Motorola's Sholes Bootloader Unlocked

← Back to Stories (view on slashdot.org)

Motorola's Sholes Bootloader Unlocked

Posted by ryuzaki0 on Sunday March 20, 2011 @09:30PM from the not-the-doctor-with-the-homophonic-name dept.

teh31337one writes "Motorola's locked bootloader for their Sholes-family devices (Droid OG, Milestone, DroidX, Droid 2 etc, not Atrix 4G) has finally been cracked. @nenolod explains on his website: The Motorola Sholes platform uses a trusted bootloader environment. Signatures are stored as part of the CDT stored on the NAND flash. mbmloader verifies the signature on mbm before passing control. mbm verifies all other signatures before allowing the device to boot. There is a vulnerability in the way that Motorola generated the signatures on the sections stored in the CDT. This vulnerability is very simple. Like on the PlayStation 3, Motorola forgot to add a random value to the signature in order to mask the private key. This allowed the private key and initialization vector to be cracked. This comes at the time when HTC are also stepping up their attempts at locking down their phones . The recently released LTE flagship — ThunderBolt is their most locked-down phone to date ... They made signed images, a signed kernel, and a signed recovery. They also locked the memory."

23 of 283 comments (clear)

Min score:

Reason:

Sort:

Sorry, but no by Nuno+Sa · 2011-03-20 21:33 · Score: 5, Insightful

Even with the cracked bootloader, the company's attitude is not good, so I won't buy a phone from them.
1. Re:Sorry, but no by mwvdlee · 2011-03-20 23:12 · Score: 3, Interesting
  
  Which companies are NOT on the list?
  
  --
  Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
2. Re:Sorry, but no by teh31337one · 2011-03-21 01:11 · Score: 4, Informative
  
  Even with the cracked bootloader, the company's attitude is not good, so I won't buy a phone from them.
  Speaking of which:
  December 20th, 2010 — Motorola notified of keystore vulnerability. No response received from Motorola.
  February 20th, 2011 — Motorola notified again of keystore vulnerability. No response received from Motorola.
  February 27th, 2011 — Motorola notified that keystore vulnerability will be disclosed to public on March 20th. No response received from Motorola.
  March 20th, 2011 — Keystore signature generation vulnerability publically disclosed including private key leak. Response received from Motorola legal.(C&D)
3. Re:Sorry, but no by Lumpy · 2011-03-21 01:17 · Score: 3, Informative
  
  N900 is a 3 year old phone. call me when Nokia makes a modern version.... of which they will not because they are now a all Microsoft shop. Nokia's dead man, the body just hasn't stopped moving.
  
  --
  Do not look at laser with remaining good eye.
4. Re:Sorry, but no by teh31337one · 2011-03-21 03:02 · Score: 3, Informative
  
  http://nenolod.net/~nenolod/sholes-keyleak-explained.html
Sorry, but my New Year's resolution... by Anonymous Coward · 2011-03-20 21:33 · Score: 5, Insightful

... as a programmer is to spend less time trying to hack, tweak, or otherwise add value to platforms owned by companies who want to strip away my rights as a user to modify and operate those platforms as I see fit.
1. Re:Sorry, but my New Year's resolution... by dargaud · 2011-03-20 22:11 · Score: 3, Insightful
  
  2 years ago I bought an HTC for the very reason that there wasn't any lockdown on it. So why is it that they now want to lose me as a customer ? I don't understand that.
  
  --
  Non-Linux Penguins ?
2. Re:Sorry, but my New Year's resolution... by GNUALMAFUERTE · 2011-03-20 23:21 · Score: 5, Funny
  
  Blackberry? That's the phone that comes with a trackball, right? I heard their next model will run IBM DOS 5.0 with DOS Shell, and it'll remove the trackball in favor of a 3-button rs232 ball mouse. The DB-25 connector will increase the form factor a little bit, but damn, I'm so buying that phone.
  
  --
  WTF am I doing replying to an AC at 5 A.M on a Friday night?
3. Re:Sorry, but my New Year's resolution... by thegarbz · 2011-03-21 00:37 · Score: 4, Insightful
  
  Most of the people I know have Android or an iPhone, and they're all in search of charging outlets by early afternoon. Just can't see going back to that 90s-like level of utility, myself...
  With great power comes great battery drain. Utility is defined as being of practical use. In the 90s I had a phone that I could use to make a call and send some SMS. You want that? You got that. Buy yourself an Android phone, deactivate bluetooth, wifi and GPS. Turn off all bands associated with data transfer. Dim your screens to barely readable levels, and only ever turn on the display for the purpose to make a call. You'll find your battery will last close to 4 days. You'll also find you wasted a big portion of your devices capabilities.
  
  In terms of practical use the utility of the mobile phone has never been higher. While I was overseas I was able to click a button on my phone to turn it into a mobile access point so I could get my laptop on the internet. Yeah it chewed through battery but having that ability alone made it all worth while. While walking around Prague I was never once lost due to the GPS functionality. I was able to quickly look up public transport timetables and even book international train tickets. While sitting on the train I had a library of music available to me, and when the Japanese earthquake hit I found out about it while I was on public transport far away from a laptop or TV.
  
  The world is at my fingertips now, THAT is the utility of the modern phone, and you know what happens at the end of the day? I plug it in. Either to the wall, the car, or a common USB socket. My phone has never gone flat.
  
  As for lockdown... my phone was not locked to any provider out of the box. My phone was rooted in a matter of minutes. My phone has a custom kernel on it provided by the hobbyist hackers over at xda-developers. Neither of this added anything that the manufacturer didn't already provide, but instead simply bypassed my stupid carrier's slackness in providing updates. In fact the only thing I have so far found even slightly wrong on my phone is that I can't connect my Wiimote to it due to a bluetooth issue.
  
  Buy a Nexus S or one of the Samsung Galaxy variants.
Waste of money. by bbqsrc · 2011-03-20 21:35 · Score: 3, Insightful

Why do they spend so much money locking down the phone instead of making a competitive, lasting product that the consumer actually wants? "They also locked the memory.", what the fuck.

--
Disagree != mod troll.
Wrong way, go back by axx · 2011-03-20 21:38 · Score: 4, Insightful

Sorry, but we shouldn't have to fight teeth and nails to get proper access to devices we buy and own.
Being locked out of our own legally purchased devices is NOT normal.
Kind of like buying a computer and not being able to do what you want with it.
Wait, what is this OSX upgrade you tell me about? Sounds great, and only 29.99!

--
No wit here.
1. Re:Wrong way, go back by Kludge · 2011-03-21 01:01 · Score: 3, Insightful
  
  Ever flashed your ECU and then expect the manufacturer to cover the consequences? ... Ever bought a large dedicated device (like a specialist microscope) that comes with some ancient MacOS version on the controller PC that you can never touch or upgrade without voiding the whole setup? ... Hell, some high-end cars have tyres that "talk to" the car so they know exactly when you fitted a third-party component so they can void your warranty.
  The GP poster is not asking for the companies to cover his device when he installs something new on it. Warranties are made to be voided. He is just saying that they should stop trying to control him so that he can not install what he wants.
Re:Getting worse? by Nerdfest · 2011-03-20 21:48 · Score: 3, Informative

Hopefully it will mean sales going down for phones that are crippled, and up for those that are not. As usual, spread the word about which phones to buy. The manufacturers will only respond to lost sales (and some of them are a little too dense even for that it seems).
Money of the provider. by leuk_he · 2011-03-20 21:49 · Score: 3, Insightful

With a locked phone they can give the provider control over the phone (read: appstore ), and the telecom provider. I think Motorola hopes to make extra money from the provider instead of the consumer.
You are right, if consumers wanted a closed phone they would have bought a iPhone. an android phone is NOT a closed environment, and locking one part down in an open environment leaves a mediocre (in comparison) product.
Why the hell? by Anonymous Coward · 2011-03-20 21:51 · Score: 3, Insightful

Why can't you use your own phone as you please, even more so if it's Android, an open platform?
The only reason I can think of is piracy, which seems to be the justification for everything nowadays.
Seriously, this is a genuine question, not some sort of philosophy.
1. Re:Why the hell? by gatzke · 2011-03-20 22:06 · Score: 3, Insightful
  
  There may be network issues. Just like the FCC regulates what you do with your wifi antenna. Yes, you can get into your router and up the power on your wifi router, but I think it violates some regulations. I am not a EE, but I bet if you up the power it may screw up other frequencies.
  For a cell phone, imagine if you started spewing crap packages on their network? Or somehow masked your id and got free service? They don't want people exploiting their network, which I understand.
  Ideally they would put all the magic in hardware, then let your OS do whatever you want. Have the cellular radio chip handle everything, so the OS can just interface to it so the network is protected and you can't scam a fake ID. Then you could do whatever you want, like run up cell bills for running over your cap using p2p.
2. Re:Why the hell? by Anonymous Coward · 2011-03-21 00:49 · Score: 3, Informative
  
  As an observation, it should be noted that NOTHING of what they've done up to this point has honestly prevented anything like spewing packets on their network. The malware that got onto the phones through the app stores managed this all on it's own very nicely- and saying that this is a good reason for Apple's walled garden approach, is wrong as well as they had their malware incidents too.
  Protecting their network isn't the reason.
Re:I'm not that technically knowledgeable*... by Tukz · 2011-03-20 22:30 · Score: 4, Informative

Android itself is relativity open, however, the vendors (Motorola, HTC, SE, etc) can lock it down if they want.
Only 2 phones use Android in it's base form, everyone else use vendor modified versions.

--
- Don't do what I do, it's probably not healthy nor safe. -
Re:I'm not that technically knowledgeable*... by bemymonkey · 2011-03-20 22:31 · Score: 3, Informative

A guess as to what "Open" refers to in this context: Android is open source. iOS is not... Basically, anyone can put Android on their device.
Unfortunately, this doesn't mean that the manufacturers of mainstream Anroid devices can't lock them down so the people that buy them can't put on their own versions of self-baked Android. It's not Android's fault, but it damn well is Android's problem :(
Re:Why do they do it? by bemymonkey · 2011-03-20 22:35 · Score: 4, Insightful

In theory:
1. To appease the carriers. The less control end users have over how they use their device, the better. This allows carriers to charge out the ass for things like tethering...
2. Planned obsolescence. If every user could upgrade their device to the next version of Android easily, you'd get (*gasp*) people only buying a new phone every 4 years instead of every one or two...
3. To minimize support costs - there's always a few idiots out there that'll brick their phones and then try to RMA them. Of course, switching to PC type OS upgrade/installation system would eliminate that problem right away.
Re:I'm not that technically knowledgeable*... by thegrassyknowl · 2011-03-20 23:23 · Score: 3, Interesting

I should have pasted the whole of section 4 of the LGPL, which also makes it clear that you must provide all information required for the user to reinstall the new shared library of their choice.

--
I drink to make other people interesting!
Re:Why do they do it? by brandorf · 2011-03-20 23:48 · Score: 3, Interesting

It's pretty much 100% 1 and 2. Both the carrier and manufacturer get kickback for shipping the phones with certain apps preloaded, and since they are part of the system image, unremovable without some extra work (rooting). Every Verizon android phone, for instance, comes with Amazon Kindle/MP3, Verizon's Navigator software, CityID, and Blockbuster pre-installed, and there's nothing you can do about it. In addition, things like usb tethering (not wifi) is supposed to be a standard feature for android as of 2.2, but is disabled in most phones. As far as planned obsolescence, while you can't directly prove it, one nice example is Sony Ericsson, which promised for months and months that it would upgrade its X10 line to the latest android, then finally said it was impossible for "technical reasons", then announced its new line of phones, which would launch with the latest version of android.

--

Bork Bork Bork!!
Wrong about HTC by AliasMarlowe · 2011-03-20 23:49 · Score: 4, Interesting

From TFS:

This comes at the time when HTC are also stepping up their attempts at locking down their phones . The recently released LTE flagship — ThunderBolt is their most locked-down phone to date.
The submitter should know that the HTC Thunderbolt is just a customized variant of the HTC Desire HD provided for Verizon. Locking it up is almost certainly a Verizon-demanded attribute, and not an initiative from HTC. The Desire HD is unlocked in most of the world, and I doubt if a locked version can be obtained in countries with a more enlightened phone system.

--
Those who can make you believe absurdities can make you commit atrocities. - Voltaire