[dvader]

bgill55:Say Hello to CM7 and cutom Kernels For your DX everyone thank @nenolod

[ultravisitor]

WHERE?

[jerseyboy357]

hmmmmmm another twitter link

[dvader]

nenolod William Pitcock
by richie681
frequently asked question: what are these keys for? answer: signing SBF update files for rsdlite.
1 hour ago Favorite Retweet Reply
»
William Pitcock
nenolod William Pitcock
by richie681
with the private key + iv, you can sign a replacement recovery and pack it in an SBF. enjoy.
1 hour ago Favorite Retweet Reply
»
William Pitcock
nenolod William Pitcock
by richie681
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 <== nonce (e)
1 hour ago Favorite Retweet Reply
»
William Pitcock
nenolod William Pitcock
by richie681
97 6a 21 7a 67 41 37 9f 26 53 4a 61 7f 2a 86 ae ff 71 21 78 2e 61 4f 71 90 3e 00 27 fe 9b <== initialization vector
1 hour ago Favorite Retweet Reply
»
William Pitcock
nenolod William Pitcock
by richie681
7e 21 a8 37 64 12 75 a3 47 13 54 42 12 48 58 12 71 a4 5e 41 a7 64 72 34 2a 6f e2 0a 97 8f <== sholes private key

[wormeyman]

Heck yeah! now we know why moto got upset whenever someone posted rsd lite and sbf's.

[dvader]

Sholes signing key leak explained

The Motorola(r) sholes platform uses a trusted bootloader environment. Signatures are stored as part of the CDT stored on the NAND flash. mbmloader verifies the signature on mbm before passing control. mbm verifies all other signatures before allowing the device to boot.

There is a vulnerability in the way that Motorola generated the signatures on the sections stored in the CDT. This vulnerability is very simple. Like on the PlayStation 3, Motorola forgot to add a random value to the signature in order to mask the private key. This allowed the private key and initialization vector to be cracked.

The keys can be cracked using Mathematica. Read up on how the Elgamal signature scheme works.
Ok, what does this mean?

Please refer to the following table:
Boot chain component Status
OMAP secure bootrom secure
Secure keystore replaceable
mbmloader secure, but irrelevant, replaceable but unnecessary
mbm secure, but irrelevant, replaceable but unnecessary
recovery replaceable (providing new keys is recommended)
system replaceable (providing new keys is recommended)
bootimage replaceable (providing new keys is recommended)

I do not plan on doing any more work on this. But all information has been handed over to people who are working on this. Follow the FreeMyMoto people for their progress.
Advisory history

* December 20th, 2010 — Motorola notified of keystore vulnerability. No response received from Motorola.
* February 20th, 2011 — Motorola notified again of keystore vulnerability. No response received from Motorola.
* February 27th, 2011 — Motorola notified that keystore vulnerability will be disclosed to public on March 20th. No response received from Motorola.
* March 20th, 2011 — Keystore signature generation vulnerability publically disclosed including private key leak. Response received from Motorola legal.

[dvader]

what blows though is they've been sitting on this since before xmas last year.

[digitalslacker]

http://www.androidcentral.com/has-mo...n-been-cracked

from the main page...
not sure what it all means yet but p3droid and a few others seem pretty excited about it on Twitter.

Exciting stuff for sure!

[dvader]

update to the page
Sholes signing key leak explained

The Motorola(r) sholes platform uses a trusted bootloader environment. Signatures are stored as part of the CDT stored on the NAND flash. mbmloader verifies the signature on mbm before passing control. mbm verifies all other signatures before allowing the device to boot.

There is a vulnerability in the way that Motorola generated the signatures on the sections stored in the CDT. This vulnerability is very simple. Like on the PlayStation 3, Motorola forgot to add a random value to the signature in order to mask the private key. This allowed the private key and initialization vector to be cracked.

The keys can be cracked using Mathematica. Read up on how the Elgamal signature scheme works.
Keys

Not placed here due to Motorola legal.
Ok, what does this mean?

Please refer to the following table:
Boot chain component Status
OMAP secure bootrom secure
Secure keystore replaceable (this CG must be signed by motorola's key)
mbmloader secure, but irrelevant
mbm secure, but irrelevant, replaceable but unnecessary
recovery replaceable (signable by anything in keystore)
system replaceable (signable by anything in keystore)
bootimage replaceable (signable by anything in keystore)

I do not plan on doing any more work on this. But all information has been handed over to people who are working on this. Follow the FreeMyMoto people for their progress.

In theory, creating a packed SBF to update keystore and replace recovery should work without bricking your phone. My advice: do not replace mbmloader as that is dangerous. An earlier version of this advisory marked it as replaceable, I have decided to remove this claim as I cannot presently think of a way to do it safely.
Notes to recovery authors

Your recovery must update the signatures on the Codegroup Descriptor Table (CDT). If it does not, your recovery will brick the phone if you attempt to flash a custom ROM.
Advisory history

* December 20th, 2010 — Motorola notified of keystore vulnerability. No response received from Motorola.
* February 20th, 2011 — Motorola notified again of keystore vulnerability. No response received from Motorola.
* February 27th, 2011 — Motorola notified that keystore vulnerability will be disclosed to public on March 20th. No response received from Motorola.
* March 20th, 2011 — Keystore signature generation vulnerability publically disclosed including private key leak. Response received from Motorola legal.

[Smitty_82]

This is going to get good!

[Smitty_82]

Thanks for explaining this! Great information.

[SYL]

Cyanogenmod 7!!!!!

[digitalslacker]

There's another thread in the DEV DX section. If a mod wants to move this one it probably makes more sense there

Hopefully CM7...but who knows at this point...probably too early to tell.

[kennydied23]

Pure win.

[rgray331975]

Cyanogenmod 7!!!!!

I have my fingers crossed. Maybe well hear something in a few days

Sent from my DROIDX using Tapatalk

[rgray331975]

Hope its not too late for the x to fully benefit

Sent from my DROIDX using Tapatalk

[SYL]

when it says "OMAP secure bootrom: secure", with "secure" highlighted in red, what does that mean? Is that bad?

[Leif]

So...my droid x is still on the leaked froyo from back in sept. (I haven't wanted to update it in case some leak ever did happen). Will I need to update to motorolla's latest version to get this?

[biohazard989]

Well the life of this phone may have just got waaaaaaaaayyyyy extended. Good news lets hope it pans out well!

Sent from my DROIDX using Tapatalk

[SYL]

So...my droid x is still on the leaked froyo from back in sept. (I haven't wanted to update it in case some leak ever did happen). Will I need to update to motorolla's latest version to get this?

These keys are only for installing custom roms that replace the kernel. Otherwise, these keys are useless. So unless you are a developer, don't worry about this at all

[cae2685]

when it says "OMAP secure bootrom: secure", with "secure" highlighted in red, what does that mean? Is that bad?

It's "bad" for the people that believe (as I do) that once you purchase a device, it's yours to tinker with as you will. From what I gather, this news gives ROM developers a way around that, so that we can get true custom ROMs on our phones.

These keys are only for installing custom roms that replace the kernel. Otherwise, these keys are useless. So unless you are a developer, don't worry about this at all

I'm not worried, I'm frickin' excited! I have high hopes for CM7 on my X

[Leif]

@SYL: Meh, I know. And I do want to replace the kernel, as this one (afaik) doesn't support ext4. Why? I want to put a linux distro on it. Why? Because I can.

[SYL]

It's "bad" for the people that believe (as I do) that once you purchase a device, it's yours to tinker with as you will. From what I gather, this news gives ROM developers a way around that, so that we can get true custom ROMs on our phones.

In this case, it is possible therefore to get a complete rom, say cyanogenmod running, with the custom kernel and everything? It will be identical to a phone without a bootloader? No downsides or limitations? If so, how can it be bad? you have the key

[Bushido Brown]

What I always found funny, was that Motorola's official statement on the bootloader encryption topic was that they did it to "protect" their software. but anyone who gives a damn wants access so they can RID of Moto's software.

Anyway, I wasn't too concerned about having an altered kernel. but I would be pretty happy if this hastens a port of MIUI, screw CM7.

[dvader]

updated again
Sholes signing key leak explained

The Motorola(r) sholes platform uses a trusted bootloader environment. Signatures are stored as part of the CDT stored on the NAND flash. mbmloader verifies the signature on mbm before passing control. mbm verifies all other signatures before allowing the device to boot.

There is a vulnerability in the way that Motorola generated the signatures on the sections stored in the CDT. This vulnerability is very simple. Like on the PlayStation 3, Motorola forgot to add a random value to the signature in order to mask the private key. This allowed the private key and initialization vector to be cracked.

The keys can be cracked using Mathematica. Read up on how the Elgamal signature scheme works.
TL;DR: k = s - sha1sum(data)

Above formula will yield signing keys on vulnerable phones due to motorola botching their signing keys.
Keys

Not placed here due to Motorola legal.
Ok, what does this mean?

Please refer to the following table:
Boot chain component Status
OMAP secure bootrom secure
Secure keystore replaceable (this CG must be signed by motorola's key)
mbmloader secure, but irrelevant
mbm secure, but irrelevant, replaceable but unnecessary
recovery replaceable (signable by anything in keystore)
system replaceable (signable by anything in keystore)
bootimage replaceable (signable by anything in keystore)

I do not plan on doing any more work on this. But all information has been handed over to people who are working on this. Follow the FreeMyMoto people for their progress.

In theory, creating a packed SBF to update keystore and replace recovery should work without bricking your phone. My advice: do not replace mbmloader as that is dangerous. An earlier version of this advisory marked it as replaceable, I have decided to remove this claim as I cannot presently think of a way to do it safely.
Notes to recovery authors

Your recovery must update the signatures on the Codegroup Descriptor Table (CDT). If it does not, your recovery will brick the phone if you attempt to flash a custom ROM.
Notes on similar non-sholes platforms

I do not know if the information in this advisory is related to those phones or not. In general, anyone trying anything with the information in this advisory is doing so at their own risk.
Advisory history

* December 20th, 2010 — Motorola notified of keystore vulnerability. No response received from Motorola.
* February 20th, 2011 — Motorola notified again of keystore vulnerability. No response received from Motorola.
* February 27th, 2011 — Motorola notified that keystore vulnerability will be disclosed to public on March 20th. No response received from Motorola.
* March 20th, 2011 — Keystore signature generation vulnerability publically disclosed including private key leak. Response received from Motorola legal.