[DEVS ONLY] Crack/bypass/trick Boot.img Signature

Search This thread

designgears

Inactive Recognized Developer
Feb 9, 2010
5,399
8,907
0
SLC

theknub

Senior Member
Oct 15, 2009
102
6
0
DG, afaik, that exploit deals with the md2 hash algorithm. it is a good possible starting point. has the signing cert been found/recovered/viewed yet?

if moto signed it with an md5 hash cert, then that may not be possible.
 

dtmcnamara

Senior Member
Oct 26, 2007
249
24
0
Well if you guys need any processing power to help crack anything let me know. I am willing to donate my system. Current specs:
i7-970 six core 4.8ghz overclocked
4 gtx580 gpus
24gb ddr3 2000
HSDL 240gb ssd

Like I said, if you guys need any processing power let me know.

Sent from my "5 inch Galaxy Tab"
Atrix here on the 22nd
 

perdurabo2

Senior Member
Jun 17, 2007
137
21
0
NJ
Well if you guys need any processing power to help crack anything let me know. I am willing to donate my system. Current specs:
i7-970 six core 4.8ghz overclocked
4 gtx580 gpus
24gb ddr3 2000
HSDL 240gb ssd

Like I said, if you guys need any processing power let me know.

Sent from my "5 inch Galaxy Tab"
Atrix here on the 22nd

Please don't post here. This is a dev only thread. Post your offer in General.

Thanks!
 

perdurabo2

Senior Member
Jun 17, 2007
137
21
0
NJ
These downloads look like just CA certs. Could someone extract the x.509 cert embedded in the beginning of the boot.img and post it to this thread? I'm out and about this weekend and don't have a box with a hex editor handy.
 

Fixter

Senior Member
Jun 6, 2009
1,407
92
0
Durham
These downloads look like just CA certs. Could someone extract the x.509 cert embedded in the beginning of the boot.img and post it to this thread? I'm out and about this weekend and don't have a box with a hex editor handy.

If you could tell me how to do that I will be more than happy to get those for you. :) I'm the go to guy, remember?
 
  • Like
Reactions: mthguy

ntwrkwizard

Senior Member
Apr 3, 2006
51
7
0
Here is the extracted cert from within mmcblk0p10.img. This hex dump is extracted from 7FF7FC through 7FFDF9.
Also is the extracted cert from within mmcblk0p11.img. This hex dump is extracted from 7FF7FC through 7FFE79.

Not sure the value of an extracted public side of the x.509 is post signature but I'm sure someone will define that.

Good luck..

NW
 
Last edited:

switchgott

Senior Member
Jan 22, 2007
1,182
119
93
Hi friend,

is the bootloader encrypten the same as defy or milestone?
Or a new one?
Maybe we could get all a free bootloader if this would work?
Or other technical?
Thanks
 

NikolaiT

Senior Member
Aug 20, 2010
381
62
0
The structure of an X.509 v3 digital certificate is as follows:
Certificate
Version
Serial Number
Algorithm ID
Issuer
Validity
Not Before
Not After
Subject
Subject Public Key Info
Public Key Algorithm
Subject Public Key
Issuer Unique Identifier (optional)
Subject Unique Identifier (optional)
Extensions (optional)
...
Certificate Signature Algorithm
Certificate Signature

The extensions they come in are:

pem - (Privacy Enhanced Mail) Base64 encoded DER certificate, enclosed between "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----"
.cer, .crt, .der - usually in binary DER form, but Base64-encoded certificates are common too (see .pem above)
.p7b, .p7c - PKCS#7 SignedData structure without data, just certificate(s) or CRL(s)
.p12 - PKCS#12, may contain certificate(s) (public) and private keys (password protected)
.pfx - PFX, predecessor of PKCS#12 (usually contains data in PKCS#12 format, e.g., with PFX files generated in IIS)

PKCS#7 is a standard for signing or encrypting (officially called "enveloping") data. Since the certificate is needed to verify signed data, it is possible to include them in the SignedData structure. A .P7C file is a degenerated SignedData structure, without any data to sign.
PKCS#12 evolved from the personal information exchange (PFX) standard and is used to exchange public and private objects in a single file.

Flaws in the X509 Certificate:
Specification: Complexity and lack of quality
The X.509 standard was primarily designed to support the X.500 structure, but todays use cases center around the web. Many features are of little or no relevance today. The X.509 specification suffers from being over-functional and underspecified and the normative information is spread across many documents from different standardization bodies. Several profiles were developed to solve this, but these introduce interoperability issues and did not fix the problem.

Architectural flaws
Use of blacklisting invalid certificates (using CRLs and OCSP) instead of whitelisting
CRLs are particularly poor because of size and distribution patterns
Ambiguous OCSP semantics and lack of historical revocation status
Revocation of root certificates not addressed
Aggregation problem: Identity claim (authenticate with an identifier), attribute claim (submit a bag of vetted attributes) and policy claim are combined in a single container. This raises privacy, policy mapping and maintenance issues.
Delegation problem: CAs cannot technically restrict subCAs to issue only certificates within a limited namespaces and attribute set – this feature of X.509 in not in use. Therefore a large number of CAs exists in the Internet, and classifying them and their policies is an insurmountable task. Delegation of authority within an organization cannot be handled at all, like it is common business practice.
Federation problem: Certificate chains that are the result of sub-CAs, bridge- and cross-signing make validation complex and expensive in terms of processing time. Path validation semantics may be ambiguous. Hierarchy with 3rd-party trusted party is the only model. This is inconvenient when a bilateral trust relationship is already in place.

Problems of Commercial Certificate Authorities
Flawed business model: The subject, not the relying party, purchases certificates. The RA will usually go for the cheapest offer; quality is not being paid for in the competing market.
CAs deny almost all warranties to the user.
Expiration date: Should be used to limit the time the key strength is deemed sufficient. Abused by CAs to charge the client an extension fee. Places unnecessary burden on user with key roll-over.
Client certificates have zero protection value against dedicated attackers.
In browsers, the security is that of the weakest CA. There are very weak CAs.
“Users use an undefined certification request protocol to obtain a certificate which is published in an unclear location in a nonexistent directory with no real means to revoke it.“

Implementation issues
Implementation suffer from design flaws, bugs, different interpretations of standards and lack of interoperability of different standards. Some problems are:
Many implementations turn off revocation check:
Seen as obstacle, policies are not enforced
Would it be turned on in all browsers by default, including code signing, it would probably crash the infrastructure.
DNs are complex and little understood (lack of cononicalization, i18n problems, ..)
rfc822Name has 2 notations
Name and policy constraints hardly supported
Key usage ignored, first certificate in a list being used
Enforcement of custom OIDs is difficult
Attributes should not be made critical because it makes clients crash.
Unspecified length of attributes lead to product-specific limits

Exploits
In 2005, Arjen Lenstra and Benne de Weger demonstrated "how to use hash collisions to construct two X.509 certificates that contain identical signatures and that differ only in the public keys", achieved using a collision attack on the MD5 hash function.
In 2008, Alexander Sotirov and Marc Stevens presented at the Chaos Communication Congress a practical attack that allowed them to create a rogue Certificate Authority, accepted by all common browsers, by exploiting the fact that RapidSSL was still issuing X.509 certificates based on MD5.
X.509 certificates based on SHA-1 had been deemed to be secure up until very recent times. In April 2009 at the Eurocrypt Conference , Australian Researchers of Macquarie University presented "Automatic Differential Path Searching for SHA-1" . The researchers were able to deduce a method which increases the likelihood of a collision by several orders of magnitude.
Domain-validated certificates („Junk certificates“) are still trusted by web browsers, and can be obtained with little effort from commercial CAs.
EV-certificates are of very limited help, because Browsers do not have policies that disallow DV-certificates,
There are implementation errors with X.509 that allow e.g. falsified subject names using null-terminated strings or code injections attacks in certificates.


From the sound of it, the X.509 cerificate the Atrix uses will be in .p12 format, although I could be wrong.


Example of a Decoded X509 cert: http://pastie.org/1590676
 
Last edited:

t0dbld

Senior Member
Mar 21, 2010
457
1,485
0
Michigan
Great post, this is def a way to go and explore , i have been messsing with NVIDIAFlash all day so far.. i think if i can get a bootstrap or something on here so that i can mount and add some files to system folder with phone off i may be on to something ..
 

jimmydafish

Senior Member
Nov 10, 2007
286
307
0
Great post, this is def a way to go and explore , i have been messsing with NVIDIAFlash all day so far.. i think if i can get a bootstrap or something on here so that i can mount and add some files to system folder with phone off i may be on to something ..

Adding things to the system folder means nothing, the system partition is only check when a new system is flashed via (sbf_flash, rsdlite, or flashing a CG via an update.zip) otherwise you can add/remove items from the /system partition with no worries of the signatures.
 

skoalcan

Member
Nov 13, 2008
14
0
0
Morehead, Ky
I've got a question. Since we are dealing with a closed system. Can we not validate -enddate of the signed boot image. Make note of the exact date and time. Then change the system clock to less than 24 hrs. after this date. This will allow the entire system to think that the bootloader and cert have done their job and simply needs updated. Now we simply need to insert new boot.img that has a valid -startdate within that 24 hr period. The system should simply stop using the expired image and boot the "updated image". Once this generic image is booted, it can simply be swapped out with any further custom roms that we feel the need to use. Once all is done, the system clock will need to be restored to appropriate time. If I knew how to code, I would simply try this myself. But I don't, so I hope this might at least provide some insight to the possibility. I would love to work with developers on finding a solution to this problem, so feel free to ask questions.
 

t0dbld

Senior Member
Mar 21, 2010
457
1,485
0
Michigan
Adding things to the system folder means nothing, the system partition is only check when a new system is flashed via (sbf_flash, rsdlite, or flashing a CG via an update.zip) otherwise you can add/remove items from the /system partition with no worries of the signatures.

I 100% agree i didnt say that was the end all.... the reason for doing this is so that the computer recoginizes the device in NVIDIAFlash mode and i than can hopefully overwrite the bootloader with the dev version of bootloader.bin
 

jimmydafish

Senior Member
Nov 10, 2007
286
307
0
I 100% agree i didnt say that was the end all.... the reason for doing this is so that the computer recoginizes the device in NVIDIAFlash mode and i than can hopefully overwrite the bootloader with the dev version of bootloader.bin

That will not work, the bootloader is just one piece of a longer chain..changing that out "will" just have the phone reboot and use the backup bootloader. The problem to cracking it lies in all parts. Especially the NvRam where it begins and the MBR.
 

t0dbld

Senior Member
Mar 21, 2010
457
1,485
0
Michigan
That will not work, the bootloader is just one piece of a longer chain..changing that out "will" just have the phone reboot and use the backup bootloader. The problem to cracking it lies in all parts. Especially the NvRam where it begins and the MBR.

I very much respect all of the work you and your team has put into this situation with other devices, and i very much appreciate the help given by you guys to this forum, and no one including myself wants to waste time, so that being said i have not seen any ideas contributed ... only negative posts on what isnt going to work, i agree that you guys know more than me on this situation perhaps if you could share some of your ideas or the approach or direction you are going i and others could be of some help. We our fresh and not quite so beat up , its like when debuging a program thats driving you nuts and you cant figure out whats going wrong , sometimes a break, sleep, etc is in order so that when you come back your whole train of thought has been altered and you see something differently because you were not looking there before.

I follow instructions well, so lead... i am willing to donate my time my resources, and more than likely my device (at least for the next 29 days :p)
 

jimmydafish

Senior Member
Nov 10, 2007
286
307
0
I very much respect all of the work you and your team has put into this situation with other devices, and i very much appreciate the help given by you guys to this forum, and no one including myself wants to waste time, so that being said i have not seen any ideas contributed ... only negative posts on what isnt going to work, i agree that you guys know more than me on this situation perhaps if you could share some of your ideas or the approach or direction you are going i and others could be of some help. We our fresh and not quite so beat up , its like when debuging a program thats driving you nuts and you cant figure out whats going wrong , sometimes a break, sleep, etc is in order so that when you come back your whole train of thought has been altered and you see something differently because you were not looking there before.

I follow instructions well, so lead... i am willing to donate my time my resources, and more than likely my device (at least for the next 29 days :p)

I am not being negative just helping you all steer clear of dead ends. We are looking over some files now and may have some useful tidbits soon. I think we can tell the boot chain from start to finish.
 

t0dbld

Senior Member
Mar 21, 2010
457
1,485
0
Michigan
Great!! thanks for the update... on a side note esp in loom of this whole ps3 thing i hope motorola uses the same signing keys for all devices, so that if our day ever comes its x-mas for all
 
Last edited:

Top Liked Posts

  • There are no posts matching your filters.
  • 8
    Just a heads up that i've been in contact with TheKenAnthony and the ball is rolling. :)

    The bootloader is definitely unlocked on that device, i've verified that much so far, all partitions are unsigned, and there is no read-protection on the bootloader and other sensitive partitions (several of them including the bootloader on the production device are read-protected, and thus likely write-protected also). The hard part will be getting it onto ours :)
    8
    Did some cleaning, back to topic please.
    8
    Dont know if this is the right place to post this so be easy mods.. but to any DEVS i have a Motorola Atrix Test device.. it was one that was put out into public to test that remained unbranded and undercover.. im not sure if the bootloader is locked on this device and would like to see if a dev can walk me through anything i need to do that can help.. i do know that i have my AT&T sim card in it right now and ran the speed test app and got 1.7mbps upload speed so its not suffering from the speed and data cap att has put on the other atrix phones... any dev interested PM me and let me know what we can do ... thanks!!!
    5
    actually, the method i have been working on for quite some time , is to reprogram the fuse, i will not know until its done where this is the end all, personally i think that i will need to first reprogram the fuse than flash an engineering bootloader, i got my parts in today to build the usb i need, or so i hope, but unfortunitly i am sitting on a broken atrix hopefully replacement comes tomorrow and i will be able to report more in next few days. I agree that the atrix is beatable, the biggest problem is the lack of people working on this, as its down to me and da_g and neither one of us is a crypto guy :p today i also gathered some info from released lg and it to has the tegra 2 with fuse, how ever I have not yet been able to compare setting to know how its is configured


    ** i believe our biggest difference and biggest challenge is that each of our partitions are signed, so its not just the fuse we have to worry about, i don't think that what i have stated above will fix all of our problems, a dd of all the partitions may also be necessary
Our Apps
Get our official app!
The best way to access XDA on your phone
Nav Gestures
Add swipe gestures to any Android
One Handed Mode
Eases uses one hand with your phone