How is CID49 different?

[freewaycomms]

This is just a general interest post to help me understand things better, but what is different about CID49 to previous CID versions?

I don't mean how you unlock, i mean the general workings of defeating it.

For instance. I guess part of the problem is the RSA protection. Is it just increased protection or totally new type of RSA or is it something deeper?

Also what about certificates?

Do you think the way of unlocking them now will stay this way or do you think it will get easier as more understanding of the architecture are found?

Sorry if this is not a support question, but i do think if you have an understanding of how SEMC ticks things make more sense

Cheers
FWC

[muppet]

Quote:

Originally Posted by freewaycomms

This is just a general interest post to help me understand things better, but what is different about CID49 to previous CID versions?

I don't mean how you unlock, i mean the general workings of defeating it.

For instance. I guess part of the problem is the RSA protection. Is it just increased protection or totally new type of RSA or is it something deeper?

The idea of "defeating RSA protection" is a little bit over the top. There is are known exploits for the RSA algorithm itself, but there are exploits and bugs to found in various people's (such as SE) implementions of it.

This is what's been done in the lower CID versions, various holes have been found in the applets associated with these CIDs. In very early versions (CID29) it was simple to bypass the security and unlock the phone. Those holes were closed up, but other holes were found to allow conversion of the phone to brown. Having the phone brown is a good thing, it's possible to run any code you like on a brown phone because of reasons I won't go into.

Quote:

Originally Posted by freewaycomms

Also what about certificates?

As above, a CID is basically that, a certificate. It's not the certificates that have the holes, it's the applets that support those certificates that are vulnerable to attack.

Quote:

Originally Posted by freewaycomms

Do you think the way of unlocking them now will stay this way or do you think it will get easier as more understanding of the architecture are found?

I think it will only get harder. SE have the advantage here as each time a hole is found, SE just have to move to a new certificate (ie go to a higher CID), the underlying protocols used to talk to the phone don't really change.

Quote:

Originally Posted by freewaycomms

Sorry if this is not a support question, but i do think if you have an understanding of how SEMC ticks things make more sense

Cheers
FWC

Couldn't agree more.

What I've posted above is my understanding of it, having read this forum (and others.) I don't claim to be an expert so it's highly likley that some of what I've posted above is factually incorrect, but I think the general gist of it is right.

[freewaycomms]

Thanks for the insight Muppet. So in fact it's the certificate/applets controlling them that gives the problems, Not the actual RSA itself?

I got a little befuddled because in cruiser you can "Unlock RSA" or "Replace Certificate" - understandably the brown certificate give almost "ADMIN" privileges in accessing the underlying protocols, but with CID49 it seems we have moved back to "Unlock RSA" - albeit by firmware alteration - that's what caused me to think about how it's different

Also there is now the issue of not replacing certificates from red/brown in 49 as well - i guess someone like lead who understands the architecture would make perfect sense of it, but us mere users have only got logic to try and follow!

FWC