Jump to content


Photo

Tell me more about bootloader code signing, please...

- - - - -

  • Please log in to reply
2 replies to this topic

#1
glossywhite

glossywhite

    Hardcore

  • Members
  • PipPipPipPipPipPip
  • 1,876 posts
Hi all.

I just downloaded these: http://www.mediafire...67cezkql2z4j4jc

and installed the "1 mfld-pos-installer-v1.5-a.exe" in a virtual machine, and when you look in the installation folder, there are two certificates: "cdc.cer" and "adb.cer" and a few tools.

Does anyone know:

1/ What these two certificates are?

2/ What the tools are, and how they are used?


When I double-click the *.cer (certificate) files - NOT installing them, up pops something about keys etc, and seems to show HEX values. I know virtually nothing about cryptography etc, but would someone else download these and have a play **DISCONNECT** your OSD **FIRST*** :P and tell me what's going on? Are these proprietary tools, and are those two certificates the ones that are needed to sign our OWN ROMS?

Very lost, but kinda, sorta know what this all is, as I was once an iOS dev, and I had to sign apps :)


Thanks - laymans terms if you please :D

  • 0

#2
shootomanUK

shootomanUK

    Diehard

  • Members
  • PipPipPipPip
  • 454 posts
  • Gender:Male
  • Location:Salford, Manchester
  • Devices:AZ210A , WT19i , DynaTAC 8000X
  • Twitter:@not got one
if i remember also there was a way to get into MEDFIELD mode on the osd running gingerbread, maybe the tool was to be used in that mode ?

  • 0

#3
Ribs85

Ribs85

    Regular

  • Members
  • PipPip
  • 108 posts
  • Gender:Male
  • Location:March, North Cambridgeshire
  • Devices:Nexus 4 16GB

Are these proprietary tools, and are those two certificates the ones that are needed to sign our OWN ROMS?

These are probably public certificates. We'll need the private ones to sign firmware and fool the OSD into running custom roms.

These work in a "private/public" pair combination. The signer has the private key, and the receiver the public key to check the signer's private key is legitimate.

This is how secure websites load on the Internet; You have the public keys in your browser to check authenticity, and the CA (Certificate Authority) has the private keys to sign certificates with, which are sent to your browser by the website.

I'll be honest, the math they use utterly baffles me, but it's damned impressive.

And no, you can't derive the private keys from the public keys :)

  • 0




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users