get bootloader key via jtag and use hash collision for custom rom?

Status
Not open for further replies.
Search This thread

bingo99

Member
Jun 7, 2014
8
1
title says it all pretty much

this assumes several things

1) that there is a "key" that the bootloader uses to "verify" new packages (OTA) and/or your custom rom (reject)

2) that this key is available via JTAG access

3) that knowing this key would allow a custom rom to be tweaked to have the same key (hash collision)

4) that this would essentially mean a compromised bootloader

5) to be useful to lots of people, that this key is the same on every S5 for a given carrier
 

jcase

Retired Forum Mod / Senior Recognized Developer
Feb 20, 2010
6,307
15,757
Sequim WA
title says it all pretty much

this assumes several things

1) that there is a "key" that the bootloader uses to "verify" new packages (OTA) and/or your custom rom (reject)

2) that this key is available via JTAG access

3) that knowing this key would allow a custom rom to be tweaked to have the same key (hash collision)

4) that this would essentially mean a compromised bootloader

5) to be useful to lots of people, that this key is the same on every S5 for a given carrier

1) public key, not private, not useful

2) I'm unaware of any major OEM that leaves JTAG enabled on current devices, possible exception of HTC

3) no it would not

4) nope

5) not really, the key is easily extracted firmware, and differs per carrier.
 
Last edited:
  • Like
Reactions: bingo99

warriorpluto

Senior Member
Sep 11, 2008
1,729
159
in the streets racing
1) public key, not private, not useful

2) I'm unaware of any major OEM that leaves JTAG enabled on current devices, without possibly the exception of HTC

3) no it would not

4) nope

5) not really, the key is easily extracted firmware, and differs per carrier.

So you don't think we could get by with a hardware hack? I'm thinking that may be our only option. Remember the"unhackable" PlayStation 3 lol see how that turned out. I wonder if geohot would like to crack this since he's banned from owning a ps3 now

Sent from my SM-G900V using XDA Free mobile app
 
  • Like
Reactions: Shaffer678

jcase

Retired Forum Mod / Senior Recognized Developer
Feb 20, 2010
6,307
15,757
Sequim WA
So you don't think we could get by with a hardware hack? I'm thinking that may be our only option. Remember the"unhackable" PlayStation 3 lol see how that turned out. I wonder if geohot would like to crack this since he's banned from owning a ps3 now

Sent from my SM-G900V using XDA Free mobile app

I didn't address any of that, I simply addressed the statements in the first post. No, I don't think anything in the first post will work.
 

sparkie6point0

Senior Member
Jun 23, 2012
93
9
Chicago
I'm beginning to wonder if Sammy is going the HTC route of unlocking the bootloader BEFORE actually rooting the device itself.

Sent from my GT-N5110 using XDA Premium HD app
 

bingo99

Member
Jun 7, 2014
8
1
1) public key, not private, not useful

2) I'm unaware of any major OEM that leaves JTAG enabled on current devices, possible exception of HTC

3) no it would not

4) nope

5) not really, the key is easily extracted firmware, and differs per carrier.

thanks jcase, your answers pretty much cover the whole thing.

public key = useless = no help in making a hash collision
 
Status
Not open for further replies.

Top Liked Posts

  • There are no posts matching your filters.
  • 1
    title says it all pretty much

    this assumes several things

    1) that there is a "key" that the bootloader uses to "verify" new packages (OTA) and/or your custom rom (reject)

    2) that this key is available via JTAG access

    3) that knowing this key would allow a custom rom to be tweaked to have the same key (hash collision)

    4) that this would essentially mean a compromised bootloader

    5) to be useful to lots of people, that this key is the same on every S5 for a given carrier

    1) public key, not private, not useful

    2) I'm unaware of any major OEM that leaves JTAG enabled on current devices, possible exception of HTC

    3) no it would not

    4) nope

    5) not really, the key is easily extracted firmware, and differs per carrier.
    1
    1) public key, not private, not useful

    2) I'm unaware of any major OEM that leaves JTAG enabled on current devices, without possibly the exception of HTC

    3) no it would not

    4) nope

    5) not really, the key is easily extracted firmware, and differs per carrier.

    So you don't think we could get by with a hardware hack? I'm thinking that may be our only option. Remember the"unhackable" PlayStation 3 lol see how that turned out. I wonder if geohot would like to crack this since he's banned from owning a ps3 now

    Sent from my SM-G900V using XDA Free mobile app