Hacking the Droid X

[mitchellmyler]

So Being involved in xbox 360 community I was apart of the group of hackers who broke one of Microsoft's highly secured signatures, and continued to stay up with them. So now that I see Motorola/Verizon want to limit root access to the droid it brings me back to day everyone panic about the 360.
So useing the skills that I have picked up from that experience I would like to apply them to the Droid X problem.

When a company encrypts a rom its denying access to you unless you have the correct key. the xbox 360 had no cracks in this encryption so we had to work with what we had at the time. the only way we could gain access was to use the extensions that the rom would allow us to use. for the xbox 360 it was .xex. we would take our software and mimic it with the .xex extension so when the device read it, it would allow it.

so the droid extension is .nbh if i'm not mistaking (I dont have my droid x yet) what we could do is a make a similar firmware to attach to the rom and make our favorite droid hacks look like friendly software that anyone could just download.

A new firmware would not be that difficult to mimic it would be the flashing it to the rom that makes me scratch my head.

I've convinced myself that simply connecting my droid x phone to my pc and gaining access to the encryption "gate" so to say just might be enough to flash it with. the other option is taking the phone apart (which to my understanding is not too difficult, just requires a t-5 screwdriver) and physically flashing it.

well its worth a try anyway, i will only have 10 day to play with this before I go to the Naval Academy Prep School, (no electronics for 3 weeks) so maybe this can be a starting block for some of you too

 

[damstr]

Well I hope you can break it!

 

[EKG]

Even though I didn't understand a word of what you said (other than the few times "the" was mentioned), good luck bro! get it!

 

[masse]

Is there a good reason they don't just let users do whatever they want with their phones?

 

[damstr]

Is there a good reason they don't just let users do whatever they want with their phones?

Yes it potentially costs the manufacture more money. Let says John Smith wants to flash a custom rom and some how it bricks his phone. He takes it back to Verizon and says it doesn't power on. There isn't a way Verizon can test the phone in store to find out if it was bricked because of tampering or not so they will replace it under warranty even though it isn't their or Motorola's fault the phone is bricked.

Just an example.

 

[gamby]

someone should start a prize "fund" for whoever cracks the DX. I'd give $10 to the cause!

 

[D13]

I would definitely donate to the dev who cracks it. As long as in doesn't require a jtag.

Btw...we still don't even know if the x has an encrypted bootloader and not totally locked down. Who knows maybe if it is encrypted, there will be a "leak" of the key or something else that allows the flashing of customs roms and root access.

 

[Deathshead]

the community needs more structure, like the iphone dev team,.. and guys like GEOHOT to come to the darkside.. he has got to be bored with the iphone by now and he cracked ps3 when no one else got very far.

 

[Greavous]

^ Jtag.... reminds me of Directv for some reason...

Godspeed to the OP

 

[xWraith]

Have fun, when your done with that try cracking the ps3 for a real challenge.

 

[droidSPARX]

I wonder when the 2.2 OTA comes out people will be able to find a crack through that and DX recognizes it as an official firmware

 

[CRPercodani]

.nbh is what HTC uses IIRC, and Motorola uses .sbf. However the kind of OTA updates we get are always in a zip format. Making a .sbf isn't enough as we still need to sign it with whatever method they use. Also the OMAP uses M-Shield which is a piece of actual silicon on the SoC but I don't know if Moto is actually using it or not. You definitely seem motivated and talented so best of luck to you, just know Android is a whole other beast then the 360.

 

[swazedahustla]

How the Droid X is locked down? Let me tell you what I know.

Some more info on what people have found about the x's locked down bootloader. Seems if you try and crack it you will brick your phone. Moto is not playing around.

 

[arcturussage]

I've been wondering for a while if there's any way we can 'sign' custom roms or something to make the phone think it's legit.

I dunno enough about the software or encryption to know if it's possible or not.

 

[CRPercodani]

How the Droid X is locked down? Let me tell you what I know.

Some more info on what people have found about the x's locked down bootloader. Seems if you try and crack it you will brick your phone. Moto is not playing around.

Ouch....This seems even worse then something like M-Shield which is what I thought they would use. http://focus.ti.com/general/docs/wt...ateId=6123&navigationId=12836&contentId=52606

 

[residentgiant]

someone should start a prize "fund" for whoever cracks the DX. I'd give $10 to the cause!

I think we should just hire Kevin Mitnick to sneak the key out of Motorola.

 

[swazedahustla]

Ouch....This seems even worse then something like M-Shield which is what I thought they would use. http://focus.ti.com/general/docs/wt...ateId=6123&navigationId=12836&contentId=52606

Do you know of any phones running that M-Shield currently. That is pretty nice actually.

 

[CRPercodani]

The M-Shield is just a part of the OMAP3630 and quite a few other OMAP SoC's (System on a Chip). The link you saw is the chip in the X, sorry if I didn't make that clear.

P.S. You don't want a phone that has enabled the M-Shield, look at all the security protocols it can handle.

 

[jroc]

All I saw was eFuse to know this wont be easy....this is the thing JTAG helps bypass in a way. But if its similar to the 360, it has to be done while an exploit is there before the fuses get blown. eFuses can get blown with updates too.

Again, I'm basing all this off of how it works on the 360.

eFUSE - Wikipedia, the free encyclopedia

Dammit. So whoever has a phone with firmware ending with .514 has a better shot then the phones released at retail. Those come with .516 and I read there will be an OTA update to .604

Motorola DROID X MB810 (Xtreme/Shadow) Pre-Release Thread Part 3 - Information Only

Whatever the case is.....this will not be easy.....

 

[CRPercodani]

According the the OP of that linked thread the eFuse isn't the same as in the 360.

 

[2009m6]

hence why i said dont update your X's.

this is becoming a headache in itself.

 

[sanjeeva7]

So can this bootloader be hacked with utilities used by law enforcement like encase?

 

[VIO]

just when Moto won me over with the DROID...back to never buying another one of their phones.

the droid2 as well COME ON...