Home > slashdot > Motorola’s Sholes Bootloader Unlocked

Motorola’s Sholes Bootloader Unlocked

March 21st, 2011 03:30 admin Leave a comment Go to comments


teh31337one writes “Motorola’s locked bootloader for their Sholes-family devices (Droid OG, Milestone, DroidX, Droid 2 etc, not Atrix 4G) has finally been cracked. @nenolod explains on his website: The Motorola Sholes platform uses a trusted bootloader environment. Signatures are stored as part of the CDT stored on the NAND flash. mbmloader verifies the signature on mbm before passing control. mbm verifies all other signatures before allowing the device to boot. There is a vulnerability in the way that Motorola generated the signatures on the sections stored in the CDT. This vulnerability is very simple. Like on the PlayStation 3, Motorola forgot to add a random value to the signature in order to mask the private key. This allowed the private key and initialization vector to be cracked. This comes at the time when HTC are also stepping up their attempts at locking down their phones . The recently released LTE flagship — ThunderBolt is their most locked-down phone to date … They made signed images, a signed kernel, and a signed recovery. They also locked the memory.”

Source: Motorola’s Sholes Bootloader Unlocked

Related Articles:

  1. Motorola Releases an Official Bootloader Unlocker
  2. Researcher Unlocks Galaxy S4 Bootloader For AT&T, Verizon Phones
  3. Motorola Says eFuse Doesn’t Permanently Brick Phones
  4. Motorola Sticks To Guns On Locking Down Android
  5. The Linux Foundation’s UEFI Secure Boot Pre-Bootloader Delayed
blog comments powered by Disqus