|
Welcome to the GSM-Forum forums. You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. Only registered members may post questions, contact other members or search our database of over 8 million posts. Registration is fast, simple and absolutely free so please - Click to REGISTER! If you have any problems with the registration process or your account login, please contact contact us . |
|
Register | FAQ | Donate | Forum Rules | Root any Device | ★iPhone Unlock★ | ★ Direct Codes ★ | Direct Unlock Source |
GSM Programming & Reverse Engineering Here you can post all Kind of GSM Programming and Reverse Engineering tools and Secrets. |
| LinkBack | Thread Tools | Display Modes |
01-14-2014, 00:00 | #16 (permalink) |
No Life Poster Join Date: Feb 2002 Location: Russia Age: 44
Posts: 2,681
Member: 9519 Status: Offline Thanks Meter: 2,150 | this MPU configured from trustzone application and can only be disabled on chip reset. so here we are again came to finding exploit in trustzone application . and here is perfectly documented example |
01-15-2014, 17:48 | #17 (permalink) |
Junior Member Join Date: Sep 2012 Location: RAM: 0x77E60000
Posts: 25
Member: 1810861 Status: Offline Thanks Meter: 6 | I heard that the modem code is uploaded by the linux kernel during kernel boot, so if you can compile a custom kernel which uploads a patched modem image to the DSP, or does not send the "disable EBI" trustzone command (if there's such a call anyway). But if it's the bootloader who loads the modem code, all this is impossible, since the BL is signed. (And I've found some Qcomm documentations which says its the HLOS, which checks and uploads the modem image to the DSP). In this case, yes you have to find TrustZone exploits. That's not impossible, I know 3 different exploits for the Nokia BB5 trustzone implementations, and that's a pretty secure platform. |
02-04-2014, 08:54 | #18 (permalink) |
Insane Poster Join Date: Apr 2012
Posts: 93
Member: 1750726 Status: Offline Thanks Meter: 16 | This is for sure possible as this device (if it is MDM9200) is using SecureBoot2. Since (as the_laser also mentioned) we have bypassed in both SecureBoot3 versions here: Unlocking the Motorola Bootloader Exploiting Samsung Galaxy S4 Secure Boot However, if your device is using 9215/25 or 9615/25 I don't know what SecureBoot verion those are using, but you could easily find out. [lazy] In any case, unless you're running latest (last year) firmware, it is very unlikely to be patched. |
Bookmarks |
| |
|