Droid X’s Defenses Makes Jailbreaking Look Easy

Motorola is cracking down hard on modders, who have previously enjoyed a huge amount of freedom with their Android devices. The Android equivalent of jailbreaking is called “rooting”, which gives the user administrative privileges, and allows them to install custom ROMs. This allows users to have full control over their device, and is in my opinion the best part of the Android experience.

Motorola has locked down the bootloader of the Droid X, stopping users from rooting their devices. They did the same thing on the Milestone, which proved to be a tough nut to crack. In addition to the locked bootloader, they have also introduced an “eFuse”. This essentially causes the phone to self-destruct if it detects a rooting attempt, and can only be fixed by Motorola.

Here is a full explanation from p3droid at My Droid World:

The eFuse is coded with information that it either looks for or is passed to it from the bootloader. The bootloader is loaded with information it looks for when it begins the boot-up process. (I have seen the sbf file look for a certain bootloader when it begins so its safe to assume that this is the process).

Once the the eFuse verifies that the information it is looking for or that has been passed through to it by the bootloader is correct then the boot process continues. What type of information is written to the bootloader? So far i’ve been able to verify that the firmware information (what we call ROMS), the kernel information, and the bootloader version.

If the eFuse failes to verify this information then the eFuse receives a command to “blow the fuse” or “trip the fuse”. This results in the booting process becoming corrupted and resulting in a permanent bricking of the Phone. This FailSafe is activated anytime the bootloader is tampered with or any of the above three parts of the phone has been tampered with.

The eFuse is a rewrittable module and thus once it has been tripped it can be repaired but this procedure can only be done by Motorola. It requires hardware (I’m not sure what type) and the program (I’m not sure what Motorola is using) written in JTAG.

The Android community has some of the brightest developers in the mobile world, who have been able to root many different devices; but will the kill-switch on the Droid X prevent it from being hacked? Motorola sure hopes so, but has alienated a large chunk of their market in the process. Of course this is only one manufacture, and Google, the brain behind Android, encourages open-source software and freedom of choice.

With every firmware update, Apple attempts to block exploits that jailbreakers use to gain access to the device, but they have never done anything quite this extreme. Maybe it is because they know that jailbreaking is essential for the device to appeal to all market segments, or because they know that a full lockdown would cause an outrage.

What would happen to the jailbreak community if Apple introduced their own kill-switch? Would users switch to a more open platform, or stick with older devices? Would they accept a device that was locked down in a “walled garden”, or would they rebel?

We can only hope that Motorola is the exception, and other companies like Apple will not follow suit.

[My Droid World]

Post a response / What do you think?