1. mungera's Avatar
    Don't shoot me, I know there's info out there but it's a little much for an Android noob.
    From what I'm getting, the X can (eventually) be rooted, just can't have custom ROMs bc the bootloader is locked, right? So basically, once someone roots the thing, you can remove bloatware, use wireless tether, etc and just not load a custom ROM? Am I totally misunderstanding how this works?
    And if I missed this somewhere else, fell free to call me a noob and tell me to search the forum. And call me names. But hey, leave my mom out of it!
    07-19-2010 01:19 PM
  2. Aggie12's Avatar
    okay n00b. Root gives you admin access to the device. Stuff that motorola and verizon don't want you accessing. I would say you have a pretty good idea of it without being too technical. You can download apps that require root access from the market. eg. Titanium.
    There are some rumors about that the eFuse won't actually brick the device. I saw on another not-to-be-named forum that some guy bought Koush (an Android developer who, if anyone, has a good chance at rooting) a DroidX. So we shall see in due time.

    Edit: now go search the forum. And Google.
    SOADFreak1989 likes this.
    07-19-2010 01:24 PM
  3. mungera's Avatar
    Thanks! I'm at work and limited to what sites I can browse, so I'm limited to my poor, overworked and underperforming BB. Is the locked bootloader what prevents (impedes?) the device from being rooted, or just from loading a custom ROM? I'm under the impression it just keeps you from loading ROMs, but getting root access is different.
    PS: Thanks for leaving my mom out of it.
    07-19-2010 01:37 PM
  4. moosc's Avatar
    We will have root and we will ha e custom roms it will just time and a good developer to work the kinks out.
    07-19-2010 01:43 PM
  5. mungera's Avatar
    That's kinda what I'm wondering about; is getting root and the ability to use custom roms equally difficult?
    07-19-2010 02:13 PM
  6. Leif's Avatar
    Right now...yes, it's very difficult. In time...probably not.
    07-19-2010 02:18 PM
  7. Aggie12's Avatar
    In the case of this phone with the information we have now. Root will be here but I'm not to sure about the custom ROM flashing. I don't really care about custom ROMs, call me whatever but yeah. As long as 2.2 doesn't take to long I'm fine.
    07-19-2010 02:23 PM
  8. schizrade's Avatar
    We will have root and we will ha e custom roms it will just time and a good developer to work the kinks out.
    You have a supercluster working on the encryption or a mole inside Motorola?

    No?

    Then you will never load custom ROMs.
    07-19-2010 02:24 PM
  9. mungera's Avatar
    I *think* I'm ok with root for now. Maybe once I fully grasp everything I'll change my mind about the need for roms.

    And its good to see no mothers were brought up, although schizrade is doing his best to start something
    07-19-2010 02:28 PM
  10. schizrade's Avatar
    I *think* I'm ok with root for now. Maybe once I fully grasp everything I'll change my mind about the need for roms.

    And its good to see no mothers were brought up, although schizrade is doing his best to start something
    No, just trying to make people aware of the ramifications of encryption. It is not a simple work around, although people think it can somehow magically be "hacked". The Milestone has the same setup, and it hasn't come close to being hacked. Encryption is not something easily hacked like you see on movies. Good encryption is, in a practical sense, bullet proof. There are always ways through or around something, but assuming Motorola used a half decent method (which the Milestone all but confirms), by the time a hole to work is even found, the world would have moved on to the next toy.

    Assuming 128bit or 256bit AES Encryption, cracking will not happen anytime soon:

    For cryptographers, a cryptographic "break" is anything faster than an exhaustive search. Thus, an XSL attack against a 128-bit-key AES requiring 2100 operations (compared to 2128 possible keys) would be considered a break. The largest successful publicly-known brute force attack has been against a 64-bit RC5 key by distributed.net.

    Unlike most other block ciphers, AES has a very neat algebraic description.[10] In 2002, a theoretical attack, termed the "XSL attack", was announced by Nicolas Courtois and Josef Pieprzyk, purporting to show a weakness in the AES algorithm due to its simple description.[11] Since then, other papers have shown that the attack as originally presented is unworkable; see XSL attack on block ciphers.

    During the AES process, developers of competing algorithms wrote of Rijndael, "...we are concerned about [its] use...in security-critical applications."[12] However, at the end of the AES process, Bruce Schneier, a developer of the competing algorithm Twofish, wrote that while he thought successful academic attacks on Rijndael would be developed someday, "I do not believe that anyone will ever discover an attack that will allow someone to read Rijndael traffic."[13]

    On July 1, 2009, Bruce Schneier blogged[14] about a related-key attack on the 192-bit and 256-bit versions of AES, discovered by Alex Biryukov and Dmitry Khovratovich,[15] which exploits AES's somewhat simple key schedule and has a complexity of 299.5. This is a follow-up to an attack discovered earlier in 2009 by Alex Biryukov, Dmitry Khovratovich, and Ivica Nikolić, with a complexity of 296 for one out of every 235 keys.[16] Another attack was blogged by Bruce Schneier[17] on July 30, 2009 and released as a preprint[18] on August 3, 2009. This new attack, by Alex Biryukov, Orr Dunkelman, Nathan Keller, Dmitry Khovratovich, and Adi Shamir, is against AES-256 that uses only two related keys and 239 time to recover the complete 256-bit key of a 9-round version, or 245 time for a 10-round version with a stronger type of related subkey attack, or 270 time for a 11-round version. 256-bit AES uses 14 rounds, so these attacks aren't effective against full AES.

    In November 2009, the first known-key distinguishing attack against a reduced 8-round version of AES-128 was released as a preprint.[19] This known-key distinguishing attack is an improvement of the rebound or the start-from-the-middle attacks for AES-like permutations, which view two consecutive rounds of permutation as the application of a so-called Super-Sbox. It works on the 8-round version of AES-128, with a computation complexity of 248, and a memory complexity of 232.

    In July 2010 Vincent Rijmen published an ironic paper on "chosen-key-relations-in-the-middle" attacks on AES-128[20]
    07-19-2010 02:40 PM
  11. Aggie12's Avatar
    We can be hopeful Holly's can't we negative Nancy??
    07-19-2010 02:45 PM
  12. mungera's Avatar
    ::nods head with blank expression on face::
    07-19-2010 03:19 PM
  13. schizrade's Avatar
    We can be hopeful Holly's can't we negative Nancy??
    Sure.

    Hope.
    07-19-2010 03:27 PM
  14. schizrade's Avatar
    Here, some sobering reality:

    motorola_milestone [And Developers]
    07-19-2010 04:08 PM
  15. Topweasel's Avatar
    99.9 of encryption bypassing today is done by someone at a company wanting a toy to work their way and giving important development info to some hacker.

    So considering Motorola is an American company and the Milestone not selling well in America. My guess is someone at Motorola having a DX but wanting cool ROM's will eventually feed a ROM cooker with the Encryption info.
    07-19-2010 04:15 PM
  16. schizrade's Avatar
    99.9 of encryption bypassing today is done by someone at a company wanting a toy to work their way and giving important development info to some hacker.

    So considering Motorola is an American company and the Milestone not selling well in America. My guess is someone at Motorola having a DX but wanting cool ROM's will eventually feed a ROM cooker with the Encryption info.
    Like I said, a mole will release the key.
    07-19-2010 04:16 PM
  17. Topweasel's Avatar
    Like I said, a mole will release the key.
    If we can get AACS keys before HD-DVD or BD was ever released. I am confident someone will get a key or a bypass from Motorola. In the end this is stuff they do for their Board, the techs probably hate to see their hardware locked so tight anyways. The info will make it out.
    07-19-2010 04:23 PM
  18. Jerry Hildenbrand's Avatar
    If we can get AACS keys before HD-DVD or BD was ever released. I am confident someone will get a key or a bypass from Motorola. In the end this is stuff they do for their Board, the techs probably hate to see their hardware locked so tight anyways. The info will make it out.
    I'm hopeful, but there's also the chance that a human doesn't have the key. It makes sense to have one dedicated machine to compile all final builds, so that they all are the same and have the same MD5.

    If it were me, the RSA key would be unique to that machine and only a very few would be able to extract the private portion, so any leaking of keys would result in me firing a couple of people.
    07-19-2010 04:28 PM
  19. Topweasel's Avatar
    I'm hopeful, but there's also the chance that a human doesn't have the key. It makes sense to have one dedicated machine to compile all final builds, so that they all are the same and have the same MD5.

    If it were me, the RSA key would be unique to that machine and only a very few would be able to extract the private portion, so any leaking of keys would result in me firing a couple of people.
    I would think every factory would need to have it plus the OS and software developers. For this reason I would think probably 20 people in the company at least has direct access and some 100 or so with limited access to phone specific codes. Without a specific working code for each specific place it would be pretty hard to track down the source unless they track access to the files and only then it would be useful if this couldn't be done during the period of time where you would access it normally.
    07-19-2010 04:55 PM
  20. mungera's Avatar
    Success!! My noob topic got commented on by "the man". I feel like I've achieved something. And as an added bonus, I learned a lot of very technical information that I'll never use but I still feel is valuable.

    And still no mom jokes - FTW!
    07-19-2010 04:57 PM
  21. Jerry Hildenbrand's Avatar
    I would think every factory would need to have it plus the OS and software developers. For this reason I would think probably 20 people in the company at least has direct access and some 100 or so with limited access to phone specific codes. Without a specific working code for each specific place it would be pretty hard to track down the source unless they track access to the files and only then it would be useful if this couldn't be done during the period of time where you would access it normally.
    Depends on how big a secret they wanna keep. Easy enough to use a separate signing key on a master build machine, that only project leaders and Senior IT can get.

    Personally, I think the whole thing stinks. Moto needs to remember that their Android users pulled them up out of the grave, and treat them a little better. The Droid is proof that a strong dev community can keep a phone in the spotlight for 10 months.
    07-19-2010 05:10 PM
  22. schizrade's Avatar
    Depends on how big a secret they wanna keep. Easy enough to use a separate signing key on a master build machine, that only project leaders and Senior IT can get.

    Personally, I think the whole thing stinks. Moto needs to remember that their Android users pulled them up out of the grave, and treat them a little better. The Droid is proof that a strong dev community can keep a phone in the spotlight for 10 months.
    Agreed.
    07-19-2010 05:29 PM
LINK TO POST COPIED TO CLIPBOARD