R800X Bootloader CRACKED!

ashergray · Aug 2, 2011

BOOTLOADER CRACKED!

EDIT:After discussing it with Mills and Blagus, I will not be publicly sharing my knowledge on how to crack the boot loader. This is only temporary until we(all r800x owners) can get a more permanent solution.
maybe another week or so before anything is solid.

UPDATE:

there is no longer a free solution for unlocking the play.
please contact blagus or yifanlu to see if they have your meid on file.
and check out the current paid solution. :/

I have attached screenshots as proof of root

Blagus · Aug 2, 2011

If you have already specified charset manually then why set --hex-charset again?

Sent from my R800i using XDA App

Mills00013 · Aug 2, 2011

Isn't this attack better served by simply generating a full list of values using CUDA and then comparing them to the RCK_H CODE Key we have? Then once we figure out which one matches, we will know what 16 character code generated it. If we can find a few matches for a few devices then we will be able to probably figure out the algorithm.

ashergray · Aug 2, 2011

Blagus said:
If you have already specified charset manually then why set --hex-charset again?

Sent from my R800i using XDA App

because when you specify hex charset it sends the information as the hex it represents rather than the string of characters. it does make a difference here.
ABCDEF1234567890 Hashed as HEX

Code:

eb5f4f42e353764daad987ef5b3a5df79339b021f08e90b1f00e1e7a79b15972

versus submitting it as text
ABCDEF1234567890 hashed as text

Code:

2b749913055289cb3a5c602a17196b5437dc59bba50e986ea449012a303f7201

its subtle, but its a big change in the hashing process.
if you hash the unlock code as text you get something completely different than if you were to submit it as the HEX it represents, which is what our RCK_H code is.

ashergray · Aug 2, 2011

Mills00013 said:
Isn't this attack better served by simply generating a full list of values using CUDA and then comparing them to the RCK_H CODE Key we have? Then once we figure out which one matches, we will know what 16 character code generated it. If we can find a few matches for a few devices then we will be able to probably figure out the algorithm.

Yes, you could approach the problem with that school of thought, but the file size for that much information would be well over 100 terabytes if my math is close.

as far as the algorithm goes, based on an educated guess, I think it is a MYSQL323 hashing algorithm that inputs the IMEI as Hex to produce the unlock code.I dont see how this is beneficial to us at this point though, given that verizon doesnt use IMEI for their play. Maybe worth looking into for bootloaders that are locked but can get into fastboot and SE doesnt provide an unlock code, outside of verizon of course. The path we are taking now is capable of unlocking most plays.

IronCross1788 · Aug 2, 2011

Good progress gentlemen. Keep up the amazing work. This device has alot of potential.

Sent from my R800x using Tapatalk

Mills00013 · Aug 2, 2011

So is the goal of using oclHashCat-Lite just to compare directly against the key and continue crunching until we get a match? Meaning it wont be exporting anything at all, it will just be a crank until it hits. So some phones might get really lucky and some might get really unlucky in regards to the time frame we are looking at.

ashergray · Aug 2, 2011

Mills00013 said:
So is the goal of using oclHashCat-Lite just to compare directly against the key and continue crunching until we get a match? Meaning it wont be exporting anything at all, it will just be a crank until it hits. So some phones might get really lucky and some might get really unlucky in regards to the time frame we are looking at.

Yeah, in a sense that's the Idea. Statistically speaking, you will hit 50% mark every time. But, once we have one cracked I have an idea for us CDMA guys. I am waiting to hear back from Blagus on what he thinks.
the TA is digitally signed by SE, preventing us from tampering. but if we just overwrite with a TA we know the unlock for it should work, and hopefully without bricking it, since it is a Verizon TA being overwritten.
I know one guy tried this already but messed up since it was a GSM TA overwriting a CDMA one, different file sizes and everything.
so hopefully it will be much easier once we get one down.

Blagus · Aug 2, 2011

ashergray said:
Yeah, in a sense that's the Idea. Statistically speaking, you will hit 50% mark every time. But, once we have one cracked I have an idea for us CDMA guys. I am waiting to hear back from Blagus on what he thinks.
the TA is digitally signed by SE, preventing us from tampering. but if we just overwrite with a TA we know the unlock for it should work, and hopefully without bricking it, since it is a Verizon TA being overwritten.
I know one guy tried this already but messed up since it was a GSM TA overwriting a CDMA one, different file sizes and everything.
so hopefully it will be much easier once we get one down.

No, because TA contains unique phone data, like IMEI/MEID, RCK_H, etc... you can't have two phones with same IMEI/MEID, right? Also, IMEI/MEID is also stored in OTP and EROM check the two on boot - if they don't match, no booting.

ashergray · Aug 2, 2011

I see, didnt realize that it was tied together like that. Looks like that idea is nixed. Did a prelimanary run on my 3ghz dual core and 8800gt it said almost 70 days before it goes through the full list. Still doing some small scale runs and waiting on atom at hashcat for some help.

Mills00013 · Aug 3, 2011

The guy who bricked his play was me... So i know all about how finicky that part of the phone can be. I would love to dedicate some cycles to cracking this thing. Realistically seventy days is not that bad. Certainly doesn't hurt to get the ball rolling and if we get a result before SE officially released the method, then we are ahead of the curve.

We could also do this as a team effort. Meaning if we took one person's key and everyone took a certain chunk and tried just those. If we had 7 people try it we would have a crack in ten days....

Also I'd love to give the same script a go if you got the command worked out already. I've got an 8 core i7 with a Quaddro FX800 card. This thing is more suited to crunch proteins in my lab but i think it could do well for it to take a few days and crack some code.

Sent from my R800x using XDA App

ashergray · Aug 3, 2011

Mills00013 said:
The guy who bricked his play was me... So i know all about how finicky that part of the phone can be. I would love to dedicate some cycles to cracking this thing. Realistically seventy days is not that bad. Certainly doesn't hurt to get the ball rolling and if we get a result before SE officially released the method, then we are ahead of the curve.

We could also do this as a team effort. Meaning if we took one person's key and everyone took a certain chunk and tried just those. If we had 7 people try it we would have a crack in ten days....

Also I'd love to give the same script a go if you got the command worked out already. I've got an 8 core i7 with a Quaddro FX800 card. This thing is more suited to crunch proteins in my lab but i think it could do well for it to take a few days and crack some code.

Sent from my R800x using XDA App

ok download oclHashCat-lite if you havent already. v06 is what i am running on.
cmd line to the directory.
ok now for the ugly part
copy and paste this in

Code:

cudaHashcat-lite32.exe -m 1400 -d 1 --hex-charset -1 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff d43e7744a1156d72fd434cb4a98ba1cb280028b507c315f708e7edefb8e421ac ?1?1?1?1?1?1?1?1 --outfile-format=1 --outfile=out.txt

just like I have it
let me know what you get
It is a bit messy, but because of certain limitations I had to create the massive 512 character set to get everything kosher.
it worked alright on smaller scale
It's by no means perfect, but it should do the trick.
btw make sure you have the latest cuda drivers installed.

hatcyl · Aug 3, 2011

Has anyone tried:
1. Backing up the TA
2. Editing the RCK_H code to a known code.
(For example: Edit to: eb5f4f42e353764daad987ef5b3a5df79339b021f08e90b1f00e1e7a79b15972
So your code will be: ABCDEF1234567890)
3. Restore the TA
4. Your TA will now be the exact same thing it was but with the new RCK_H code.
5. Use fastboot to unlock your bootloader with the code: ABCDEF1234567890

Blagus · Aug 3, 2011

hatcyl said:
Has anyone tried:
1. Backing up the TA
2. Editing the RCK_H code to a known code.
(For example: Edit to: eb5f4f42e353764daad987ef5b3a5df79339b021f08e90b1f00e1e7a79b15972
So your code will be: ABCDEF1234567890)
3. Restore the TA
4. Your TA will now be the exact same thing it was but with the new RCK_H code.
5. Use fastboot to unlock your bootloader with the code: ABCDEF1234567890

It'll brick your radio. You can't modify it because it's hashed and checked at boot.
If it was so easy it would be already done.

FrAsErTaG · Aug 3, 2011

If you need processing power, I could offer 16 cores with 12 gig of ram
Sent from my HTC Sensation Z710e using XDA App

ashergray · Aug 3, 2011

To everyone willing to offer processing power:
Please do, however, after speaking with Atom the developer of Hashcat I found out that it would take close to 82 thousand years to crack this.
here is the math

256 different 2-character combinations
00 to FF, this is how it is they are input when you use the --hex-charset flag.
we have 8, 2-character spaces with 256 possible combos per space
so the math is
256^8=18446744073709551616 possible unlock combos.
roughly 40 million combos per sec
so about 224640000000000 combos per year
possible unlock combos
___________________ = 82116.916282538958404558404558405 years
combos per year

anyone still wanna give it a go?

I will keep racking my brain for what to do next.

edit: another way to approach this would be to use the entire ASCII table instead of the charset I created above, and remove the --hex-charset flag, but you still have the same number of possible combos since ASCII directly relates to Hex from 0x00 to 0xFF. so the problem still remains.
we could create a table with all possible hex combos but that is 67108864 terabytes of storage which is pretty unfeasible at this point. so we will most likely have to stick with brute forcing it, or implementing a 2nd init.

edit2: possible work around found. Thanks to something Atom said I may have figured it out. someone created a distributed oclhashcat-lite gui that is capable of distributed cracking using software called drop box.
all we need are a lot of desktops running the same hash and all that gets changed is the 8th digit of the mask to 00 to ff
so its not perfect, and pretty unlikely that we will get it in the next few weeks at this rate.

ashergray · Aug 3, 2011

Idea

okay so let's brain storm a bit
1.)on GSM plays the 14 digit IMEI is input on the SE website for unlock code
2.)unlock code is an unknown hash algorithm (possibly a mysql)
3.)which is then fed in as the hex it represents to unlock the bootloader by checking it with the RCK_H hash code

but what about CDMA which uses an MEID (ie. A1000XXXXXXXXX) how are the RCK_H codes generated if they don't have an IMEI.

so, perhaps another way of approaching this would be to figure out the hashing algorithm for the GSM plays and figure out a way to exploit it for our MEIDs.

anyone else see any benefit to doing it this way? it would be much quicker if we could understand the process it goes to from 14 digit meid to RCK_H.

if brute forcing it seems to be too much we may have to resort to reverse engineering the hashing algorithm.

crono141 · Aug 3, 2011

That was essentially what I was proposing in the general thread. I think that method will be the most robust that will produce the best results. Its a daunting task, but not impossible, and definitely will be able to be accomplished in less than 82 thousand years of brute forcing.

Novaglarion · Aug 3, 2011

ashergray said:
after speaking with Atom the developer of Hashcat I found out that it would take close to 82 thousand years to crack this.

That sucks! I'll probably have a new phone by then...

Thanks for all the work, keep it up!

ashergray · Aug 3, 2011

crono141 said:
That was essentially what I was proposing in the general thread. I think that method will be the most robust that will produce the best results. Its a daunting task, but not impossible, and definitely will be able to be accomplished in less than 82 thousand years of brute forcing.

I thought a few people had mentioned it before.
But what I am worried about is if it isnt a standard 64bit hash algorithm and it is a larger truncated one.

R800X Bootloader CRACKED!

Senior Member

Attachments

Inactive Recognized Developer

Senior Member

Senior Member

Senior Member

Senior Member

Senior Member

Senior Member

Inactive Recognized Developer

Senior Member

Senior Member

Senior Member

Senior Member

Inactive Recognized Developer

Senior Member

Senior Member

Senior Member

Senior Member

Senior Member

Senior Member

Similar threads

Top Liked Posts