@lgx: Never experimented with malformed sig file, but I guess you'd have to be *very* tricky, it *is* OpenSSL, after all, and I tend to trust these guys ^^.
And it's called via absolute path, so tricking the script to use something else would be tricky, given that we're on a ro rootfs at that time.
@Chinese/Duokan users: What kind of jailbreak are the Duokan guys using on the K3, anyway?
EDIT: Okay, just looked at the duokan setup. It's basically the same (previous) exploit, used in a slightly different way, tailored to their specific needs (which is installing custom software, not just a single file