10 replies to this topic

[Someolddude]

I'm one of the lucky ones who happened to be on these android forums when the boot loader unlock came out for its short time before it was patched. I often wonder if we are able to flash new Roms/Recovery's etc why can't we just replace the boot loader with an already unlocked one rather than try to crack the code that locks them? Just something I've been wondering about.

[SamuriHL]

Because there isn't an "unlocked bootloader" to flash.

[Someolddude]

What about the one on my phone or a Dev with an unlocked boot loader. That can't be copied and sent to the masses so we can unlock the world?

[SamuriHL]

You don't seem to understand what I'm saying.  When you unlocked your dev edition, you used an unlock code.  That didn't flash some magic "unlocked bootloader".  It changed an eFuse in the hardware that the bootloader checks when it's loaded to see if it should use the secure path or not.  The unlock exploit found (and patched) a year ago blew the eFuse that tells the bootloader to use the unsecure path when it's loaded.  That is the only difference.

[Someolddude]

So I'm guessing the boot loader is more of a hardware thing I guess rather than software that can be programmed in or flashed. Why does it have to be so difficult!!! Lol

[SamuriHL]

No, the bootloader is software.  What you're failing to grasp is that the software on a dev edition Moto device is *EXACTLY* the same as the software on a consumer Moto device.  The state of the hardware is what determines whether the bootloader loads in secure or unsecure mode.  All partitions are obviously signed and can only have unsigned code flashed if the bootloader loads in unsecure mode.  The TZ and GPT partitions can't be flashed on any device, unlocked or not.  The trusted zone is what runs beneath the rest of the partitions and serves as a security layer between the hardware and the bootloader/kernel.  The unlock exploit was in the trusted zone and allowed the code that blew the eFuse to render the device unlocked to be run as root.  That hole was patched and therefore is no longer unlockable.  And don't bother with the "well we'll find the signing keys then" nonsense.  128 bit encryption....it's quite well protected.  Yes, it's a difficult problem to solve. Hell, root can't even be achieved on most 4.4.2 builds.  Unless by some miracle a new security exploit is found in the TZ (and it's been looked at by the person who found the original exploit and found to be completely secure now) there is no hope of unlocking consumer Moto phones.  I'm not getting into the discussion of stolen unlock codes being sold by "a guy in China".  That's just ridiculous and should be stopped no matter how badly you want the phones unlocked.

[Someolddude]

and it's been looked at by the person who found the original exploit and found to be completely secure now)

I guess the old saying if you can't beat them hire them is what happened. When you said that were you talking about Dan because I wondered why he suddenly stopped.

[jayrod]

and it's been looked at by the person who found the original exploit and found to be completely secure now)

I guess the old saying if you can't beat them hire them is what happened. When you said that were you talking about Dan because I wondered why he suddenly stopped.

I'm not sure that he has "stopped".. More than likely though he's just not going to release his findings because well, it has become EXPECTED for him to do so by many in the community. I'm sure it is a huge PIA to find these holes but I'm pretty sure he also enjoys the challenge some.

Sent via Blacked out TapaTalk on my Eclipsed Dev X

[SamuriHL]

He stopped for a variety of reasons.  It takes an enormous amount of time to find security flaws in software.  And what people fail to understand is that it's a law of diminishing returns.  You find a bug an exploit it, they patch it.  The next one is harder to find and the cycle goes round and round until you're sitting at Android 4.4.3 and telling root application developers how they must specifically code their apps to allow root to still work.  People expect and demand exploits.  People don't take the time to learn how those exploits come into existence.  All they know is they want an unlock and/or root and why hasn't someone done it yet.  People like Dan who do that for a living have an advantage over those who are simply casting a line into the ocean and hoping for a fish.  But there's two issues...the time it takes and the lack of appreciation the community has for the work involved.  Which is how we got to where we are with root.  Even JCase is now sick of the community and is not really motivated to work on the new devices.  I can't says that I blame either of them.

[SamuriHL]

I'm not sure that he has "stopped".. More than likely though he's just not going to release his findings because well, it has become EXPECTED for him to do so by many in the community. I'm sure it is a huge PIA to find these holes but I'm pretty sure he also enjoys the challenge some.

Sent via Blacked out TapaTalk on my Eclipsed Dev X

 

Not when you do it for a living.  It's a curiosity for a while, sure, but, once it becomes a time sucking chore that isn't appreciated......why bother?

[Someolddude]

All good reasons I can't disagree with. I just happened to stumble upon all this routing and flashing when I wanted to figure you how to get the sixaxis app working. Going to hold on to this phone for as long as posable then plan on getting a Dev phone because in reality I can't expect people to keep devoting there time looking for exploits. I do appreciate all that you guys do I know there's no way I'd figure it out.