Main Page
About this site
This wiki documents our research on the Motorola Droid-family phones (including Milestone) internals. These phones are:
|
|
Information for volunteers
If you are a developer and have some code-project for the Droid family of smartphones(e.g. Milestone) - enjoy us on Gitorious
Even if you're not the technical type, you too can help us mod the Milestone by participating in the PR campaign to force Motorola to unlock it.
If you're technical type - see our Roadmap and progress in our Projects.
See the content index here.
|
|
2ndboot
A minature bootloader that is called from the original kernel and boots custom one. As of 11/10/2012, czechop created a patch to keep Wrigley 3G modem working under the child kernel (when called at “sh hijack” time). No issues on Motorola Milestone with the child kernel.
Vulnerability hunting
As far as we know now this attack is, if not a waste of time, at least a very long shot. The idea is that reverse engineering the boot ROM, mbmloader and/or mbm might allow us to find some exploitable vulnerability in order to gain control of the boot process. Since we already have the source code for lbl, it might be useful too. Mike Baker([mbm]) has written a mode memory dumper and dumped Droid public ROM. As we found - all roms for omap3430 are identical. Same situation for the omap3630. See here: Boot chain
Open Recovery
Uses the payload exploit to start the custom recovery application. Supports rooting the phone from menu, as well as taking backups and flashing unsigned update *.zip files. Also runs ADB.
2ndinit
This thing basically inject code to /init to "restart itself" allowing you to use custom init binary and init.rc scripts without side effects.