Originally Posted by bqq100
Can someone help a dummy like me understand how this exploit works? Whats special about the 4kB of 0x00507c80 in the middle of the system partition? And what does the 3 at 4104 of the boot partition do? Once CWM is loaded, does that eliminate the need for modifying the system/boot partition, or does something in verygreens device tree/local_manifest take care of adding the necessary code for every build?
0x807c5000 is the address where our replacement bootloader is loaded.
Boot partition is used by amazon uboot to get various properties like serial number of device, wifi mac and what partition to boot from.
1 is normal boot, 3 - recovery, 2 - diagnostic kernel (don't boot it if you don't know what you are doing), 5 and 6 are boot from USB.
the need to load uboot address is never disappearing, but updater-script in the install zip takes care of that.