Bootloader Unlocking Effort

Search This thread
By:
Advanced…
32BitWhore

32BitWhore

Senior Member
Aug 31, 2011
346
118
PetrichorXFi said:
GS4? Same issue!
Click to expand...
Click to collapse

Not for those of us that picked up an MDK bootloader and didn't update. ;)

In all seriousness, I think the prospect of Kit Kat on the X2 is a great incentive to get the bootloader unlocked or to get kexec working. Having a viable phone to use for offline maps or even just a glorified mp3 player would be more than enough incentive for me to grab a spare battery and dig this thing out of the desk drawer.

Sent from my SCH-I545 using xda app-developers app
 
ajbiz11

ajbiz11

Senior Member
May 23, 2012
1,129
389
Ann Arbor, MI
unimatrix725 said:
I think it would be possible. I said over a year ago if someone was smart enough to make a "distributed computing/grid w/gpu acceleration" hashcat style attack we would have already cracked the bootloader! I am not smart enough, or I would have already done so. I am sure someone could examine LGs source or even kernel code and hack something together. Perhaps use dragonzkillers kernel "bypass" to allow it to run kernel unsigned. I think it was the LG Optimus 2(P990? So many similiar models). Same phone/spec practically. The GSM is, but the CDMA is NVIDIA Tegra 250 T20 (Harmony) based.
See Here:
http://www.gsmarena.com/lg_optimus_2x-3598.php
& Here:
I cant find the link to the repo, but anyone who does develop should be able to find it.----------------EDIT-----------------------------
(cyanogen mod) http://www.github.com/cyanogenmod/lge-kernel-star
(LG) http://www.lg.com/global/support/opensource/opensource-detail.jsp?detailCustomerModelCode=LGSU660
Click to expand...
Click to collapse


Yes, we COULD try getting the hash on the signature
Except if the signature is generated via md5 hashing
then we're boned


Sent from my iPad using Tapatalk
 
You must log in or register to reply here.

Similar threads

nitroglycerine33
[ROM] Eclipse v2.3 (7/25/12)
Replies
6K
Views
820K
DQEight
DQEight
D
[UPDATED 4/20][ROM]CyanogenMod 7.2.0-RC1 X2 [BETA]
Replies
3K
Views
487K
P
Paul.ryan
D
[ROM][ALPHA][JB]CyanogenMod 10 Alpha 3 [UPDATED 1/13]
Replies
2K
Views
399K
sd_shadow
sd_shadow
D
[ROM][BETA][ICS]CyanogenMod 9 "Stable" BETA1[UPDATED 8/13]
Replies
2K
Views
389K
C
ctmax45
navenedrob
  • Poll
[POLL][ROM]Atrix 4G Stock 2.3.4 ROM + Ports and Development Thread
Replies
745
Views
133K
Sandso9
Sandso9

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 9
    Lrs121
    Lrs121
    Well the UART console cable has been pain stakingly set up time to delve in

    Sent from my SCH-I535 using xda premium
    View
    5
    D
    dragonzkiller
    Well I guess not. I'll just sit here in front of my 3.1 code and twiddle my thumbs.
    View
    3
    sd_shadow
    sd_shadow
    the milestone 2 may have been cracked
    http://xdaforums.com/showpost.php?p=40135678&postcount=443

    Sent from my XT862 using xda premium
    View
    3
    aDigitalPhantom
    aDigitalPhantom
    Lorenzo VonMatterhorn said:
    deleted. you cant polish a turd people.
    Click to expand...
    Click to collapse
    https://www.youtube.com/watch?v=yiJ9fy1qSFI

    Lrs121 said:
    Very difficult but not impossible. You have to trick the android into thinking it has a different address

    Sent from my Nexus 7 using XDA Premium HD app
    Click to expand...
    Click to collapse


    Or in the case of the droid x2 you can edit hex edit /pds/wifi/wlan_mac.bin. That file contains the mac address in hex.

    Will add more later...
    View
    3
    U
    unimatrix725
    hpark21 said:
    SHA-1 brute force can be cracked for around $2 of Amazon cloud computing service. :)

    http://www.geek.com/articles/news/r...for-2-10-with-amazons-cloud-service-20101122/

    Isn't boot loader use SHA-1 encryption?

    (of course, the key may be much longer, but it may not be impossible for cheap. I say try to pool together like $100 and try Amazon cloud computing a try?)
    Click to expand...
    Click to collapse

    Wouldnt that have been great, it would be cracked now!


    If anyone user or mod finds this objectionable, then REMOVE.
    Seen a math project here and thought it might be like what SONY did. They used CELL provided formula as the basis of bootloader security, then used a few numbers with. Basically it made history, GIYF on PS3 Jailbreak. Could give some talented ones on here an idea, clue or just cause a flame?ASUS was similiar here:

    http://androidroot.mobi/2012/01/15/an-analysis-of-prime-security/

    Here is some Info for Everyone (Thought Unlocking Thread best place):
    -GENERIC-Tegra2-

    EC=Embedded Controller
    AP=Application Processor

    The format and content of the body are defined by the E.C. vendor and are opaque to the
    AP, except that the body must contain a trailing CRC‐32 checksum value. The checksum
    is computed using the CRC‐32 algorithm from IEEE 802.3 (x32 + x26 + x23 + x22 + x16 +
    x12 + x11 + x10 + x8 + x7 + x5 + x4 + x2 + x + 1).
    The EC vendor is responsible for providing tools and documentation to assist system
    integrators in generating the configuration information (both content and format). The
    vendor may wish to leverage pre‐existing tools that only address the opaque body
    content portion of the configuration information. In this case, the EC vendor is
    additionally responsible to provide tools and documentation to assist system integrators
    in transforming the raw body content into the format needed by the Generic
    Configuration commands. The header contains a trailing CRC‐32
    checksum (just like the body), allowing the AP to validate the integrity of the header
    contents. Integrity is checked by computing a running checksum that covers the header
    contents, excluding the trailing checksum bytes. If the running checksum value is not
    equal to the trailing CRC value, then integrity has been compromised. If the header is
    found to be intact, then the integrity of the body can also be checked in a similar manner.

    Byte Number; Description; Note
    0 – 3 Magic Number ASCII string “cnfg”; not null‐terminated
    4 EC Interface Spec Version Major/minor version; same format as in Get EC Interface Spec Version Response,
    5 Reserved Must be 00h
    6 – 35 EC Product Name ASCII string; same format as in Get EC Product Name Response
    36 – 39 EC Firmware Version Major/minor version; same format as in Get EC Firmware Version Response
    40 – 43 Configuration ID OEM‐defined value specifying the type of configuration data contained in this package.
    44 – 47 Body Length Length of opaque data including its trailing checksum; first byte is least
    significant, last byte is most significant.
    48 – 51 CRC Checksum computed over the above header data; first byte is least significant, last byte is most significant

    ***********ps
    fastboot getvar all
    (bootloader) version-bootloader: 1000
    (bootloader) product: daytona
    (bootloader) secure: no
    (bootloader) mid: 001
    (bootloader) version: 0.4
    (bootloader) serialno: 0280494999999xxx
    (bootloader) version-baseband: not supported
    all: Done
    finished. total time: 0.003s

    *-*-*-*-*-*
    On another note:
    http://www.techspot.com/news/52554-new-bill-aims-to-legalize-cell-phone-unlocking-fix-the-dmca.html
    View

New posts