hi!
i read a document from Texas instrument thats says Secure Calypso+ need a signed Flash Loader with two RSA keys (originator and manufacturer) according to the PUB_KEY of the device and i tested 3 sagem phones no one has the same as other,so how the hell legija has done this??:eek:
BR

maybe there is a small whole in security......;)

First of all, it might be that you assume that the signature is a key. In fact, most of the time, the loader gets hashed and then encrypted with private key, added to the loader.

Another option is that the keys themselfs are also encrypted by private key, decrypted using modulus and exponent in mobile.

Last option is that the keys are randomly generated using Imei or Hardware key.