Page 1 of 11 12345678910 ... LastLast
Results 1 to 15 of 156
  1. #1
    offline Administrator
    Join Date
    Nov 2006
    Posts
    14,024
    Thanks
    2,800
    Thanked 3,902 Times in 2,550 Posts
    Downloads
    1
    Uploads
    0

    Let's talk about the RSA hack.

    Hey guys.

    Well, since GandjaFuzz left his project to bypass the RSA on the MOTO V6, there's nobody who wants to do it. Well the deal is this, if you have some knowledge about how to start on it, developing and stuff for this, please let us know.

    We, the Maxx V6 users, wants to use patches, and stuff like the other phones who has the RSA bypassed.

    If you have any clue on this, please, post it here, i think we can make a good team if we all work together.

    Someone told me that we need to know Argon programming or something i can't remember what...

    post your ideas...

    06/01/09 Thread update!

    The information obtained: thanks to OCM770,Skrilax_CZ,flash.tato,kn100,russoeternal

    1.- For starters you need to know the processor type to know what language the code it written in (ARM for example is one).
    2.- You can use BL03.09 upgrade (CG2) to get the code. ARGON is on ARMB (ARM Big Endian platform). The second way is to TP the phone and read it from the chip's memory (for 03.02).
    3.- We need some documentation about ARMB.
    4.- You can use IDA pro (warez) to disassemble the binary code. But there is the our problem, we need to find someone who knows how to study it etc. or in other words find a hole in the bootloader / firmware so we do not have to TP the phone in order to bypass RSA.

    Information for argon provided by kent_lkc

    Argon+ is the main processor used for all system and user applications.

    The Argon IC integrates the following three main cores:
    • Microcontroller Unit (MCU): 400MHz ARM11 used for operating system, user applications and call control.
    • Digital Signal Processor (DSP): 208MHz Motorola StarCore used for call and audio data processing.
    • Smart DMA (SDMA): 100MHz Direct Memory Access Controller used to assist communications between the MCU and DSP.

    RAZR MAXX processor.


    08/01/09 Thread update

    kent_lkc got the original 03.02 bootloader, not back up, original rom. Skrilax_CZ said that now we need someone who can disasemble it.

    and I decided to add the Testpoint Image if someone needs it.
    Attached Files Attached Files
    Last edited by russoeternal; 01-08-2009 at 03:33 PM.
    Anything you need please contact me thru Private Message.

  2. 6 Users Say Thank You to Russoeternal For This Useful Post

    adeltaY (01-05-2009), butterjoe (08-03-2009), kent_lkc (01-04-2009), Nayar (01-05-2009), RaMi (01-05-2009), tomauswustrow (02-20-2010)

  3. #2
    kn100's Avatar
    offline I am a huge fan of Clarkey's "Buy Now Pay Never" scheme
    Join Date
    Apr 2007
    Location
    South Wales, UK
    Posts
    3,925
    Thanks
    947
    Thanked 1,393 Times in 878 Posts
    Downloads
    391
    Uploads
    2
    Argon is the version of the bootloader, you need to know how to read the code behind the bootloader to crack RSA

  4. The Following User Says Thank You to kn100 For This Useful Post:

    kent_lkc (01-04-2009)

  5. #3
    offline Administrator
    Join Date
    Nov 2006
    Posts
    14,024
    Thanks
    2,800
    Thanked 3,902 Times in 2,550 Posts
    Downloads
    1
    Uploads
    0
    is there a way to know how to read it?
    Anything you need please contact me thru Private Message.

  6. #4
    OCM's Avatar
    OCM
    offline There is no spoon
    Join Date
    May 2009
    Location
    main()
    Posts
    3,388
    Thanks
    1,122
    Thanked 1,429 Times in 740 Posts
    Downloads
    7
    Uploads
    0
    For starters you need to know the processor type to know what language the code it written in (ARM for example is one)
    You see, madness, as you know, is like gravity. All it takes is a little push.

  7. 2 Users Say Thank You to OCM For This Useful Post

    kent_lkc (01-04-2009), RaMi (01-05-2009)

  8. #5
    Skrilax_CZ's Avatar
    offline Retired Moderator
    Join Date
    Feb 2007
    Location
    Prague
    Posts
    5,246
    Thanks
    1,881
    Thanked 3,157 Times in 1,339 Posts
    Downloads
    28
    Uploads
    29
    You can use BL03.09 upgrade (CG2) to get the code. ARGON is on ARMB (ARM Big Endian platform). The second way is to TP the phone and read it from the chip's memory (for 03.02).

    Thanks Semseddin for the signature and avatar.

  9. 4 Users Say Thank You to Skrilax_CZ For This Useful Post

    kent_lkc (01-04-2009), RaMi (01-05-2009), Russoeternal (01-04-2009), USSS (01-04-2009)

  10. #6
    offline Administrator
    Join Date
    Nov 2006
    Posts
    14,024
    Thanks
    2,800
    Thanked 3,902 Times in 2,550 Posts
    Downloads
    1
    Uploads
    0
    Will be useful the testpoing image that we already have, or do we need to find another point?
    Anything you need please contact me thru Private Message.

  11. #7
    Nayar's Avatar
    offline L0ve for all, Hatred for none
    Join Date
    Nov 2007
    Location
    Mauritius
    Posts
    1,658
    Thanks
    543
    Thanked 203 Times in 136 Posts
    Downloads
    95
    Uploads
    0
    Quote Originally Posted by Skrilax_CZ View Post
    You can use BL03.09 upgrade (CG2) to get the code. ARGON is on ARMB (ARM Big Endian platform). The second way is to TP the phone and read it from the chip's memory (for 03.02).
    My suggestion.We will need to find a tool which can convert ARMB to binary instantaneously and we will have to find the source code by trial and error.

  12. The Following User Says Thank You to Nayar For This Useful Post:

    kent_lkc (01-04-2009)

  13. #8
    offline Administrator
    Join Date
    Nov 2006
    Posts
    14,024
    Thanks
    2,800
    Thanked 3,902 Times in 2,550 Posts
    Downloads
    1
    Uploads
    0
    Talking with flash.tato a while ago, he told me that we need all the documentation about ARMB.

    Is there a convertor from ARMB to binary?
    Anything you need please contact me thru Private Message.

  14. The Following User Says Thank You to Russoeternal For This Useful Post:

    Nayar (01-04-2009)

  15. #9
    offline Administrator
    Join Date
    Nov 2006
    Posts
    14,024
    Thanks
    2,800
    Thanked 3,902 Times in 2,550 Posts
    Downloads
    1
    Uploads
    0
    well, browsing on the internet, i just found this PDF

    ELF for ARM

    dunno if it's helpfull
    Last edited by russoeternal; 01-06-2009 at 04:13 PM.
    Anything you need please contact me thru Private Message.

  16. 2 Users Say Thank You to Russoeternal For This Useful Post

    kent_lkc (01-04-2009), RaMi (01-05-2009)

  17. #10
    Nayar's Avatar
    offline L0ve for all, Hatred for none
    Join Date
    Nov 2007
    Location
    Mauritius
    Posts
    1,658
    Thanks
    543
    Thanked 203 Times in 136 Posts
    Downloads
    95
    Uploads
    0
    With what program did flash.tato write the custom firmware for the v3x?

  18. #11
    Skrilax_CZ's Avatar
    offline Retired Moderator
    Join Date
    Feb 2007
    Location
    Prague
    Posts
    5,246
    Thanks
    1,881
    Thanked 3,157 Times in 1,339 Posts
    Downloads
    28
    Uploads
    29
    You can use IDA pro (warez) to disassemble the binary code. But there is the our problem, we need to find someone who knows how to study it etc. or in other words find a hole in the bootloader / firmware so we do not have to TP the phone in order to bypass RSA.

    Thanks Semseddin for the signature and avatar.

  19. 2 Users Say Thank You to Skrilax_CZ For This Useful Post

    Nayar (01-05-2009), RaMi (01-05-2009)

  20. #12
    Nayar's Avatar
    offline L0ve for all, Hatred for none
    Join Date
    Nov 2007
    Location
    Mauritius
    Posts
    1,658
    Thanks
    543
    Thanked 203 Times in 136 Posts
    Downloads
    95
    Uploads
    0
    I really don't want to TP my phone.

    What does it mean a hole in the firmware. Any illustrations?

  21. #13
    kn100's Avatar
    offline I am a huge fan of Clarkey's "Buy Now Pay Never" scheme
    Join Date
    Apr 2007
    Location
    South Wales, UK
    Posts
    3,925
    Thanks
    947
    Thanked 1,393 Times in 878 Posts
    Downloads
    391
    Uploads
    2
    a bug in the firmware, allowing for unauthorised code to run

  22. #14
    offline Administrator
    Join Date
    Nov 2006
    Posts
    14,024
    Thanks
    2,800
    Thanked 3,902 Times in 2,550 Posts
    Downloads
    1
    Uploads
    0
    Interesting, will see if someone of my job knows about it. (I'm working on Microsoft)
    Anything you need please contact me thru Private Message.

  23. #15
    Nayar's Avatar
    offline L0ve for all, Hatred for none
    Join Date
    Nov 2007
    Location
    Mauritius
    Posts
    1,658
    Thanks
    543
    Thanked 203 Times in 136 Posts
    Downloads
    95
    Uploads
    0
    Please pm me the software you are using so that i can help. Please also post a work-plan

Page 1 of 11 12345678910 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •