Attend XDA's Second Annual Developer Conference, XDA:DevCon 2014!
5,738,086 Members 54,273 Now Online
XDA Developers Android and Mobile Development Forum

get bootloader key via jtag and use hash collision for custom rom?

Tip us?
 
bingo99
Old
#1  
Junior Member - OP
Thanks Meter 1
Posts: 8
Join Date: Jun 2014
Default get bootloader key via jtag and use hash collision for custom rom?

title says it all pretty much

this assumes several things

1) that there is a "key" that the bootloader uses to "verify" new packages (OTA) and/or your custom rom (reject)

2) that this key is available via JTAG access

3) that knowing this key would allow a custom rom to be tweaked to have the same key (hash collision)

4) that this would essentially mean a compromised bootloader

5) to be useful to lots of people, that this key is the same on every S5 for a given carrier
 
jcase
Old
(Last edited by jcase; 7th June 2014 at 07:41 AM.)
#2  
jcase's Avatar
Forum Moderator / Senior Recognized Developer - Taco Vendor
Thanks Meter 6763
Posts: 3,564
Join Date: Feb 2010
Location: Sequim WA

 
DONATE TO ME
Quote:
Originally Posted by bingo99 View Post
title says it all pretty much

this assumes several things

1) that there is a "key" that the bootloader uses to "verify" new packages (OTA) and/or your custom rom (reject)

2) that this key is available via JTAG access

3) that knowing this key would allow a custom rom to be tweaked to have the same key (hash collision)

4) that this would essentially mean a compromised bootloader

5) to be useful to lots of people, that this key is the same on every S5 for a given carrier
1) public key, not private, not useful

2) I'm unaware of any major OEM that leaves JTAG enabled on current devices, possible exception of HTC

3) no it would not

4) nope

5) not really, the key is easily extracted firmware, and differs per carrier.
I'm taking a break of an undetermined length. Please don't contact me about exploits

Something important? jcase@cunninglogic.com
Like Android security topics? Join our G+ community -> https://plus.google.com/communities/...07618051049043
My Bitcoin address : 1Newifz6yETTmbziCsZZstmHHPH6ejNr75
The Following User Says Thank You to jcase For This Useful Post: [ Click to Expand ]
 
warriorpluto
Old
#3  
warriorpluto's Avatar
Senior Member
Thanks Meter 102
Posts: 1,269
Join Date: Sep 2008
Location: in the streets racing
Quote:
Originally Posted by jcase View Post
1) public key, not private, not useful

2) I'm unaware of any major OEM that leaves JTAG enabled on current devices, without possibly the exception of HTC

3) no it would not

4) nope

5) not really, the key is easily extracted firmware, and differs per carrier.
So you don't think we could get by with a hardware hack? I'm thinking that may be our only option. Remember the"unhackable" PlayStation 3 lol see how that turned out. I wonder if geohot would like to crack this since he's banned from owning a ps3 now

Sent from my SM-G900V using XDA Free mobile app
my feedback
http://www.howardforums.com/showthre...8-warriorpluto

Originally Posted by xxnitro123
yee ill take screenshots... when i take a pic of the screen it doenst show in the picture because the color interferes with the light
The Following User Says Thank You to warriorpluto For This Useful Post: [ Click to Expand ]
 
jcase
Old
#4  
jcase's Avatar
Forum Moderator / Senior Recognized Developer - Taco Vendor
Thanks Meter 6763
Posts: 3,564
Join Date: Feb 2010
Location: Sequim WA

 
DONATE TO ME
Quote:
Originally Posted by warriorpluto View Post
So you don't think we could get by with a hardware hack? I'm thinking that may be our only option. Remember the"unhackable" PlayStation 3 lol see how that turned out. I wonder if geohot would like to crack this since he's banned from owning a ps3 now

Sent from my SM-G900V using XDA Free mobile app
I didn't address any of that, I simply addressed the statements in the first post. No, I don't think anything in the first post will work.
I'm taking a break of an undetermined length. Please don't contact me about exploits

Something important? jcase@cunninglogic.com
Like Android security topics? Join our G+ community -> https://plus.google.com/communities/...07618051049043
My Bitcoin address : 1Newifz6yETTmbziCsZZstmHHPH6ejNr75
 
warriorpluto
Old
#5  
warriorpluto's Avatar
Senior Member
Thanks Meter 102
Posts: 1,269
Join Date: Sep 2008
Location: in the streets racing
Quote:
Originally Posted by jcase View Post
I didn't address any of that, I simply addressed the statements in the first post. No, I don't think anything in the first post will work.
I'm talking about my post. I'm asking you. You're the hacker since a software exploit is failing do you think a hardware exploit would be easier to do?

Sent from my SM-G900V using XDA Free mobile app
my feedback
http://www.howardforums.com/showthre...8-warriorpluto

Originally Posted by xxnitro123
yee ill take screenshots... when i take a pic of the screen it doenst show in the picture because the color interferes with the light
 
jcase
Old
#6  
jcase's Avatar
Forum Moderator / Senior Recognized Developer - Taco Vendor
Thanks Meter 6763
Posts: 3,564
Join Date: Feb 2010
Location: Sequim WA

 
DONATE TO ME
Quote:
Originally Posted by warriorpluto View Post
I'm talking about my post. I'm asking you. You're the hacker since a software exploit is failing do you think a hardware exploit would be easier to do?

Sent from my SM-G900V using XDA Free mobile app
Impractical

Sent from my MotoX+1 using XDA Premium 4 mobile app
I'm taking a break of an undetermined length. Please don't contact me about exploits

Something important? jcase@cunninglogic.com
Like Android security topics? Join our G+ community -> https://plus.google.com/communities/...07618051049043
My Bitcoin address : 1Newifz6yETTmbziCsZZstmHHPH6ejNr75
 
warriorpluto
Old
#7  
warriorpluto's Avatar
Senior Member
Thanks Meter 102
Posts: 1,269
Join Date: Sep 2008
Location: in the streets racing
Quote:
Originally Posted by jcase View Post
Impractical

Sent from my MotoX+1 using XDA Premium 4 mobile app
Oh ok

Sent from my SM-G900V using XDA Free mobile app
my feedback
http://www.howardforums.com/showthre...8-warriorpluto

Originally Posted by xxnitro123
yee ill take screenshots... when i take a pic of the screen it doenst show in the picture because the color interferes with the light
 
sparkie6point0
Old
#8  
sparkie6point0's Avatar
Member
Thanks Meter 8
Posts: 84
Join Date: Jun 2012
Location: Chicago
I'm beginning to wonder if Sammy is going the HTC route of unlocking the bootloader BEFORE actually rooting the device itself.

Sent from my GT-N5110 using XDA Premium HD app
WELCOME TO THE HOUSE HALFWAY UP THE NEXT BLOCK!
SPARKIE6POINT0
CURRENT PHONE: Verizon Galaxy Note 3 (rooted)
CURRENT ROM: MODIFIED STOCK


A GOOD NANDROID BACKUP CAN SAVE YOUR A**, BUT IT CAN'T DO S**T IF YOU CAN'T ACCESS IT.
BE CAREFUL WHEN FLASHING A ROM, MAKE SURE IT'S MADE FOR YOUR PHONE AND FOLLOW THE DEV'S INSTALLATION DIRECTIONS
TO THE LETTER!!!!
 
bingo99
Old
#9  
Junior Member - OP
Thanks Meter 1
Posts: 8
Join Date: Jun 2014
Quote:
Originally Posted by jcase View Post
1) public key, not private, not useful

2) I'm unaware of any major OEM that leaves JTAG enabled on current devices, possible exception of HTC

3) no it would not

4) nope

5) not really, the key is easily extracted firmware, and differs per carrier.
thanks jcase, your answers pretty much cover the whole thing.

public key = useless = no help in making a hash collision
 
jcase
Old
#10  
jcase's Avatar
Forum Moderator / Senior Recognized Developer - Taco Vendor
Thanks Meter 6763
Posts: 3,564
Join Date: Feb 2010
Location: Sequim WA

 
DONATE TO ME
This type of discussion also belongs in the ideas for rooting our phone thread

http://forum.xda-developers.com/show....php?t=2729232

please continue it there.

thread closed
I'm taking a break of an undetermined length. Please don't contact me about exploits

Something important? jcase@cunninglogic.com
Like Android security topics? Join our G+ community -> https://plus.google.com/communities/...07618051049043
My Bitcoin address : 1Newifz6yETTmbziCsZZstmHHPH6ejNr75

THREAD CLOSED
Subscribe
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes