What an absolutely insane week it has been for unlocking encrypted and signed hardware!

Update: How disappointing - nenolod turned out to be a fraud, and the whole thing was a hoax. It seemed too good to be true, and it was.

First, the Thunderbolt, which turned out to be HTC's most closed off device ever, was cracked wide open by team AndIRC within days after release, including our own Justin Case (jcase), Jamezelle, scotty2, and others.

This morning, however, we are seeing light at the end of the tunnel for devices that have been uncracked for many months - namely, Motorola Milestone and possibly Droid X, Droid 2, Charm, and other devices from the Sholes family (this, apparently, does not include the Atrix 4G).

On these devices, only updates (called SBF on Motorola devices) signed by Motorola's own private key are allowed by the boot loader - in all other cases, you end up in recovery, and the only way back is by going back to a Motorola-approved image. You can read more about this technology, called eFuse in Motorola's case, here. So, if the private key used to sign updates for these devices were somehow found or reverse engineered, it would be possible for developers to trick the boot loader into loading both custom recoveries and custom ROMs, including tweaked kernels, effectively opening up the whole device to the level that we can consider fully unlocked.

And now it's time for you to meet William Pitcock, otherwise known as @nenolod. This morning, William posted the private key used by Motorola to sign all the images along with a few other useful strings that will allow developers to create valid signed updates that can get past the boot loader, including custom ROMs and recoveries. Taking a jab at Motorola, nenolod also said this:


While it may look a bit spiteful at first glance, William's ticked off message was apparently caused by the fact that Motorola knew about the vulnerability he used to reverse engineer the key, but did nothing about it for 3 months. William is a responsible engineer and at first tried to deal with the issue privately by taking it to Motorola directly. After receiving no response and giving them multiple warnings, he released the information online.

Guess how long it took Motorola's legal team to contact him this time, forcing the takedown of the keys (hint: 2 hours).

  • December 20th, 2010 — Motorola notified of keystore vulnerability. No response received from Motorola.
  • February 20th, 2011 — Motorola notified again of keystore vulnerability. No response received from Motorola.
  • February 27th, 2011 — Motorola notified that keystore vulnerability will be disclosed to public on March 20th. No response received from Motorola.
  • March 20th, 2011 — Keystore signature generation vulnerability publically disclosed including private key leak. Response received from Motorola legal.

So, what devices does today's leak affect? We know for a fact that it works on the Milestone (if you are a Milestone user, you should be ecstatic right now) and Droid 1 (though key verification was never enabled by Motorola in the boot loader on this device). Devices that are suspected to be signed by the same key are: Droid 2, Droid X, Charm, and possibly others. I jumped on IRC and talked to William about them, but he could not verify compatibility outside of the Droid/Milestone, because he simply did not have other devices on-hand (he has a G2 now).

Unless Motorola changed the encryption key in OTA updates and newer devices released after William reported the issue in December, they should still remain vulnerable. And even if Motorola did change the keys, there is a good chance the same vulnerability was never closed, which would allow such keys to be reverse engineered on a per-device basis.

William passed all the necessary information to the group called @FreeMyMoto, who will be exploring all the options and hopefully providing further details about each of the devices in question. You can join the discussion in ProjectBootloaderFreedom's IRC chat at chat.freenode.net, channel ##pbf (that's right, 2 hashes).

TL;DR: Key used to sign updates for Droid/Milestone has been reverse engineered and published today. It possibly applies to other devices, such as Droid 2, Droid X, and Charm. These devices are now theoretically unlocked to allow custom ROMs and recoveries, with more details to follow.

The minute we post the keys here, Motorola's legal team will show up with a C&D. Thus, to preserve the information, I recommend retweeting nenolod's tweets, reposting screenshots, and spreading the information in whatever way you see fit.

Source: nenolod, @nenolod