Slashdot Mirror

← Back to Stories (view on slashdot.org)

Motorola's Sholes Bootloader Unlocked

Posted by ryuzaki0 on from the not-the-doctor-with-the-homophonic-name dept.

teh31337one writes "Motorola's locked bootloader for their Sholes-family devices (Droid OG, Milestone, DroidX, Droid 2 etc, not Atrix 4G) has finally been cracked. @nenolod explains on his website: The Motorola Sholes platform uses a trusted bootloader environment. Signatures are stored as part of the CDT stored on the NAND flash. mbmloader verifies the signature on mbm before passing control. mbm verifies all other signatures before allowing the device to boot. There is a vulnerability in the way that Motorola generated the signatures on the sections stored in the CDT. This vulnerability is very simple. Like on the PlayStation 3, Motorola forgot to add a random value to the signature in order to mask the private key. This allowed the private key and initialization vector to be cracked. This comes at the time when HTC are also stepping up their attempts at locking down their phones . The recently released LTE flagship — ThunderBolt is their most locked-down phone to date ... They made signed images, a signed kernel, and a signed recovery. They also locked the memory."

12 of 283 comments (clear)

  1. Sorry, but no by Nuno+Sa · · Score: 5, Insightful

    Even with the cracked bootloader, the company's attitude is not good, so I won't buy a phone from them.

  2. Sorry, but my New Year's resolution... by Anonymous Coward · · Score: 5, Insightful

    ... as a programmer is to spend less time trying to hack, tweak, or otherwise add value to platforms owned by companies who want to strip away my rights as a user to modify and operate those platforms as I see fit.

    1. Re:Sorry, but my New Year's resolution... by dargaud · · Score: 3, Insightful

      2 years ago I bought an HTC for the very reason that there wasn't any lockdown on it. So why is it that they now want to lose me as a customer ? I don't understand that.

      --
      Non-Linux Penguins ?
    2. Re:Sorry, but my New Year's resolution... by thegarbz · · Score: 4, Insightful

      Most of the people I know have Android or an iPhone, and they're all in search of charging outlets by early afternoon. Just can't see going back to that 90s-like level of utility, myself...

      With great power comes great battery drain. Utility is defined as being of practical use. In the 90s I had a phone that I could use to make a call and send some SMS. You want that? You got that. Buy yourself an Android phone, deactivate bluetooth, wifi and GPS. Turn off all bands associated with data transfer. Dim your screens to barely readable levels, and only ever turn on the display for the purpose to make a call. You'll find your battery will last close to 4 days. You'll also find you wasted a big portion of your devices capabilities.

      In terms of practical use the utility of the mobile phone has never been higher. While I was overseas I was able to click a button on my phone to turn it into a mobile access point so I could get my laptop on the internet. Yeah it chewed through battery but having that ability alone made it all worth while. While walking around Prague I was never once lost due to the GPS functionality. I was able to quickly look up public transport timetables and even book international train tickets. While sitting on the train I had a library of music available to me, and when the Japanese earthquake hit I found out about it while I was on public transport far away from a laptop or TV.

      The world is at my fingertips now, THAT is the utility of the modern phone, and you know what happens at the end of the day? I plug it in. Either to the wall, the car, or a common USB socket. My phone has never gone flat.

      As for lockdown... my phone was not locked to any provider out of the box. My phone was rooted in a matter of minutes. My phone has a custom kernel on it provided by the hobbyist hackers over at xda-developers. Neither of this added anything that the manufacturer didn't already provide, but instead simply bypassed my stupid carrier's slackness in providing updates. In fact the only thing I have so far found even slightly wrong on my phone is that I can't connect my Wiimote to it due to a bluetooth issue.

      Buy a Nexus S or one of the Samsung Galaxy variants.

  3. Waste of money. by bbqsrc · · Score: 3, Insightful

    Why do they spend so much money locking down the phone instead of making a competitive, lasting product that the consumer actually wants? "They also locked the memory.", what the fuck.

    --
    Disagree != mod troll.
  4. Wrong way, go back by axx · · Score: 4, Insightful

    Sorry, but we shouldn't have to fight teeth and nails to get proper access to devices we buy and own.

    Being locked out of our own legally purchased devices is NOT normal.

    Kind of like buying a computer and not being able to do what you want with it.

    Wait, what is this OSX upgrade you tell me about? Sounds great, and only 29.99!

    --
    No wit here.
    1. Re:Wrong way, go back by Kludge · · Score: 3, Insightful

      Ever flashed your ECU and then expect the manufacturer to cover the consequences? ... Ever bought a large dedicated device (like a specialist microscope) that comes with some ancient MacOS version on the controller PC that you can never touch or upgrade without voiding the whole setup? ... Hell, some high-end cars have tyres that "talk to" the car so they know exactly when you fitted a third-party component so they can void your warranty.

      The GP poster is not asking for the companies to cover his device when he installs something new on it. Warranties are made to be voided. He is just saying that they should stop trying to control him so that he can not install what he wants.

  5. Money of the provider. by leuk_he · · Score: 3, Insightful

    With a locked phone they can give the provider control over the phone (read: appstore ), and the telecom provider. I think Motorola hopes to make extra money from the provider instead of the consumer.

    You are right, if consumers wanted a closed phone they would have bought a iPhone. an android phone is NOT a closed environment, and locking one part down in an open environment leaves a mediocre (in comparison) product.

  6. Why the hell? by Anonymous Coward · · Score: 3, Insightful

    Why can't you use your own phone as you please, even more so if it's Android, an open platform?

    The only reason I can think of is piracy, which seems to be the justification for everything nowadays.

    Seriously, this is a genuine question, not some sort of philosophy.

    1. Re:Why the hell? by gatzke · · Score: 3, Insightful

      There may be network issues. Just like the FCC regulates what you do with your wifi antenna. Yes, you can get into your router and up the power on your wifi router, but I think it violates some regulations. I am not a EE, but I bet if you up the power it may screw up other frequencies.

      For a cell phone, imagine if you started spewing crap packages on their network? Or somehow masked your id and got free service? They don't want people exploiting their network, which I understand.

      Ideally they would put all the magic in hardware, then let your OS do whatever you want. Have the cellular radio chip handle everything, so the OS can just interface to it so the network is protected and you can't scam a fake ID. Then you could do whatever you want, like run up cell bills for running over your cap using p2p.

  7. Re:Why do they do it? by bemymonkey · · Score: 4, Insightful

    In theory:

    1. To appease the carriers. The less control end users have over how they use their device, the better. This allows carriers to charge out the ass for things like tethering...

    2. Planned obsolescence. If every user could upgrade their device to the next version of Android easily, you'd get (*gasp*) people only buying a new phone every 4 years instead of every one or two...

    3. To minimize support costs - there's always a few idiots out there that'll brick their phones and then try to RMA them. Of course, switching to PC type OS upgrade/installation system would eliminate that problem right away.

  8. Re:Getting worse? by Anonymous Coward · · Score: 2, Insightful

    Then SKILLED CONSUMERS will move on to other, LESS rewarding areas of study.

    Fixed that for you.