#milestone-modding | Logs for 2013-02-15

Back
[00:02:38] -!- Bavilo [Bavilo!~Bavilo@ip-109-91-43-141.unitymediagroup.de] has joined #milestone-modding
[00:05:26] -!- Bavilo1 has quit [Ping timeout: 256 seconds]
[00:07:29] -!- Grillmeister has quit [Read error: Operation timed out]
[00:11:23] -!- Bavilo1 [Bavilo1!~Bavilo@ip-109-91-43-141.unitymediagroup.de] has joined #milestone-modding
[00:14:30] -!- Bavilo has quit [Ping timeout: 256 seconds]
[00:27:57] -!- k1l [k1l!~k1l@ubuntu/member/k1l] has joined #milestone-modding
[00:31:05] -!- k1l_ has quit [Ping timeout: 255 seconds]
[00:39:13] -!- Bavilo1 has quit [Read error: Connection reset by peer]
[00:59:03] -!- pontomedon has quit [Quit: Bin nur schnell in Austin, TX]
[01:07:46] -!- mmlogs__ [mmlogs__!~mmlogs_@ip-94-113-13-24.net.upcbroadband.cz] has joined #milestone-modding
[01:09:16] -!- mmlogs_ has quit [Ping timeout: 252 seconds]
[01:09:38] -!- nadlabak has quit [Ping timeout: 252 seconds]
[01:10:35] -!- nadlabak [nadlabak!~nadlabak@ip-94-113-13-24.net.upcbroadband.cz] has joined #milestone-modding
[01:10:36] -!- mode/#milestone-modding [+o nadlabak] by ChanServ
[01:15:00] -!- Grillmeister [Grillmeister!~grillmeis@c83-250-119-8.bredband.comhem.se] has joined #milestone-modding
[01:15:00] -!- Grillmeister has quit [Changing host]
[01:15:00] -!- Grillmeister [Grillmeister!~grillmeis@unaffiliated/grillmeister] has joined #milestone-modding
[01:34:36] -!- Grillmeister has quit [Ping timeout: 244 seconds]
[02:14:21] -!- eXtremo has quit [Read error: Connection reset by peer]
[02:15:14] Skrilax_CZ is now known as Skrilax_CZ|Away
[02:19:01] -!- Grillmeister [Grillmeister!~grillmeis@unaffiliated/grillmeister] has joined #milestone-modding
[02:23:14] -!- eXtremo [eXtremo!~eXtremo@unaffiliated/extremo] has joined #milestone-modding
[02:33:50] -!- Grillmeister has quit [Ping timeout: 255 seconds]
[02:40:56] -!- Grillmeister [Grillmeister!ramschtein@2001:470:dce3:0:a00:27ff:fe50:1fd7] has joined #milestone-modding
[02:40:56] -!- Grillmeister has quit [Changing host]
[02:40:56] -!- Grillmeister [Grillmeister!ramschtein@unaffiliated/grillmeister] has joined #milestone-modding
[02:52:15] -!- Grillmeister has quit [Ping timeout: 240 seconds]
[02:52:21] -!- Grillmeister [Grillmeister!~grillmeis@c83-250-119-8.bredband.comhem.se] has joined #milestone-modding
[02:52:21] -!- Grillmeister has quit [Changing host]
[02:52:21] -!- Grillmeister [Grillmeister!~grillmeis@unaffiliated/grillmeister] has joined #milestone-modding
[03:37:21] -!- Grillmeister has quit [Ping timeout: 248 seconds]
[04:00:28] -!- Grillmeister [Grillmeister!~grillmeis@c83-250-119-8.bredband.comhem.se] has joined #milestone-modding
[04:00:28] -!- Grillmeister has quit [Changing host]
[04:00:28] -!- Grillmeister [Grillmeister!~grillmeis@unaffiliated/grillmeister] has joined #milestone-modding
[04:18:02] -!- Grillmeister has quit [Read error: Operation timed out]
[04:26:08] -!- Grillmeister [Grillmeister!~grillmeis@c83-250-119-8.bredband.comhem.se] has joined #milestone-modding
[04:26:09] -!- Grillmeister has quit [Changing host]
[04:26:09] -!- Grillmeister [Grillmeister!~grillmeis@unaffiliated/grillmeister] has joined #milestone-modding
[07:47:10] -!- mifritscher [mifritscher!~michi@p5DDE7321.dip.t-dialin.net] has joined #milestone-modding
[07:50:08] -!- dx has quit [Ping timeout: 245 seconds]
[07:51:29] -!- dx [dx!~dicks@host56.200-117-103.telecom.net.ar] has joined #milestone-modding
[07:51:30] -!- dx has quit [Changing host]
[07:51:30] -!- dx [dx!~dicks@unaffiliated/dxdx] has joined #milestone-modding
[08:05:29] -!- dx has quit [Ping timeout: 255 seconds]
[08:06:50] -!- dx [dx!~dicks@host223.200-117-100.telecom.net.ar] has joined #milestone-modding
[08:06:50] -!- dx has quit [Changing host]
[08:06:50] -!- dx [dx!~dicks@unaffiliated/dxdx] has joined #milestone-modding
[08:17:07] -!- endstille [endstille!~endstille@port-87-193-224-26.static.qsc.de] has joined #milestone-modding
[08:26:43] -!- Robot_ [Robot_!~robot@87.244.192.77] has joined #milestone-modding
[08:34:06] -!- _xvilka [_xvilka!59afa7fb@gateway/web/freenode/ip.89.175.167.251] has joined #milestone-modding
[08:34:07] -!- mode/#milestone-modding [+o _xvilka] by ChanServ
[09:05:38] <[mbm]> https://www1.informatik.uni-erlangen.de/frost
[09:06:37] <_xvilka> [mbm]: nice
[09:07:44] <[mbm]> yeah, highlights a few flaws in android security
[09:08:47] <[mbm]> I know on the nexus you can unlock, reflash the firmware and relock (with modified firmware); unlocking again will wipe
[09:09:19] <[mbm]> but on moto it seems you can only relock by flashing the stock firmware back
[09:09:35] <[mbm]> (and even then moto still shows the unlocked bootloader screen)
[09:10:18] <_xvilka> not sure how to defend phone against coldboot attack
[09:11:05] <_xvilka> except som memory wipe, but it is not quite fast do to without battery
[09:11:07] <[mbm]> well, you can prevent most of the attack surface just by having a locked bootloader that prevents flashing recovery
[09:12:00] <_xvilka> you always can put phone in liquid CO2 and dump memory chip
[09:12:06] <[mbm]> on a pc the same style attack is prevented by some bioses which erase memory on bootup
[09:12:16] <_xvilka> yes
[09:13:01] <[mbm]> I think once you get to the point your enemy is willing to take apart the phone and remove chips you've probably lost the game
[09:13:46] <_xvilka> :)
[09:13:48] <[mbm]> so the best you're ever going to do is to make things annoying, not impossible
[09:14:22] <[mbm]> article also points out another flaw -- the crypto password is the same as the unlock screen, usually a 4 digit pin
[09:14:39] <[mbm]> can't be that hard to brute force 4 digits
[09:15:07] <_xvilka> yeah.
[09:15:30] <_xvilka> even if hash it
[09:15:46] <_xvilka> though solt could help here
[09:15:54] <_xvilka> *salt
[09:16:20] <[mbm]> I do know that if you try it from the phone itself the lock screen will eventually reboot and wipe the phone .. somewhere between 20 and 30 attemps
[09:17:23] <[mbm]> which means that if you ever find a lost phone it's really easy to do a factory reset and wipe any owner
[09:21:15] -!- mifritscher has quit [Ping timeout: 260 seconds]
[09:21:56] <[mbm]> I noticed on newer moto phones the ##program menu has a new entry called "rooted"
[09:22:36] <_xvilka> do you know what does it mean?
[09:22:54] <[mbm]> tells you if the phone has been rooted or not
[09:23:11] <_xvilka> ah
[09:23:46] -!- RCFwork [RCFwork!~klaas@178-117-158-72.access.telenet.be] has joined #milestone-modding
[09:23:53] <[mbm]> same phones have a /xbin/qe that looks for changes in the filesystem and writes the "qe 1/1" to the misc partition
[09:27:08] <_xvilka> thx for the information!
[09:27:36] <_xvilka> not sure why motorola still hardening their phones, AP part
[09:27:50] <[mbm]> yeah, dunno
[09:28:17] <[mbm]> there's some really funny text you have to agree to before they even give you the code to unlock your bootloader
[09:28:40] <[mbm]> and then once you unlock the bootloader they change the bootup logo to this big warning screen of text
[09:29:15] <[mbm]> logo partition has two boot logos
[09:29:31] <[mbm]> the normal (M) one and a bunch of warning text
[09:30:05] <[mbm]> and even if you go to all the trouble of reflashing the stock firmware and relocking the bootloader it still displays the warning screen
[09:30:59] <[mbm]> (easy enough to just change the second logo to get rid of the warning screen but it seems strange that relocking doesn't revert the logo)
[09:31:29] <_xvilka> they have counter in OTP i suspect
[09:31:50] <[mbm]> yeah, thinking there's some sort of fuse thing involved
[09:32:23] <[mbm]> I also haven't figured out exactly what the ##program menu is looking for to figure out if the phone has been rooted
[09:33:18] <[mbm]> hmm .. just thought of something
[09:33:58] <[mbm]> so motorola sells developer edition phones (like mine) where you can unlock the bootloader
[09:34:15] <[mbm]> and they also sell the normal phones where you can't unlock the bootloader
[09:34:40] <[mbm]> same phone, only real difference is if your serial number is whitelisted on the moto unlock site
[09:35:01] <[mbm]> suppose that unlocking does something to the otp
[09:35:36] <[mbm]> does that mean that someone could just root their phone, write the otp and unlock the bootloader without ever using the moto unlock site?
[09:44:43] <_xvilka> looks like could be possible
[09:45:18] <_xvilka> not sure about benefits of this way
[09:54:04] <[mbm]> well, if you had one of the phones that wasn't sold as a developer edition (meaning the moto unlock site wouldn't give you an unlock code) you might be able to unlock it yourself after rooting
[09:55:14] <_xvilka> indeed
[09:57:13] <[mbm]> just need enough people with interest or knowledge to actually attack it
[10:00:53] -!- Quarx [Quarx!~Quarx@94.137.25.123] has joined #milestone-modding
[10:04:38] <_xvilka> or both :)
[10:04:56] <[mbm]> yeah
[10:12:41] <[mbm]> hmm, option to turn off wifi in sleep mode doesn't seem to work
[10:17:12] <_xvilka> [mbm]: btw, just fyi http://cloud.radare.org/enyo/ - it is just demo, but wip
[10:18:41] <[mbm]> interesting
[10:29:47] <_xvilka> goal - provide foss web-based reverse engineering platform, with collaboration support
[10:31:37] <[mbm]> nice
[10:36:17] <_xvilka> dx: sup
[10:54:45] -!- Quarx has quit [Remote host closed the connection]
[10:55:36] -!- mifritscher [mifritscher!~michi@zft-server-1.telematik-zentrum.de] has joined #milestone-modding
[11:01:54] -!- Quarx [Quarx!~Quarx@94.137.25.123] has joined #milestone-modding
[11:42:29] -!- RCFwork has quit [Ping timeout: 255 seconds]
[11:56:08] -!- RCFwork [RCFwork!~klaas@178-117-158-72.access.telenet.be] has joined #milestone-modding
[12:24:55] Skrilax_CZ|Away is now known as Skrilax_CZ
[12:29:53] <Skrilax_CZ> [mbm]: there is an efuse (SBD_EN) that control whether the bootloader can be unlocked
[12:30:12] <Skrilax_CZ> blown on RAZR (except the dev edition), but not on the QC phones for Verizon / AT&T with locked BL
[12:30:42] <[mbm]> awww
[12:30:59] <Skrilax_CZ> * RAZR as XT910 / XT192, not the HD
[12:31:14] <Skrilax_CZ> or at least I checked for the Atrix HD on AT&T
[12:31:44] <Skrilax_CZ> another efuse controls whether the phone has been unlocked (the iswarrantyvoid variable)
[12:31:49] <[mbm]> well, talking about the xt925/xt926 here
[12:31:52] <Skrilax_CZ> so you get the status code:
[12:32:06] <Skrilax_CZ> 0 - LOCKED, iswarrantyvoid=0
[12:32:13] <Skrilax_CZ> 1 - UNLOCKED, engineering phone
[12:32:19] <Skrilax_CZ> 2 - LOCKED, iswarrantyvoid=1
[12:32:37] <Skrilax_CZ> 3 - UNLOCKED, consumer phone with unlocked bootleader (iswarrantyvoid=1)
[12:34:43] <Skrilax_CZ> but I didn't reverse engineer the part involving the sgpt partition, which looks like to hold a security token
[12:35:07] <Skrilax_CZ> (this is changed between XT910 & QC phones)
[12:35:54] <Skrilax_CZ> also, you can disable unlockable BL if you mess with CID (though looks like it's recoverable)
[12:42:06] <[mbm]> interesting
[12:42:16] <[mbm]> not sure how any of that helps me though
[12:43:20] -!- fentensoft [fentensoft!~fentensof@119.49.65.104] has joined #milestone-modding
[12:56:25] -!- k1l has quit [Read error: Connection reset by peer]
[12:56:33] -!- k1l [k1l!~k1l@ubuntu/member/k1l] has joined #milestone-modding
[13:11:30] -!- RCFwork has quit [Ping timeout: 252 seconds]
[13:51:43] <Skrilax_CZ> it's just stating that it is very likely possible, but the answer lies in the unlock handler inside sbl
[14:10:06] -!- fentensoft has quit [Quit: Leaving]
[14:21:07] -!- Bavilo [Bavilo!~Bavilo@ip-109-91-43-141.unitymediagroup.de] has joined #milestone-modding
[15:14:33] -!- mifritscher has quit [Ping timeout: 244 seconds]
[15:38:17] -!- mifritscher [mifritscher!~michi@p5DDE7321.dip.t-dialin.net] has joined #milestone-modding
[15:43:55] Skrilax_CZ is now known as Skrilax_CZ|Away
[16:49:49] -!- mifritscher has quit [Quit: Leaving.]
[16:49:57] -!- mifritscher [mifritscher!~michi@p5DDE7321.dip.t-dialin.net] has joined #milestone-modding
[16:54:47] -!- Robot_ has quit [Ping timeout: 244 seconds]
[17:07:28] -!- nadlabak has quit [Read error: Connection reset by peer]
[17:07:59] -!- nadlabak [nadlabak!~nadlabak@ip-94-113-13-24.net.upcbroadband.cz] has joined #milestone-modding
[17:07:59] -!- mode/#milestone-modding [+o nadlabak] by ChanServ
[17:08:02] -!- _xvilka has quit [Quit: Page closed]
[17:41:46] Skrilax_CZ|Away is now known as Skrilax_CZ
[17:56:53] -!- endstille has quit [Quit: endstille]
[18:37:39] Skrilax_CZ is now known as Skrilax_CZ|Away
[18:56:41] Skrilax_CZ|Away is now known as Skrilax_CZ
[19:22:29] -!- Robot_ [Robot_!~robot@178.143.222.7] has joined #milestone-modding
[19:37:33] -!- endstille [endstille!~endstille@dslb-088-076-099-031.pools.arcor-ip.net] has joined #milestone-modding
[19:46:52] -!- endstille has quit [Quit: endstille]
[20:38:53] -!- Bavilo has quit [Read error: Connection reset by peer]
[20:42:40] -!- Quarx has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
[23:39:06] -!- CopyLiu has quit [Read error: Connection reset by peer]
[23:39:28] -!- CopyLiu [CopyLiu!~copyliu@2401:e800:100:8045:45fc:8c88:5bd1:cf22] has joined #milestone-modding