Root Certs.

[dDevilXD]

Hey. I was wondering which exact certs we needed to obtain root. I found some files on my backflip and was wondering if any would be useful.

[ATTDroids]

[turnyourbackandrun]

Anyone that knows keys/certs better than I do feel free to correct me.

I don't think that any certs that we find on the phone are going to be useful. Everything on the phone is public, meaning it's of no use to us as far as signing updates. I think what we need to do is capture a signed update.zip, and see if we can find an exploit that will allow us to add our own files (it's been done for other phones). That's the approach I've been taking...

[Joe Coolcool]

You're right. If someone can correctly capture an update.zip and find the certs I think we would have it. I have no idea how to do that though.

Someone should post a guide that on how to capture it that so we can be ready when the next update is released.

[turnyourbackandrun]

Joe, I have already captured update.zip. It's just a matter of extracting it from the captured file according to google's protocol. Also, the "next update" is released. It's 13.37. I doubt they'll release another one before the update to 2.1, but that's just me. The good news for anyone who hasn't installed it yet is that they can download it over and over again by hitting "Install later" and doing a factory reset. It's kind of unnecessary at this point, as I've captured what appears to be the entire file- just not put together right. (yet)

Also, the certs in update.zip probably won't help us. I've already extracted two of them- CERT.MF and CERT.RSA, but they don't contain private keys.

[Joe Coolcool]

Joe, I have already captured update.zip. It's just a matter of extracting it from the captured file according to google's protocol. Also, the "next update" is released. It's 13.37. I doubt they'll release another one before the update to 2.1, but that's just me. The good news for anyone who hasn't installed it yet is that they can download it over and over again by hitting "Install later" and doing a factory reset. It's kind of unnecessary at this point, as I've captured what appears to be the entire file- just not put together right. (yet)

Also, the certs in update.zip probably won't help us. I've already extracted two of them- CERT.MF and CERT.RSA, but they don't contain private keys.

Oh well dang...

Back to the drawing board.

[iTylerA]

Not sure how helpful this will be, but there is an app that allows you to read through all of the permissions (as far as I know) out doesn't allow any modifications but at least knowing whee to look could help knowing what to focus on.

Sent from my MB300 using Tapatalk

[weasel5i2]

Yes, anything released to the public is going to have public keys in it.. Won't help us much at all, I'm afraid. We need to get our hands on the private keys, but only Moto engineering has those..

-W5i2

[Joe Coolcool]

Guess there's just one option left then. Let's find a guy at Motorola and blackmail him.

[iTylerA]

i could be wrong, but i tink i have an update zip goot it from my sd card...

Files Include:
META-INF/CERT.RSA
META-INF/CERT.SF
META-INF/MANIFEST.MF
a lot of files in a "res" folder
AndroidManifest (XML DOCUMENT)
classes.dex
resources.arsc

[KidZew]

I'm using es file explorer and I've been able to access my / directory, i can open a few files but other file formats aren't supported by my phone, interesting find I thought.