Twitter

Tuesday, 24 May 2011

Confirmed: EVO 3D’s Bootloader, Recovery, and Kernel Images All Locked Down



t seems HTC has finally caved to what are likely the security demands of wireless carriers with its newest phones, and is locking down its handsets Moto-style. Latest case in point: the EVO 3D – which sports the same sort of security we found on the Sensation earlier this month. In other words, good luck cracking into this thing.
Before we get any further, there seems to be some confusion on what exactly is "locked down." Let’s clear that up: the bootloader image itself is not encrypted. No one uses encrypted bootloaders. HTC, like Motorola, is utilizing cryptographically signed bootloader, recovery, and kernel images. Our own Justin Case has personally confirmed this:
What does that mean? It means every time your sexy new EVO 3D boots up, it runs a check against the signatures (basically, an authentication key) of the bootloader, recovery, and kernel images on your phone. If the signature of any one of those, once decrypted, does not match the internal, read-only memory stored value, your phone will refuse to boot. The only way to remedy this is to flash back to the stock image.
This stands in opposition to phones with bootloaders and other images that are merely signed – meaning they can be spoofed by essentially "tricking" the phone into believing it’s running an image with the proper signature (since the unencrypted signature can be duplicated if a full RUU image of the device is available.) Even easier are devices that can actually be unlocked, turning off signature checks completely (ala Nexus One, Nexus S, XOOM, etc.) Please note, I’m not a programmer, and am definitely butchering the niceties of what’s going on here
Cryptographically signed images are essentially, from a practical perspective, un-crackable (they use 256 bit encryption.) They’re why the DROID 2 and DROID X remain un-cracked (except through sidestepping, roundabout methods) to this day. They generally require developers to find some sort of known exploit, old engineering image of the phone, or other indirect hackery that doesn’t actually defeat the encryption, but merely circumvents it. After the debacle with the Thunderbolt’s unlocking, which was caused by a leak of an old engineering image (thus avoiding the whole problem with encrypted signatures), HTC is probably keeping a very close eye on any internal software (and leaks thereof) that might allow a user to circumvent its beefed up security.
In short: custom ROMs, kernels, and recoveries (like ClockworkMod) may never come to the EVO 3D, barring some kind of epic HTC screw-up.

0 comments:

Post a Comment

Related Posts Plugin for WordPress, Blogger...