Thread Closed

get bootloader key via jtag and use hash collision for custom rom?

OP bingo99

7th June 2014, 05:36 AM   |  #1  
OP Junior Member
Thanks Meter: 1
 
8 posts
Join Date:Joined: Jun 2014
title says it all pretty much

this assumes several things

1) that there is a "key" that the bootloader uses to "verify" new packages (OTA) and/or your custom rom (reject)

2) that this key is available via JTAG access

3) that knowing this key would allow a custom rom to be tweaked to have the same key (hash collision)

4) that this would essentially mean a compromised bootloader

5) to be useful to lots of people, that this key is the same on every S5 for a given carrier
7th June 2014, 07:26 AM   |  #2  
jcase's Avatar
Forum Moderator / Senior Recognized Developer - Taco Vendor
Flag Sequim WA
Thanks Meter: 8,064
 
3,860 posts
Join Date:Joined: Feb 2010
Donate to Me
More
Quote:
Originally Posted by bingo99

title says it all pretty much

this assumes several things

1) that there is a "key" that the bootloader uses to "verify" new packages (OTA) and/or your custom rom (reject)

2) that this key is available via JTAG access

3) that knowing this key would allow a custom rom to be tweaked to have the same key (hash collision)

4) that this would essentially mean a compromised bootloader

5) to be useful to lots of people, that this key is the same on every S5 for a given carrier

1) public key, not private, not useful

2) I'm unaware of any major OEM that leaves JTAG enabled on current devices, possible exception of HTC

3) no it would not

4) nope

5) not really, the key is easily extracted firmware, and differs per carrier.
Last edited by jcase; 7th June 2014 at 07:41 AM.
The Following User Says Thank You to jcase For This Useful Post: [ View ]
7th June 2014, 07:35 AM   |  #3  
warriorpluto's Avatar
Senior Member
Flag in the streets racing
Thanks Meter: 104
 
1,313 posts
Join Date:Joined: Sep 2008
Quote:
Originally Posted by jcase

1) public key, not private, not useful

2) I'm unaware of any major OEM that leaves JTAG enabled on current devices, without possibly the exception of HTC

3) no it would not

4) nope

5) not really, the key is easily extracted firmware, and differs per carrier.

So you don't think we could get by with a hardware hack? I'm thinking that may be our only option. Remember the"unhackable" PlayStation 3 lol see how that turned out. I wonder if geohot would like to crack this since he's banned from owning a ps3 now

Sent from my SM-G900V using XDA Free mobile app
The Following User Says Thank You to warriorpluto For This Useful Post: [ View ]
7th June 2014, 07:40 AM   |  #4  
jcase's Avatar
Forum Moderator / Senior Recognized Developer - Taco Vendor
Flag Sequim WA
Thanks Meter: 8,064
 
3,860 posts
Join Date:Joined: Feb 2010
Donate to Me
More
Quote:
Originally Posted by warriorpluto

So you don't think we could get by with a hardware hack? I'm thinking that may be our only option. Remember the"unhackable" PlayStation 3 lol see how that turned out. I wonder if geohot would like to crack this since he's banned from owning a ps3 now

Sent from my SM-G900V using XDA Free mobile app

I didn't address any of that, I simply addressed the statements in the first post. No, I don't think anything in the first post will work.
7th June 2014, 08:22 AM   |  #5  
warriorpluto's Avatar
Senior Member
Flag in the streets racing
Thanks Meter: 104
 
1,313 posts
Join Date:Joined: Sep 2008
Quote:
Originally Posted by jcase

I didn't address any of that, I simply addressed the statements in the first post. No, I don't think anything in the first post will work.

I'm talking about my post. I'm asking you. You're the hacker since a software exploit is failing do you think a hardware exploit would be easier to do?

Sent from my SM-G900V using XDA Free mobile app
7th June 2014, 08:31 AM   |  #6  
jcase's Avatar
Forum Moderator / Senior Recognized Developer - Taco Vendor
Flag Sequim WA
Thanks Meter: 8,064
 
3,860 posts
Join Date:Joined: Feb 2010
Donate to Me
More
Quote:
Originally Posted by warriorpluto

I'm talking about my post. I'm asking you. You're the hacker since a software exploit is failing do you think a hardware exploit would be easier to do?

Sent from my SM-G900V using XDA Free mobile app

Impractical

Sent from my MotoX+1 using XDA Premium 4 mobile app
7th June 2014, 09:01 AM   |  #7  
warriorpluto's Avatar
Senior Member
Flag in the streets racing
Thanks Meter: 104
 
1,313 posts
Join Date:Joined: Sep 2008
Quote:
Originally Posted by jcase

Impractical

Sent from my MotoX+1 using XDA Premium 4 mobile app

Oh ok

Sent from my SM-G900V using XDA Free mobile app
7th June 2014, 02:44 PM   |  #8  
sparkie6point0's Avatar
Member
Flag Chicago
Thanks Meter: 8
 
86 posts
Join Date:Joined: Jun 2012
More
I'm beginning to wonder if Sammy is going the HTC route of unlocking the bootloader BEFORE actually rooting the device itself.

Sent from my GT-N5110 using XDA Premium HD app
7th June 2014, 03:21 PM   |  #9  
OP Junior Member
Thanks Meter: 1
 
8 posts
Join Date:Joined: Jun 2014
Quote:
Originally Posted by jcase

1) public key, not private, not useful

2) I'm unaware of any major OEM that leaves JTAG enabled on current devices, possible exception of HTC

3) no it would not

4) nope

5) not really, the key is easily extracted firmware, and differs per carrier.

thanks jcase, your answers pretty much cover the whole thing.

public key = useless = no help in making a hash collision
8th June 2014, 05:02 PM   |  #10  
jcase's Avatar
Forum Moderator / Senior Recognized Developer - Taco Vendor
Flag Sequim WA
Thanks Meter: 8,064
 
3,860 posts
Join Date:Joined: Feb 2010
Donate to Me
More
This type of discussion also belongs in the ideas for rooting our phone thread

http://forum.xda-developers.com/show....php?t=2729232

please continue it there.

thread closed

Thread Closed Subscribe to Thread
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes


Top Threads in Verizon Galaxy S 5 Q&A, Help & Troubleshooting by ThreadRank