might have it all screwed up. Read up on it at 3 am during a bout of insomnia.
Click to expand...

Not quite sure what you are talking about but Motorola did issue a C&D when he went public with them. I'm sure by now the keys are in the hands of those who need them.
 
I think the problem is I don't know what I am talking about, hence the confusion. Lol

Went back and read up on it. I'm an idiot and will shut up now. I'll be here in the corner talking to myself...
 
woodstorm said:
I think the problem is I don't know what I am talking about, hence the confusion. Lol

Went back and read up on it. I'm an idiot and will shut up now. I'll be here in the corner talking to myself...
Click to expand...

You don't have a problem as long as you don't start talking back.:D
 
I have to be honest: I was getting kind of down lately as it seems like a lot of our Devs are getting Thunderbolts. Between that and the fact that the Project Bootloader Freedom tweets seemed to indicate stagnation in their progress, it sort of felt like our phone had come to the end of its progress.

But now, well... let's just say that this made my freaking month. As I understand it, we will soon have the ability to flash an SBF that will give us a true custom recovery, and access to EVERY bigname ROM out there (correct me if I'm wrong). Our awesome devs will now have no limit on what they can do.

The only thing that I am still unclear on is whether this will allow us to flash updated Kernals for new versions of Android (allowing us to update to all new versions of Android in the future). But any way you shake it, we just hit the freaking jackpot baby. Now where the hell do I go to donate that guy a freaking year's supply of beer?
 
so as typical as life would have it; once it is out dated the possible big break comes out?
i got that right?

not that i really care as im gonna use this phone until it or the otterbox gives up on me....lol....
 
Piiman said:
Well they have the keys to something but I don't see anything about them saying its the keys to the efuse. hmm after reading a few more tweets it looks/sounds like they have cracked motomobiles custom encryption and found the keys

nenolod William Pitcock



props to @motomobile for cooking their own modified elgamal signature scheme and doing a bad job at it. no props to TBH.

1 hour ago

buddy_icon_1745_normal.gif

nenolod William Pitcock



frequently asked question: what are these keys for? answer: signing SBF update files for rsdlite.
buddy_icon_1745_normal.gif

nenolod William Pitcock



continuing... SBF files can be used to load a new recovery on the phone. or to flash entirely different software (e.g. non-android)

1 hour ago http://twitter.com/#http://twitter.com/#http://twitter.com/#http://twitter.com/#

KLzCIfgiiXxCTWFuKTdTnAIs1KgALjVD8NkfQsmRUHKEedz9MH6Djts8nBXICPbPBPtnIvIhEfnQHThLxs544p97OCsdt4Wm7sTkYQDKLwpzS9J8Ud4JtO275ObbJAoRqgoEbT07659+RgmKE7nFSHa4FdJx26jvKpCBnLTFw7Z72Haa76L5LlbqFBSnFmixqPwvpcXyqp8XOboAAAAASUVORK5CYII=


Sounds good!



http://twitter.com/#http://twitter.com/#http://twitter.com/#http://twitter.com/#
Click to expand...

Just out of curiousity, do we know why he seems to have "beef" with Team Black Hat?
 
well, I have that warm and fuzzy feeling again. im not even going to pretend that im following along with clarity. I just know the phone im obliged to until July 15 2012 is going to get better! even if im on my second phone case.
 
NICE! Got on here to look around at the ROMs so I could change my phone up a bit, I think I will just use Apex a little while longer and wait and see where this goes... :cool:
 
dabomb224 said:
The only thing that I am still unclear on is whether this will allow us to flash updated Kernals for new versions of Android (allowing us to update to all new versions of Android in the future).
Click to expand...

This is going to let the devs sign an SBF file which Motorola's bootloader will install.

That means they can install anything.
 
I think its funny now that all the dev's dumped their Droid X's and now we will have true greatness on our phones... haahahahahahahahahaha... mainly at birdman and the early dumpers...
 
faber78 said:
so as typical as life would have it; once it is out dated the possible big break comes out?
i got that right?

not that i really care as im gonna use this phone until it or the otterbox gives up on me....lol....
Click to expand...

Exactly and how valiant of the person or people to hold on to info for at least 3 months for Moto's sake. :rolleyes:
 
NICE! :D :eek: :cool:

I was really beginning to get upgrade envy with all the new devices coming out but this has me absolutely pumped!!! Good day to be a Droid X owner, and many many more good days to come. this is gonna be fun!
 
Status
Not open for further replies.
Back
Top Bottom