The Droid X uses
TI's OMAP 3630 system on a chip. I was hoping for Motorola to have written their own DRM, but it turns out that model uses TI's
M-Shield technology. I'm still trying to wrap my head around the OMAP tech specs, but it looks like there's nothing but a
whitepaper, for M-Shield. I suspect that's because they reserve that for their high-volume customers, and DRM relies entirely on security by obscurity.
Unfortunately, I have enough faith in TI that I suspect they properly implemented the cryptographic signing, so I only see two realistic attacks. First, RSA keys require large, hard-to-factor prime numbers, and for performance reasons probabilistic primality tests are used. It's more likely that one of the "prime" numbers used isn't, than someone cracking normal RSA 2048 (equivalent to brute-forcing 112 bit symmetrical encryption keys, according to RSA). Alternatively, RSA can use either MD5 or SHA-1 to sign things. SHA-1 is collision resistant, but MD5 is less so. The OMAP supports either hashing algorithm, so if Motorola picked MD5 it's possible one can make a custom firmware that has the same hash (and subsequently RSA signature) as an offical firmware. So the bootloader would accept the custom firmware without being able to tell that it isn't from Motorola.
As for mod-chip/hardware based attacks... I fear that the hardware is physically tamper-resistant. It's probably all in the same microchip, so there are unlikely to be any contacts to connect to. Now, there is no tamper-proof hardware, but this raises the bar such that, to my knowledge, there's basically one person that broke it as a proof-of-concept. OTOH, homomorphic encryption isn't practical yet, so hardware attacks are still theoretically unstoppable.
What I'm trying to figure out right now is where the first stage bootloader is located. The first stage bootloader is where the OMAP starts executing instructions contained on flash, and if we can overwrite it then we can ignore M-Shield all together. Sadly, I think it's in the "secure rom" part of the chip. If so, that makes it a pain. OTOH, a lot of OMAP chips don't even use M-Shield, so hopefully there's a way to use a first stage bootloader located somewhere else. This might require a hardware hack, but it's probably not impossible to use software to accomplish the same feat. Also of note is that M-Shield is almost certainly used for SIM locking and DRM, so bypassing it might mean we need to re-implement the former to keep the cell phone on Verizon's network. The latter is why I suspect the Droid X uses M-Shield at all, since, IIRC, Blockbuster has some application pre-installed to watch overpriced movie rentals.
Right now I don't know enough to comment intelligently on this matter, but I figure someone might be able to make use of what I've dredged up so far. IMHO, cracking the bootloader is akin to focusing on the carbon nanotube reinforced steel 64 pin padlock securing the wooden door on a grass hut. Running your own linux variant doesn't really require flashing a new firmware using the bootloader, though that's the more traditional approach with phones. Or at least that is what I think for now. Recall that I'm worse than a newbie since I won't even have a smartphone of any sort, ilk, or kind for at least another day.
