Android rooting status
Ok, so I haven’t updated on this in a while and figured I should. The exploit I was going after apparently didn’t exist, I missed the check which rendered that attack useless. The next attack is the fastboot vector mentions elsewhere on the web the last several days. However so far I don’t see where he got his data from about that being exloitable. I can’t find sourcecode to anything but the client/pc side app. And those obviously can’t tell us what the phone side does. Provided he’s right we’d need to modify the pc app to send more then the safe limit and figure out where our code dumps to and how many bytes we have to work with.
There is also the potential to bruteforce the RSA signing key with a distributed attack via boinc. I haven’t looked too far into what keysize they used but if it’s within reason, that could be a good solution as well.
i believe the RSA key used to sign the updates are 2048, i might be wrong on that though
Any key size beyond 56bit will take years to brut force.
Wrong, up to 512 bits is really fast now. Htc appears to be using 1024bits however.
Any more updates on this?