It's been a few days so I wanted to give an update on the signature check on boot.img
As has been previously guessed, everything important in boot.img is included in the signature check
page_size is always 0x800 since we're using emmc boot
ralekdev, are these on the PARAMS partition, or are these the memory locations?
If they are on the partition, we should be able to simply echo a hex value into the dd app with the count set properly..
Currently we have no debugging inf...
Ironically I probably wouldn't have noticed the hole used this time had they not added the blacklisting of the old versions. Looking at the code for that gave me a push in the right direction
Reserved for technical details
I think I'm about 2 weeks late with this, but like Adam I've also been dealing with the hassles moving.
Here's some info that will get you started looking at the bootloader files in IDA
Each of the bootloader files (sbl1, sbl2, sbl3, tz, rp...