Hacking the Droid X


Last Updated:

  1. mitchellmyler

    mitchellmyler Well-Known Member This Topic's Starter

    Joined:
    Jul 8, 2010
    Messages:
    60
    Likes Received:
    3
    So Being involved in xbox 360 community I was apart of the group of hackers who broke one of Microsoft's highly secured signatures, and continued to stay up with them. So now that I see Motorola/Verizon want to limit root access to the droid it brings me back to day everyone panic about the 360.
    So useing the skills that I have picked up from that experience I would like to apply them to the Droid X problem.

    When a company encrypts a rom its denying access to you unless you have the correct key. the xbox 360 had no cracks in this encryption so we had to work with what we had at the time. the only way we could gain access was to use the extensions that the rom would allow us to use. for the xbox 360 it was .xex. we would take our software and mimic it with the .xex extension so when the device read it, it would allow it.

    so the droid extension is .nbh if i'm not mistaking (I dont have my droid x yet) what we could do is a make a similar firmware to attach to the rom and make our favorite droid hacks look like friendly software that anyone could just download.

    A new firmware would not be that difficult to mimic it would be the flashing it to the rom that makes me scratch my head.

    I've convinced myself that simply connecting my droid x phone to my pc and gaining access to the encryption "gate" so to say just might be enough to flash it with. the other option is taking the phone apart (which to my understanding is not too difficult, just requires a t-5 screwdriver) and physically flashing it.

    well its worth a try anyway, i will only have 10 day to play with this before I go to the Naval Academy Prep School, (no electronics for 3 weeks) so maybe this can be a starting block for some of you too
     

    Advertisement
  2. damstr

    damstr Well-Known Member

    Joined:
    Feb 9, 2010
    Messages:
    408
    Likes Received:
    18
    Well I hope you can break it!
     
  3. EKG

    EKG Well-Known Member

    Joined:
    Feb 7, 2010
    Messages:
    667
    Likes Received:
    103
    Even though I didn't understand a word of what you said (other than the few times "the" was mentioned), good luck bro! get it!
     
  4. masse

    masse Well-Known Member

    Joined:
    Jun 25, 2010
    Messages:
    106
    Likes Received:
    5
    Is there a good reason they don't just let users do whatever they want with their phones?
     
  5. damstr

    damstr Well-Known Member

    Joined:
    Feb 9, 2010
    Messages:
    408
    Likes Received:
    18
    Yes it potentially costs the manufacture more money. Let says John Smith wants to flash a custom rom and some how it bricks his phone. He takes it back to Verizon and says it doesn't power on. There isn't a way Verizon can test the phone in store to find out if it was bricked because of tampering or not so they will replace it under warranty even though it isn't their or Motorola's fault the phone is bricked.

    Just an example.
     
  6. gamby

    gamby Active Member

    Joined:
    May 23, 2010
    Messages:
    26
    Likes Received:
    0
    someone should start a prize "fund" for whoever cracks the DX. I'd give $10 to the cause!
     
  7. D13

    D13 Well-Known Member

    Joined:
    May 28, 2010
    Messages:
    2,088
    Likes Received:
    234
    I would definitely donate to the dev who cracks it. As long as in doesn't require a jtag.:D

    Btw...we still don't even know if the x has an encrypted bootloader and not totally locked down. Who knows maybe if it is encrypted, there will be a "leak" of the key or something else that allows the flashing of customs roms and root access.:D
     
  8. Deathshead

    Deathshead Well-Known Member

    Joined:
    Oct 29, 2008
    Messages:
    173
    Likes Received:
    15
    the community needs more structure, like the iphone dev team,.. and guys like GEOHOT to come to the darkside.. he has got to be bored with the iphone by now and he cracked ps3 when no one else got very far.
     
  9. Greavous

    Greavous Well-Known Member

    Joined:
    Jan 3, 2010
    Messages:
    589
    Likes Received:
    67
    ^ Jtag.... reminds me of Directv for some reason...

    Godspeed to the OP
     
  10. xWraith

    xWraith Member

    Joined:
    Jun 21, 2010
    Messages:
    17
    Likes Received:
    3
    Have fun, when your done with that try cracking the ps3 for a real challenge.
     
  11. droidSPARX

    droidSPARX Well-Known Member

    Joined:
    Jun 26, 2010
    Messages:
    237
    Likes Received:
    14
    I wonder when the 2.2 OTA comes out people will be able to find a crack through that and DX recognizes it as an official firmware
     
  12. CRPercodani

    CRPercodani OFWGKTA VIP Member

    Joined:
    Oct 24, 2009
    Messages:
    2,940
    Likes Received:
    564
    .nbh is what HTC uses IIRC, and Motorola uses .sbf. However the kind of OTA updates we get are always in a zip format. Making a .sbf isn't enough as we still need to sign it with whatever method they use. Also the OMAP uses M-Shield which is a piece of actual silicon on the SoC but I don't know if Moto is actually using it or not. You definitely seem motivated and talented so best of luck to you, just know Android is a whole other beast then the 360.
     
  13. swazedahustla

    swazedahustla Well-Known Member

    Joined:
    Jun 1, 2010
    Messages:
    178
    Likes Received:
    28
  14. arcturussage

    arcturussage Well-Known Member

    Joined:
    Jun 26, 2010
    Messages:
    113
    Likes Received:
    6
    I've been wondering for a while if there's any way we can 'sign' custom roms or something to make the phone think it's legit.

    I dunno enough about the software or encryption to know if it's possible or not.
     
  15. CRPercodani

    CRPercodani OFWGKTA VIP Member

    Joined:
    Oct 24, 2009
    Messages:
    2,940
    Likes Received:
    564
  16. residentgiant

    residentgiant Member

    Joined:
    Jun 3, 2010
    Messages:
    14
    Likes Received:
    4
    I think we should just hire Kevin Mitnick to sneak the key out of Motorola. :p
     
  17. swazedahustla

    swazedahustla Well-Known Member

    Joined:
    Jun 1, 2010
    Messages:
    178
    Likes Received:
    28
  18. CRPercodani

    CRPercodani OFWGKTA VIP Member

    Joined:
    Oct 24, 2009
    Messages:
    2,940
    Likes Received:
    564
    The M-Shield is just a part of the OMAP3630 and quite a few other OMAP SoC's (System on a Chip). The link you saw is the chip in the X, sorry if I didn't make that clear.

    P.S. You don't want a phone that has enabled the M-Shield, look at all the security protocols it can handle.
     
  19. jroc

    jroc Well-Known Member

    Joined:
    Apr 10, 2010
    Messages:
    2,614
    Likes Received:
    358
    All I saw was eFuse to know this wont be easy....this is the thing JTAG helps bypass in a way. But if its similar to the 360, it has to be done while an exploit is there before the fuses get blown. eFuses can get blown with updates too.

    Again, I'm basing all this off of how it works on the 360.

    eFUSE - Wikipedia, the free encyclopedia

    Dammit. So whoever has a phone with firmware ending with .514 has a better shot then the phones released at retail. Those come with .516 and I read there will be an OTA update to .604

    Motorola DROID X MB810 (Xtreme/Shadow) Pre-Release Thread Part 3 - Information Only

    Whatever the case is.....this will not be easy.....
     
  20. CRPercodani

    CRPercodani OFWGKTA VIP Member

    Joined:
    Oct 24, 2009
    Messages:
    2,940
    Likes Received:
    564
    According the the OP of that linked thread the eFuse isn't the same as in the 360.
     
    jroc likes this.
  21. 2009m6

    2009m6 Well-Known Member

    Joined:
    Jul 7, 2010
    Messages:
    315
    Likes Received:
    51
    hence why i said dont update your X's.

    this is becoming a headache in itself.
     
  22. sanjeeva7

    sanjeeva7 Well-Known Member

    Joined:
    Jun 30, 2010
    Messages:
    172
    Likes Received:
    14
    So can this bootloader be hacked with utilities used by law enforcement like encase?
     
  23. VIO

    VIO Well-Known Member

    Joined:
    May 12, 2010
    Messages:
    263
    Likes Received:
    62
    just when Moto won me over with the DROID...back to never buying another one of their phones.

    the droid2 as well COME ON...
     

Share This Page

Loading...