How the Droid X is locked down? Let me tell you what I know.
So this post is a mix of hard information and a bit of conjecture on my part (guesses). But I thought I would share it with you guys anyways.
First, Motorola is using an old technology
(introduced in 2004) in a new way. You can read here a quick write up on here.
Now once information is written to a chip, that information is static but using an eFuse chip on the board Motorola is able to write information to it after it has been placed in use.
SO HOW DOES THIS EQUAL A HARDWARE LOCKED BOOTLOADER?
The eFuse is coded with information that it either looks for or is passed to it from the bootloader. The bootloader is loaded with information it looks for when it begins the boot-up process. (I have seen the sbf file look for a certain bootloader when it begins so its safe to assume that this is the process).
Once the the eFuse verifies that the information it is looking for or that has been passed through to it by the bootloader is correct then the boot process continues. What type of information is written to the bootloader? So far i've been able to verify that the firmware information (what we call ROMS), the kernel information, and the bootloader version.
If the eFuse failes to verify this information then the eFuse receives a command to "blow the fuse" or "trip the fuse". This results in the booting process becoming corrupted and resulting in a permanent bricking of the Phone. This FailSafe is activated anytime the bootloader is tampered with or any of the above three parts of the phone has been tampered with.
The eFuse is a rewrittable module and thus once it has been tripped it can be repaired but this procedure can only be done by Motorola. It requires hardware (I'm not sure what type) and the program (I'm not sure what Motorola is using) written in JTAG.
The normal process of using an sbf file to upgrade has also been made more difficult as they have been tagged and if not properly applied or not device/build/increment specefic then they will trip the eFuse.
As you can see this is indeed going to be a tough nut to crack.
A secondary question that i've been asked, is about the future devices. I can't speak to other future devices but I have been told that this method of protection has been applied to the Droid2.
source
First, Motorola is using an old technology
(introduced in 2004) in a new way. You can read here a quick write up on here.
Now once information is written to a chip, that information is static but using an eFuse chip on the board Motorola is able to write information to it after it has been placed in use.
SO HOW DOES THIS EQUAL A HARDWARE LOCKED BOOTLOADER?
The eFuse is coded with information that it either looks for or is passed to it from the bootloader. The bootloader is loaded with information it looks for when it begins the boot-up process. (I have seen the sbf file look for a certain bootloader when it begins so its safe to assume that this is the process).
Once the the eFuse verifies that the information it is looking for or that has been passed through to it by the bootloader is correct then the boot process continues. What type of information is written to the bootloader? So far i've been able to verify that the firmware information (what we call ROMS), the kernel information, and the bootloader version.
If the eFuse failes to verify this information then the eFuse receives a command to "blow the fuse" or "trip the fuse". This results in the booting process becoming corrupted and resulting in a permanent bricking of the Phone. This FailSafe is activated anytime the bootloader is tampered with or any of the above three parts of the phone has been tampered with.
The eFuse is a rewrittable module and thus once it has been tripped it can be repaired but this procedure can only be done by Motorola. It requires hardware (I'm not sure what type) and the program (I'm not sure what Motorola is using) written in JTAG.
The normal process of using an sbf file to upgrade has also been made more difficult as they have been tagged and if not properly applied or not device/build/increment specefic then they will trip the eFuse.
As you can see this is indeed going to be a tough nut to crack.
A secondary question that i've been asked, is about the future devices. I can't speak to other future devices but I have been told that this method of protection has been applied to the Droid2.
source
Posts
No comments: