So i've been reading up on all the great work done here but it seems like research into the kernel has stagnated some. I'm 95% sure that i don't have anything to offer but I do have a lot of free time on my hands, so i've decided to start poking around in my NAND. I have an infectus on the way, but I have a falcon board, so I can't downgrade and dump my fuses or the 1BL.bin.
The fuses I will have to live without; i will leave the KV research to the better reverse engineers. What I am interested in is finding an unsigned code vector in the 2BL. To that end, i'd like write some code that will duplicate the signature check of the 1BL; i.e, an .exe that I can feed a NAND image that will tell me whether or not the 1BL will choke on it, without having to reflash to find out. Make sense?
However, I can't dissect the 1BL because I can't dump it from my box. So ATM I am SOL.
I'm hoping that somebody can help in any of the following ways:
1. Pointing me to a tool that already does this, at which point i will leave in shame and never return,
2. Pointing me in the right direction with some pseudocode, or
3. PM'ing or posting a link to a large meaningless number
for no reason
I'm also hoping that people will NOT tell me i'm an idiot/wasting my time. I am well aware of the futility of breaking RSA and it is not my intended plan of attack.
Thanks in advance.