Bootloader Unlocking Effort

Search This thread
Hey all,

I've been a lurker for a while, been looking for a way to encourage the now Google-owned Motorola Mobility to unlock their bootloaders much like HTC has wisely done, but it's becoming more and more obvious to me that they don't care about the "minority" of us that actually feels as though we are entitled to full admin rights on our phones that we either paid a ton of cash for, or signed a lengthy contract to obtain. Verizon is the one blocking it? HTC found a way, and so can Motorola Mobility...that is cop-out.

My proposal is that there be an effort to unlocked the bootloader, I am not some expert programmer, and I am open to whatever will help the cause. I know there was a bounty on it, but to me this isn't about money, I'll donate time, money, information ripped from my phone if it, in some way, contributes to unlocked that bootloader. Even if you need my unused CPU cycles to calculate things, I don't care, just tell me what I can to do help, because I am sick of not being able to use my phone to it's fully potential.

Maybe I am being naive, but I believe if we all worked together we could accomplish this goal. If you agree, please, let's organize and figure this out!
-Joshua
 

XGrinder911

Senior Member
Aug 29, 2010
261
14
OnePlus 8T
I just can't believe that we are running an unofficial, incomplete version of CM7 and it runs smoother than stock Blur.
Is that telling you something about Motorola?
 
  • Like
Reactions: HitMyKush

RValentinF

Member
Mar 20, 2011
29
3
Do you guys think Google will make that decision for Motorola or will Moto stay the same?

Sent from my Android
 
Re: Google changing Moto policy

I don't know so much about Google changing Motorola's stance on the locked bootloader, we've tried petitioning the company themselves, but have we tried petitioning Google? Or maybe it's too soon, maybe they are working on it right now? Hard to tell, and I don't want to put pressure on Google too soon especially if they are trying diligently right now to do the right thing.

But the above poster is right, cracking it ourselves is definitely worth a try. I have contacts (unfortunately know inside Motorola), I know people with lots of knowledge on encryption, I'll be honest one of my friends does have a knack for the impossible, but this would be too much for one lone person. I also have a few computers in the house, to donate computing power. None above 5 GB of RAM unfortunately, but my friend with all of that know-how does also have a synchronous 20/mbit up/down connection to the net, if that helps, and I have another friend that is the linux admin at a an unnamed private university in Durham that might could lend a hand in some way.

We have the resources, we just need to pool them.

Someone with the realistic technical know-how, just tell us where to begin, and the shortest path to getting to our goal and we'll do all we can to contribute!

Thanks for understanding and not just writing this off as a pipe-dream...because I know if we work together we can accomplish almost anything.

-Joshua
 

ztotherad

Senior Member
Aug 17, 2011
2,803
618
Illinois
OnePlus 9 Pro
I don't know so much about Google changing Motorola's stance on the locked bootloader, we've tried petitioning the company themselves, but have we tried petitioning Google? Or maybe it's too soon, maybe they are working on it right now? Hard to tell, and I don't want to put pressure on Google too soon especially if they are trying diligently right now to do the right thing.

But the above poster is right, cracking it ourselves is definitely worth a try. I have contacts (unfortunately know inside Motorola), I know people with lots of knowledge on encryption, I'll be honest one of my friends does have a knack for the impossible, but this would be too much for one lone person. I also have a few computers in the house, to donate computing power. None above 5 GB of RAM unfortunately, but my friend with all of that know-how does also have a synchronous 20/mbit up/down connection to the net, if that helps, and I have another friend that is the linux admin at a an unnamed private university in Durham that might could lend a hand in some way.

We have the resources, we just need to pool them.

Someone with the realistic technical know-how, just tell us where to begin, and the shortest path to getting to our goal and we'll do all we can to contribute!

Thanks for understanding and not just writing this off as a pipe-dream...because I know if we work together we can accomplish almost anything.

-Joshua

i love your optimism i have some old pms that may help with the effort
 
  • Like
Reactions: HitMyKush
Re: Amazon

hpark21:
I like the way you're thinking, does anyone else think this might be a good call? I know there was a bounty of around ~$800 somewhere, so I doubt if all of us who rightfully were promised and unlocked bootloader wouldn't mind pooling a bit of money for the computing power, hell I myself would give $50 to the effort if we knew it was a viable solution.

Other thoughts?
Also, ztotherad, if you could send me those PMs maybe we can sift through those and see if there are some other avenues, nothing is off the table at this point.

thanks again for coming together on this, that is the true meaning of community.
 

ztotherad

Senior Member
Aug 17, 2011
2,803
618
Illinois
OnePlus 9 Pro
hpark21:
I like the way you're thinking, does anyone else think this might be a good call? I know there was a bounty of around ~$800 somewhere, so I doubt if all of us who rightfully were promised and unlocked bootloader wouldn't mind pooling a bit of money for the computing power, hell I myself would give $50 to the effort if we knew it was a viable solution.

Other thoughts?
Also, ztotherad, if you could send me those PMs maybe we can sift through those and see if there are some other avenues, nothing is off the table at this point.

thanks again for coming together on this, that is the true meaning of community.

i can def send you them, idk how much help theyll be
 

thelowend

Senior Member
Jan 31, 2012
2,152
410
The cold part of Ohio
Uh, I think it's already been established that brute forcing it is impossible.

In one of the many threads concerning bootloader unlocks, I believe the chances of us finding it were determined to be 1mill:1. It would take us over a decade to manually come up with the key. I don't want to kill confidence, but I'd like to keep things relatively rational.

Sent from my MB870 using xda premium
 
  • Like
Reactions: ashclepdia
Uh, I think it's already been established that brute forcing it is impossible.

it's been established that brute forcing is nearly impossible, not completely impossible
it is something that would take an insane amount of resources to accomplish , and/or time ,

it would really come down to "how lucky are we?" really, as in::: how lucky are we that we stumble across or know a genius that can crack it, stumble across needed files, etc...

good luck to all who try, I wish I could do anything to get us there, but I don't know the first thing when it comes to this stuff, don't give up the dream!
 

hpark21

Senior Member
Feb 15, 2010
211
17
Basically, what it comes down to is:
Find out what their hash key is. (encrypted password)

Then, try to go through all valid characters and see whether the input matches the output hash.

If one is lucky and they used short enough password, then it will be quick to find.

If unlucky and they used really long password, then the answer is that we won't be able to find it in REASONABLE time. (I would say 1-2 months to be reasonable - at $2/hr, it would cost $48/ day).

Only issue is when do we stop?
 

thelowend

Senior Member
Jan 31, 2012
2,152
410
The cold part of Ohio
Basically, what it comes down to is:
Find out what their hash key is. (encrypted password)

Then, try to go through all valid characters and see whether the input matches the output hash.

If one is lucky and they used short enough password, then it will be quick to find.

If unlucky and they used really long password, then the answer is that we won't be able to find it in REASONABLE time. (I would say 1-2 months to be reasonable - at $2/hr, it would cost $48/ day).

Only issue is when do we stop?

There was some kind of crazy algorithm applied to each character to generate the correct item for each number of the key, correct? We would have to come up with that too?

Sent from my MB870 using xda premium
 

_base2

Senior Member
Nov 25, 2011
127
39
THANK YOU! Finally ... a revived movement. I pledged $100 on another thread and I'm good for putting it toward an unlocked bootloader again!

To learn from one of the most influential groups of our generation ... anonymous utilizes botnets to pool computing resources ... if we get a tool that could function similarly, could we not pool 1000s of computers together to crack it faster? It would make what is not feasible for a small set of computers to do... feasible. If all most users have to do is download a tool that gives us access to processing power and bandwidth ... users will download the hell out of it.

Count me in.

[ sent from _base2 ]
 
Hope

I understand doubters, and odds are likely against us, but that's ok, no one person can do it, and maybe not just one method, but somehow we WILL get to our goal. Whether Motorola capitulates or we find a method to crack it, we will not have this awesome hardware go to waste.

I am not generally a "black hat" kind of person, but in this case we are in the right so far as I am concerned (please don't quote DMCA BS to me, lol) because they made a promise to their customers, and it will be kept, whether they like it or not.

So, I am with the above poster that mention he didn't know quite where to start, or where we have already made progress, but if someone can help us out, explain the process, we figure out how to move forward. (Please forgive the run-on sentence).

I've minimal experience programming, only VB.net, C++, and a bit of Java from college, and I do tier 2 desktop support for a bank these days, but on my off time I'd love to spend it on something worthwhile, all of you deserve this, and we'll make it happen.

Maybe it's the troubleshooter in me that sees the problem and says "oh no, there's a way, we just need to find it". I have a colleague, the one I spoke of before, he has a knack for doing incredible things, so once we have a breakdown of what we need to do, perhaps he can be of help.

So my friends, where do we go from here?
 

ztotherad

Senior Member
Aug 17, 2011
2,803
618
Illinois
OnePlus 9 Pro
I understand doubters, and odds are likely against us, but that's ok, no one person can do it, and maybe not just one method, but somehow we WILL get to our goal. Whether Motorola capitulates or we find a method to crack it, we will not have this awesome hardware go to waste.

I am not generally a "black hat" kind of person, but in this case we are in the right so far as I am concerned (please don't quote DMCA BS to me, lol) because they made a promise to their customers, and it will be kept, whether they like it or not.

So, I am with the above poster that mention he didn't know quite where to start, or where we have already made progress, but if someone can help us out, explain the process, we figure out how to move forward. (Please forgive the run-on sentence).

I've minimal experience programming, only VB.net, C++, and a bit of Java from college, and I do tier 2 desktop support for a bank these days, but on my off time I'd love to spend it on something worthwhile, all of you deserve this, and we'll make it happen.

Maybe it's the troubleshooter in me that sees the problem and says "oh no, there's a way, we just need to find it". I have a colleague, the one I spoke of before, he has a knack for doing incredible things, so once we have a breakdown of what we need to do, perhaps he can be of help.

So my friends, where do we go from here?

sir, did you get my pms?
 

Top Liked Posts

  • There are no posts matching your filters.
  • 9
    Well the UART console cable has been pain stakingly set up time to delve in

    Sent from my SCH-I535 using xda premium
    5
    Well I guess not. I'll just sit here in front of my 3.1 code and twiddle my thumbs.
    3
    the milestone 2 may have been cracked
    http://xdaforums.com/showpost.php?p=40135678&postcount=443

    Sent from my XT862 using xda premium
    3
    deleted. you cant polish a turd people.
    https://www.youtube.com/watch?v=yiJ9fy1qSFI

    Very difficult but not impossible. You have to trick the android into thinking it has a different address

    Sent from my Nexus 7 using XDA Premium HD app



    Or in the case of the droid x2 you can edit hex edit /pds/wifi/wlan_mac.bin. That file contains the mac address in hex.

    Will add more later...
    3
    SHA-1 brute force can be cracked for around $2 of Amazon cloud computing service. :)

    http://www.geek.com/articles/news/r...for-2-10-with-amazons-cloud-service-20101122/

    Isn't boot loader use SHA-1 encryption?

    (of course, the key may be much longer, but it may not be impossible for cheap. I say try to pool together like $100 and try Amazon cloud computing a try?)

    Wouldnt that have been great, it would be cracked now!


    If anyone user or mod finds this objectionable, then REMOVE.
    Seen a math project here and thought it might be like what SONY did. They used CELL provided formula as the basis of bootloader security, then used a few numbers with. Basically it made history, GIYF on PS3 Jailbreak. Could give some talented ones on here an idea, clue or just cause a flame?ASUS was similiar here:

    http://androidroot.mobi/2012/01/15/an-analysis-of-prime-security/

    Here is some Info for Everyone (Thought Unlocking Thread best place):
    -GENERIC-Tegra2-

    EC=Embedded Controller
    AP=Application Processor

    The format and content of the body are defined by the E.C. vendor and are opaque to the
    AP, except that the body must contain a trailing CRC‐32 checksum value. The checksum
    is computed using the CRC‐32 algorithm from IEEE 802.3 (x32 + x26 + x23 + x22 + x16 +
    x12 + x11 + x10 + x8 + x7 + x5 + x4 + x2 + x + 1).
    The EC vendor is responsible for providing tools and documentation to assist system
    integrators in generating the configuration information (both content and format). The
    vendor may wish to leverage pre‐existing tools that only address the opaque body
    content portion of the configuration information. In this case, the EC vendor is
    additionally responsible to provide tools and documentation to assist system integrators
    in transforming the raw body content into the format needed by the Generic
    Configuration commands. The header contains a trailing CRC‐32
    checksum (just like the body), allowing the AP to validate the integrity of the header
    contents. Integrity is checked by computing a running checksum that covers the header
    contents, excluding the trailing checksum bytes. If the running checksum value is not
    equal to the trailing CRC value, then integrity has been compromised. If the header is
    found to be intact, then the integrity of the body can also be checked in a similar manner.

    Byte Number; Description; Note
    0 – 3 Magic Number ASCII string “cnfg”; not null‐terminated
    4 EC Interface Spec Version Major/minor version; same format as in Get EC Interface Spec Version Response,
    5 Reserved Must be 00h
    6 – 35 EC Product Name ASCII string; same format as in Get EC Product Name Response
    36 – 39 EC Firmware Version Major/minor version; same format as in Get EC Firmware Version Response
    40 – 43 Configuration ID OEM‐defined value specifying the type of configuration data contained in this package.
    44 – 47 Body Length Length of opaque data including its trailing checksum; first byte is least
    significant, last byte is most significant.
    48 – 51 CRC Checksum computed over the above header data; first byte is least significant, last byte is most significant

    ***********ps
    fastboot getvar all
    (bootloader) version-bootloader: 1000
    (bootloader) product: daytona
    (bootloader) secure: no
    (bootloader) mid: 001
    (bootloader) version: 0.4
    (bootloader) serialno: 0280494999999xxx
    (bootloader) version-baseband: not supported
    all: Done
    finished. total time: 0.003s

    *-*-*-*-*-*
    On another note:
    http://www.techspot.com/news/52554-new-bill-aims-to-legalize-cell-phone-unlocking-fix-the-dmca.html