[quackquack147]

Hello readers!
greetings!
i am seeing too many posts regarding bootrom and many speculations and misinformation. this post will clear those. so please dont FUD and create confusion and no fear mongering please.

bootloader is locked using 2 techniques, one is HS or high security, its a register in the OMAP4430, registers are like memory or cache stored in the cpu which does a hash or value check and then goes about loading it and the secondard boot loader which is called chain loader. this is called as bootrom and unlike apple products there is/are no separate IC's (integrated circuits) for this purpose its stored in the 48 KB nonvolatile memory called SRAM which is what we call as bootrom.

the IPL or initial primary loader is signed using rsa keys, we dont know the passphrase of the keys and we know one thing its 3072 bit or more, and the IPL is 48 KB in size and its stored in a special register called sram which is inside the CPU.

so the bootloader function is like this, (pheudo diagram)

power on -> cpu check the hash -> starts IPL -> IPL contains the drivers or modules for emmc viz 16/32/64 gb -> it chainloads to second stage bootloader, thus it has only 2 drivers or modules, one for CPU and one for the primary storage device, here emmc.

now bootrom executes -> second stage loader which is called as chain loader -> now the chain loader executed all other hardware drivers or modules as we call it in *nix or linux and this activates all other devices -> then it does a signature check on the OS or OS binary firmware -> if it fails it doesnt proceed -> if it does? you get to wait for minutes till it boots and you get the final welcome screen.

thats about it. and this is the same for all HS chipsets. HS is an arm technology and vendors like TI and qualcomm and MTK are allowed to write their own register changes. which is not disclosed to public but to OEM and ODM. So the high security is generic and its generic to all HS register chipsets on many arm devices, else its a GP or general purpose CPU.

having said that HS also has one speciality, it can be bypassed by applying a resistor value and then it can be jtagged or icepicked (2 wire jtag). w/o the resistor it cant wipe the memory stored in the sram.

QNX has already released the source code and the device is based on panda board, albeit with some modification to the board it did its initial design. and they released the source code way back in 2012. its my fault that i been lazy and i been ignoring the device, else this work would have kicked off in 2012 itself. beat me up for being lazy and showing this much negligence. i am sorry. else this would have done ages ago.

now one request please read this thread before you spread rumors about bootload and security and et al, and it turns into a menace and the menace goes spirally out of control.

can some moderator make this sticky. and people need to read it first. and lastly. if you find grammar mistake and or spelling or want to re-edit this entire script? please drop me a pm with the final edited script. i dont have time to edit this post. thanks for reading this post and wasting your time.

http://forums.crackberry.com/playboo...ml#post8756059

thanks to ANTIRIM! we got a 100% confirmation bootrom is only 16 KiB or its only 16 KiloBytes!
thats it period no more confusion. and most likely RIM uses its own in-house signing technology/tool which helps it store the compression and the signature together. DONE DEAL SEALED RESEARCH. Credits goes to ANTIRIM!


Final information related to bootrom.
Bootrom is hash checked via sha1 signature that to first generation and not second generation. and its possible to do a hash collition and even gen 2 can be done by hash collition. credit goes to scrid2000, and his post pastebin.com/yHLjy2eE, thank you scrid2000


regards!

thanks!
-paul

p.s. sorry antirim. terribly sorry!
p.s. mshield details and its technical work flow is now known. read here. http://forums.crackberry.com/playboo...ml#post8790247

[quackquack147]

<reserving for future changes>
Changes to information aka addendum:
#1. Nickstermaster updated me with this valueable info that bootrom is signed with 128 bit rsa encryption. may be we can bruteforce it. having said that, we in irc are in a meeting. and we will update any new information and findings. we may be able to disable the HS and turn it into GP. stay tuned for more updates. and wish us luck. we need it.
#1a. I am again getting flying information that Blackberry bootrom uses an inhouse encryption, which we dont know what is it. if #1 is right then #1a is wrong or vice versa.
#2. I have again been updated one more thing by a user from the forum who doesnt wish to disclose his nickname/identity. that the algorithm is not the generic. but either gen2 sha256 or gen2 sha512. which means we can punch it out? No. hard. Push it out of our path? yes! only time will tell.
#3. most likely its an efuse, which means if we find the right voltage and current ampere, we can unlock the bootrom.
#4. resistor value to open efuse is 36 ohms. yes, you can now celebrate. its 36 ohms.
v=ir; v=1.8v, i=50 mA, r= 36ohms!
so we need an exact 36 ohms. i will discuss this point in the rooting post saga which is still continuing.

*#5. the register to look for is CP15. so we are right now very close. ;-)

we got voltage, resistor, current, power and register. excellent! now to test the jtag pins next week after i have all the correct info!

thanks!
-paul

[djdragon]

What would it take to get this project going? We know that Crackberry folk can be generous, even to the point of donations to fund a free Q10 for a member for their efforts.

Posted via CB10

[meltbox360]

Perhaps you should post the IRC channels in here? If this is to become the official thread.

Posted via CB10

[antiRIM]

Can you explain what this is to me please? I ran a character count and it shows there are 3180 characters

-----BEGIN RSA PRIVATE KEY-----
MIIJKQIBAAKCAgEAyANMHgzUa44/MzQvNNWrJ+PvBTpNQE7oUnnMpKJcc3rLq1I8
euX3DrzWsEzIPGf+DYvzabf5gGvdVtGjWlRdBhXuzGIGDF4Nww BsX6ssTKebT8KA
43TifxEhHmMQHvjchrYTkm1+qjyGT4JgxqfafwJbXitZUzrV36 9ywTBsJQy38lKL
E6rbII2RtHlv2geDJ01HsEljGmCHHKqdpxePt3oGx8tnTq+qxt eEJKm9yofQPkGU
TlOPAF11egOUAg1hlCc0+7bkpZAQL7qhi5Lo1UBH7+KmmCfZyJ tiE2E0c/szRa6V
EDvsomDQQOblnyZhGQD7aPC7GLWxvwZ+JGAlyRUolfNn5SeNT5 dCzxKvDrixM4DQ
EJSKtjWzXQxXwxLqoiAAgnASWBAOhVeKw14Lha7Kr+NXh8tw2b WbsXx2nQ4hV4Xq
FofyoowqCiiKafjshTLVqnhvoaKkNNTAN8cYLuT4555XbSAsyD NaelmH+vDruY+8
XYeLwfjxcPmw7oNta1iWo+6pmalRO3gdOdVlm/Bf6uj6ishNvdfDyDGzif/+pOof
0hGmGZUgVfDK7blBRSXWkENIQYbzRA+1MWCYRCYaWfYMr/lIVLKl3UEaRTHFvnVx
FGWAOg3T0ALKz64gTXzai+gJwuGFsaTaczHbFjvyMXdE4bC3L6 4scjOC9K8CAQMC
ggIBAIVXiBQIjZ0Jf3d4H3iOchqX9K4m3irfRYxRMxhsPaJR3R zhfadD+gnTOcrd
2tLv/rOyokZ6plWdPjnhF5GNk1lj9IhBWV2UCSyq8upyHYhvvN/XAJejQaoLa2mX
YBSl6FnOt7bzqcbTBDUBldnFPFSsPOlyO4zR4+p09yt1nW4Ieq GMXLfHPMBeYSL7
n+avrMTeL8rbl2brBL3HE8S6X8+mry/c74nKcdnlAsMb09xaitQruDQ3tKro+PwC
YqwI67gaI1J57cO1YB/RwQe3ReOAL/VBxGVv5oW87AzreE1SIi50Y2An8xbrNYCZ
7moZlhCrUkX10hB5ISoEVBhAGS+LDZPRt2n3I0n2kX/fyGuMSOOgMIP6V+Mqlpqd
v2si6ZCZOSDV4RELN16alQEFctLCoS3AzvNDvjzsKSyvABaoOF cGsFIVVI8h2XtS
aRrSYnlmtOlaX2skLNWficl08aHruvpJSnporYQz8nTuLQ/VdCa0WRIJdssrG2jy
s6SdkkvMTuxczLvhZo0vzj6/Wb5j1A1LiBN/nhgse5/M/JkYzHi3idWdhsJtiFrQ
61J/18Bb2N/MRs4/i6pzszGJGBskEaWVhEhvUT0nMNect+sgbf3QUHF76rQBBHvz
55M5gbstVED1ZaCVMym8HXpK6fx/X76PWb76WDthBqdyEjebAoIBAQDkMkx3ApG1
yk9oG3NpdIvDWxA+jpgVvrYkY97M3q9TabcsHm8MMatlsG5RvA G9EOin0RmxRIXO
EVVurNRwOkbtaHvTfX40L9y+RP+aQQ5pf/mjPaxP7zPqJOowPMDBYQETWRg644Sr
ZRKnYMoINqUOS1ocm5+M4BpZroRV6RLwDCAt+pkRtAJkjps2H5 Gq8vR+WcuZl11c
u9HM32CfCl+tj3R7jjz/fkupQBg+LDooG7Nb+MfDvtT71ZhEQ3LUo7+AKdDDMSln
JLqHhJz0ncJL42sIzm6bz4lDUoHNfmQhua85rVpgHOWnpGTI3p DdlzndjqLfpg61
T6znOXbiOh5VAoIBAQDgYevB0jR/DhE9TRvZjeGi6M3R+LKHSCtRbZZS2fMLIpIO
DGIjDxMZiwkd70AYzmDjB9GQ3JUXwijksRoFvDQkZFkoZB0zw+ 8bHtGSq7NT2NV1
iKAg8U0CPAo1NMjWTLrwB1f1hDDXw28+DgDsDb4iciVkmyLseX bemc83umSnBdl4
JahRwn1yqMx6SEoLbAncSAteFxAsJMfIKvffLkStPHtbQtSl3a pHk7V5PbfRYfFA
GHjNHzcrzCwd5PQ+UFvv1hDSlRnrKb5wV/zhaKI1PVa0KfuP0KLI+pRHcQ62JAV/
LtAX1GxaFI5Bz6rj5OGfU/DAmDSD4ym1aQAmLYLzAoIBAQCYIYhPVwvOht+avPeb
owfXkgrUXxAOfyQYQpSIlHTiRnodaZ9ddnJDyvQ2fVZ+C0XFNh Eg2Fk0C45JyI2g
Jtnzmv03qP7NdT3ULf+8K17w//vCKR2Kn3fxbfF1fdXWQKtiO2V8l63HmLcaQIaw
JG4Jh5FoZ7+zQBGRHwLj8LdKssAepxC2eAGYXxIkFQvHTKL+5o e7uj490ovd6kBq
BupztPhSXtNU/t0bgBApctFwEneSpdqCfzin47rYLPc4bSpVcTXXdhuaGHxaWGi j
E9bdQkdbNEm9NQYs4aveVELBJnTRHjxAE0PFGEMwlGCTuiaTtG yVGV8jinNE0Pns
Jr7jAoIBAQCVlp0r4XhUtAt+M2fmXpZsmzPhUHcE2seLnmQ3O/dcwba0CEFstLdm
XLC+n4AQiZXsr+ELPbi6gXCYdhFZKCLC7ZDFmBN31/S8vzZhx8zikI5OWxVrS4is
KAbOIzCO3dH1WjqjrXXlLPTUCVXys9QW9sOYZ2ydpk8/ETTP0ZhvWTulbnA2gaj3
GzL8MDFc8rE9hVzpZLVywy/ax0/qHthzfaeSLI3D6Rwvt85Q08/g6/YquvszaiTH
3XK+mKLUNZKf5As3DhFHcSmgOqiWRcF4048ixqe1NcHbUbgvoL R5bVj/dIq6jZ2R
YwmBNRyX7eu/jUsrECMCl3Ejm1VuyQH3AoIBAQCST2Zp431E3TF2dDMQ1l86jt Iy
Q59w3YxVKbBwShUHd4955tJPldJ2KYXTOBw6OwpYFLHaqsqd5/e29jUT5UBnWIFB
9hkhN5xoZ1Hy6RU+Dehebb9R+ByMeCaKv9sQgm1AOSBBmOL94Q mQmheu35kVxou1
kVkEfDKOy/9hn6dHgBZ3QSuPUTVVuaSK5E8ODSd6VU6yqmehH2EHo6zG/eKhnV4N
wEy1S5oJN5A2TQxxpx3jYBhsiizyhuH2wBJe90DWR7ai2KrM9U qrY3Zvz2XxsdNH
gIVccsnpOA07VtuGMu9ZKo+qHR8MoNcvI3EZ/i775w0820VbDRLcW/OUGWnm
-----END RSA PRIVATE KEY-----

[antiRIM]

Also could this be the corruption method for cfp? I opened the .rdata file in cfp and found this:

The SETHISMODE sets the Head in Sand mode of the device. The modes are developer,
user and default. In developer mode, the device will NOT reset on a catastrophic error
and will display an error code. In user mode, the device will reset on a catastrophic
error. In default mode, the HIS mode is dependent on the security of the device and
the OS loaded on it. On insecure devices, the default mode is developer mode. On secure
devices, the default mode is user mode if a SFI is loaded and developer mode if a MFI

[quackquack147]

Can you explain what this is to me please? I ran a character count and it shows there are 3180 characters

-----BEGIN RSA PRIVATE KEY-----
MIIJKQIBAAKCAgEAyANMHgzUa44/MzQvNNWrJ+PvBTpNQE7oUnnMpKJcc3rLq1I8
euX3DrzWsEzIPGf+DYvzabf5gGvdVtGjWlRdBhXuzGIGDF4Nww BsX6ssTKebT8KA
43TifxEhHmMQHvjchrYTkm1+qjyGT4JgxqfafwJbXitZUzrV36 9ywTBsJQy38lKL
E6rbII2RtHlv2geDJ01HsEljGmCHHKqdpxePt3oGx8tnTq+qxt eEJKm9yofQPkGU
TlOPAF11egOUAg1hlCc0+7bkpZAQL7qhi5Lo1UBH7+KmmCfZyJ tiE2E0c/szRa6V
EDvsomDQQOblnyZhGQD7aPC7GLWxvwZ+JGAlyRUolfNn5SeNT5 dCzxKvDrixM4DQ
EJSKtjWzXQxXwxLqoiAAgnASWBAOhVeKw14Lha7Kr+NXh8tw2b WbsXx2nQ4hV4Xq
FofyoowqCiiKafjshTLVqnhvoaKkNNTAN8cYLuT4555XbSAsyD NaelmH+vDruY+8
XYeLwfjxcPmw7oNta1iWo+6pmalRO3gdOdVlm/Bf6uj6ishNvdfDyDGzif/+pOof
0hGmGZUgVfDK7blBRSXWkENIQYbzRA+1MWCYRCYaWfYMr/lIVLKl3UEaRTHFvnVx
FGWAOg3T0ALKz64gTXzai+gJwuGFsaTaczHbFjvyMXdE4bC3L6 4scjOC9K8CAQMC
ggIBAIVXiBQIjZ0Jf3d4H3iOchqX9K4m3irfRYxRMxhsPaJR3R zhfadD+gnTOcrd
2tLv/rOyokZ6plWdPjnhF5GNk1lj9IhBWV2UCSyq8upyHYhvvN/XAJejQaoLa2mX
YBSl6FnOt7bzqcbTBDUBldnFPFSsPOlyO4zR4+p09yt1nW4Ieq GMXLfHPMBeYSL7
n+avrMTeL8rbl2brBL3HE8S6X8+mry/c74nKcdnlAsMb09xaitQruDQ3tKro+PwC
YqwI67gaI1J57cO1YB/RwQe3ReOAL/VBxGVv5oW87AzreE1SIi50Y2An8xbrNYCZ
7moZlhCrUkX10hB5ISoEVBhAGS+LDZPRt2n3I0n2kX/fyGuMSOOgMIP6V+Mqlpqd
v2si6ZCZOSDV4RELN16alQEFctLCoS3AzvNDvjzsKSyvABaoOF cGsFIVVI8h2XtS
aRrSYnlmtOlaX2skLNWficl08aHruvpJSnporYQz8nTuLQ/VdCa0WRIJdssrG2jy
s6SdkkvMTuxczLvhZo0vzj6/Wb5j1A1LiBN/nhgse5/M/JkYzHi3idWdhsJtiFrQ
61J/18Bb2N/MRs4/i6pzszGJGBskEaWVhEhvUT0nMNect+sgbf3QUHF76rQBBHvz
55M5gbstVED1ZaCVMym8HXpK6fx/X76PWb76WDthBqdyEjebAoIBAQDkMkx3ApG1
yk9oG3NpdIvDWxA+jpgVvrYkY97M3q9TabcsHm8MMatlsG5RvA G9EOin0RmxRIXO
EVVurNRwOkbtaHvTfX40L9y+RP+aQQ5pf/mjPaxP7zPqJOowPMDBYQETWRg644Sr
ZRKnYMoINqUOS1ocm5+M4BpZroRV6RLwDCAt+pkRtAJkjps2H5 Gq8vR+WcuZl11c
u9HM32CfCl+tj3R7jjz/fkupQBg+LDooG7Nb+MfDvtT71ZhEQ3LUo7+AKdDDMSln
JLqHhJz0ncJL42sIzm6bz4lDUoHNfmQhua85rVpgHOWnpGTI3p DdlzndjqLfpg61
T6znOXbiOh5VAoIBAQDgYevB0jR/DhE9TRvZjeGi6M3R+LKHSCtRbZZS2fMLIpIO
DGIjDxMZiwkd70AYzmDjB9GQ3JUXwijksRoFvDQkZFkoZB0zw+ 8bHtGSq7NT2NV1
iKAg8U0CPAo1NMjWTLrwB1f1hDDXw28+DgDsDb4iciVkmyLseX bemc83umSnBdl4
JahRwn1yqMx6SEoLbAncSAteFxAsJMfIKvffLkStPHtbQtSl3a pHk7V5PbfRYfFA
GHjNHzcrzCwd5PQ+UFvv1hDSlRnrKb5wV/zhaKI1PVa0KfuP0KLI+pRHcQ62JAV/
LtAX1GxaFI5Bz6rj5OGfU/DAmDSD4ym1aQAmLYLzAoIBAQCYIYhPVwvOht+avPeb
owfXkgrUXxAOfyQYQpSIlHTiRnodaZ9ddnJDyvQ2fVZ+C0XFNh Eg2Fk0C45JyI2g
Jtnzmv03qP7NdT3ULf+8K17w//vCKR2Kn3fxbfF1fdXWQKtiO2V8l63HmLcaQIaw
JG4Jh5FoZ7+zQBGRHwLj8LdKssAepxC2eAGYXxIkFQvHTKL+5o e7uj490ovd6kBq
BupztPhSXtNU/t0bgBApctFwEneSpdqCfzin47rYLPc4bSpVcTXXdhuaGHxaWGi j
E9bdQkdbNEm9NQYs4aveVELBJnTRHjxAE0PFGEMwlGCTuiaTtG yVGV8jinNE0Pns
Jr7jAoIBAQCVlp0r4XhUtAt+M2fmXpZsmzPhUHcE2seLnmQ3O/dcwba0CEFstLdm
XLC+n4AQiZXsr+ELPbi6gXCYdhFZKCLC7ZDFmBN31/S8vzZhx8zikI5OWxVrS4is
KAbOIzCO3dH1WjqjrXXlLPTUCVXys9QW9sOYZ2ydpk8/ETTP0ZhvWTulbnA2gaj3
GzL8MDFc8rE9hVzpZLVywy/ax0/qHthzfaeSLI3D6Rwvt85Q08/g6/YquvszaiTH
3XK+mKLUNZKf5As3DhFHcSmgOqiWRcF4048ixqe1NcHbUbgvoL R5bVj/dIq6jZ2R
YwmBNRyX7eu/jUsrECMCl3Ejm1VuyQH3AoIBAQCST2Zp431E3TF2dDMQ1l86jt Iy
Q59w3YxVKbBwShUHd4955tJPldJ2KYXTOBw6OwpYFLHaqsqd5/e29jUT5UBnWIFB
9hkhN5xoZ1Hy6RU+Dehebb9R+ByMeCaKv9sQgm1AOSBBmOL94Q mQmheu35kVxou1
kVkEfDKOy/9hn6dHgBZ3QSuPUTVVuaSK5E8ODSd6VU6yqmehH2EHo6zG/eKhnV4N
wEy1S5oJN5A2TQxxpx3jYBhsiizyhuH2wBJe90DWR7ai2KrM9U qrY3Zvz2XxsdNH
gIVccsnpOA07VtuGMu9ZKo+qHR8MoNcvI3EZ/i775w0820VbDRLcW/OUGWnm
-----END RSA PRIVATE KEY-----

this is a 3072 bit rsa key i can do even better...... here

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,FF482DFCBD7BCE51DDC90A304B0759E0

X0IxlsMT8oBMw0b1LMsFFzstVDjq+HZFHDGe9/o1Sqlr8nshCKKvrJIpssbEy1Px
3XOkvTPmM074P+QvXIvmPLmVcnRKfR+mqXTXlkYc/26KyzYJQJ3xYmykMHF/zQdZ
wHxN/30Gio23SDHX32y+tFHoOONmLZbC+8UUnRuKgh1/DJOanY22n1XbWB2oSKDl
0JZvROxKg2KbYRBoGeLb2R03vAP5yNDoEFjnvpYGS/ln1N/xp7MHK0cThiZWJkff
AZ6IOpvH3bskoaVMXcglEzZGuWP4dxKdEea1BggNAXbl1Wv418 arrDnOmYTIzr9R
lhD1A5fX/24bjIhwk6RUTrNm56ktTX3uN5JxB2degQn3BPl9qnK4mSHJRVn FbyAX
Ri4yQTDUUGfrqAB6PY3N+nYHo8uKOcx5IbsoIvu5b9ip5vtPHa 8v/0n7s/GupM5I
s/XijN+n/b98ZqMFXoUI1ARtBFbrnyqio5jkKzxnP24Kd/HLkf2cyUx3ODS23N53
H7dfzkg1ucSyPOdmWmvnSsCibeKj5zZdyeucgiioiBOUeox78C N4GLUyZur09ro3
tn/c9toOaYHNluUVilA/Cl9uvXVZIBB4HTdx7Zojk69lbNSLzAC/21J2rpIBpHrx
S2eOJxv+do9RBFRPFF51GRz4JC05jWj9cPYEkpRSMimE9YEHrU II6NPZmuGOZgQJ
wZERjUTQp+lHn9k09VKhdtP4/yMdSpD31iGiBqHzOF0nXF6jBMCk8OSM7atu+3se
suH/nAXIH2z+VojrrmEO9QZjT6vgsnyLIxA4LnwDMLmmdnkEpaMqz2 gw3YBv3yii
ZhQpekPVuXBGEvcx06vIV3Hgg8Fg1FCMS4vNzyU4dwbYAntOHI R8arcTIil4Qx5Q
5ID9BSOgROZYp6BStAJ8bB8STOf8FN1inxDxwbFr+VHM9ZcBh0 1Gl5xlTRy053cD
gL1Uv/NIrxlRuU1UpholiK+9NGdWuiiow+Fa0Hqa1iggfg+I3Gby6MLa Nni1jU6y
G/tmrdEuBKjhLYfycltXenW03Rfy4nQEhnvjlJjiGr2n9wiTJvfA NT4g+rFw6x/s
W+jfM8/KmGi/XKugL6DxM90GvQdTRhAf/1+c6ZO4dWquFGCzAygz7oH5bH5Yc66Z
wK63Bw0zC5X93kqZ/xvKZQ2diRy5LOewArtA22XUYHwUh3vIhLwfAnrEEqUuBTT+
N4UiGC8mUGfq2C71peQ2kzpYst8/iPmxNqx8gGOg74XxCOZEbUCWsy48me2c0W8w
ZqNyi6RO8Kb/uHyXAXvoNBaVVnnKPubq0WsX//PJvusQNJogeanMmZBC+Cqtzxvg
U8phzTwUpNINTLJUWWReKHwea4r+M6VwhMSM3Qcnk6NPkpYPJW toxhSZfPJ9vZk4
RmR+y2ukDM9/U3kInCE1RBuBHndsGd+CT+dUfOGIdwKTiSdjtXw0JjwiRkLWOZ rt
lPkZBcvnK14fUYTXAwR8xV02W7aw6TEIsPKYOY4IuUNo3PJP8D Gz8/egH2a4e99Y
4lnVI9uRLain1b4MyyEBiTOdsnr5LVOs/+7z5Bhad33lnOenecR2n4bj0GeMTrIZ
g56YqED/PzXiv4ruKy7O+haqisADsktNQZ74v6FNlVTvflmVUwZ2hnhU4t FXROWH
Jb8wTZX3hNWm5XiRFc+tbVFpZIvNgkQQdd5NbDhzPT6IL6MWul ax/Mg1WR3f8agP
Vw//T/29HwFA+rMJwWRTWZjmTSCAA527d1LD6Hrwcf7Tkm5/pgxCOQpde4+l6FTe
4ShFu3uss5tkj7XsH3Xp1yJAwEkrvPv7vX7lw6fk9o9Ol3HyvR JI8R44NexUoOGs
qngmR+gwXmYqjRjF1YUP5XGFXPAQJqx7cW4zyQuriRZcKjUPrW rzuFT03MlwYhb+
gTZQUip7bJ5oTHP4MlLbI5ODj3WO0hY8w+DRR+hp11XO7pvk2s a821rGI4nbx/iL
iFFU4LtErh991J1/+BiAPkSZxVFYsDtFryrgDy5zMw1CGuLcsXLTVLHKcKm0JyEL
oIYaSlpsK6SGmpCi8J6SbArLHCWTPiggJvgARGtGV6a03zAkta 56YOfJqzWWZUrP
GmMGcxoT9YL9TFpdZQjFmRfL1yd07WOPlcR98quWcCa/9ORZokAiMUoP40qHEcgK
Q4pzkXVJ0cpsebmt0QYTa6eb0B8QVjtyVIG7oB18PS3IHRdAKJ xDnPsM3iHd6gzJ
jEJr9FcUW/J6RVAGjT09O0gPxPLyuuPXYKPG6AQy9H6pqiBmD9siSY6IRVOi HH2E
GxMyPwGVMlB52aDoCOQP/eNM8AS9BLUl4HQY4Brr0rY4uxtGwgpxvHYY+URYr35t
OPHqFZfEqLclfkX7as+blQzCkc5OMeAoPWKbc4pYf9Ju9qSkuI plGWXF4BZJj0GN
w/nIfRXYCVegT/uPuogj9yWNeZr6qfFttTzwuV+fXvnIYDZ84JcBRzz0D75IVr6X
PEamZSpF/EZ1W6g5cobqNEbaVFAXkkwW35E67OVcsUC4yHzrDTrUWLHN6vb jof3N
9w0ODBkcdMlgYdbf8NPYh3QEN6ZoKG7+7rMr1D0lP4sOFYX6dY SGlmSdbREO614y
xdAwOtz6P2RIIW+wF7e9dc3f1CmMGberV9TBcxJAbo+vYiIP0G HdLCxkwOKVHqXv
knY6Iv7g2F4v5FV5IUoWno7F7Wo7Fe8dU6XtG2dw0Vv/AtWS293SOzyF/HI7G4k7
VNyMC6dTXhm32yISesJuXnaVW3oMtltHgdaFP0QRnTbzt59XAq Lja2eaefm/+nyj
ulEIcg8NLSBjbPuMPXgWRAfOMPahgBvHZ3sXPSfpkydT3rqGUc wvEdREtBwKRI7P
ZN4rnZJFTHsBYy2LrGhlNR+M3Uj40aaRnSYQ1R1RA5JmtaHOIA XO6is6ag3Vf8Zu
krZZxeYgzRmWQaqsAcfQG0uL1boNVYqzTn9ICc0lOTD1RtmFM/M7JCZpqNVOxzA1
3F1zxiR/wein5h9Cz1h6+LgGT01fJRhREc7fqXNULbGkr1LB0hIrTPcDXs o301t6
b/wFVnKcR7kXWpzkB/pkCNHSMbdWWy/KQWvx4m3Xa9tRqaIvDoM+LELypbRMYB0C
-----END RSA PRIVATE KEY-----

here you go 4096 bit rsa key and i will give you the passphrase its m3t@04!c@l lol
thats your key and its varies from system to system
thanks
-paul

[quackquack147]

Perhaps you should post the IRC channels in here? If this is to become the official thread.

Posted via CB10

will do it tomorrow. today i am a bit busy. tomorrow. please tomorrow.
thanks
-paul

[quackquack147]

Also could this be the corruption method for cfp? I opened the .rdata file in cfp and found this:

The SETHISMODE sets the Head in Sand mode of the device. The modes are developer,
user and default. In developer mode, the device will NOT reset on a catastrophic error
and will display an error code. In user mode, the device will reset on a catastrophic
error. In default mode, the HIS mode is dependent on the security of the device and
the OS loaded on it. On insecure devices, the default mode is developer mode. On secure
devices, the default mode is user mode if a SFI is loaded and developer mode if a MFI

forget their loader. thats all i can say. we will develop our signed and/or unsigned bootloader. but it will take time. please be patient.

men at work! here is what it is ->

thanks
-paul

[quackquack147]

What would it take to get this project going? We know that Crackberry folk can be generous, even to the point of donations to fund a free Q10 for a member for their efforts.

Posted via CB10

if i need one? i will ask! ;-) thanks anyway!
thanks
-paul

[quackquack147]

can moderators make this thread sticky? it will be nice if its made sticky. we will have less confusion then. thanks in advance.
thanks!
-paul

[anon9273]

I think this should be unstickied, as it contains lots of misinformation.