MobileRead Forums - View Single Post - PRS-T2 Hacking the T2

porkupan · 10-07-2012, 04:22 PM

The updates were not signed until the PRS-G1 and PRS-T1/RU were introduced. In the PRS-T1/US and PRS-T1/JP the updates were unsigned. We managed to find an exploit in the MSC API program on the reader (switcher), which allowed us (for the Russian T1) to overwrite the Recovery Rootfs and Diags Rootfs with the ones that accepted packages signed by my key as well. Also allowed to accept unsigned images for SD boot. However, Sony has closed the hole in switcher in the T2 (amazing that they found the exact problem in their logic, which leads me to believe that they used a code analyzer tool of some sort, or stole my code that has not been published). So, a new exploit is now needed.

10-07-2012, 04:22 PM	#40
porkupan Fanatic Posts: 556 Karma: 1057213 Join Date: Sep 2006 Location: North Eastern U.S. Device: Sony Reader	The updates were not signed until the PRS-G1 and PRS-T1/RU were introduced. In the PRS-T1/US and PRS-T1/JP the updates were unsigned. We managed to find an exploit in the MSC API program on the reader (switcher), which allowed us (for the Russian T1) to overwrite the Recovery Rootfs and Diags Rootfs with the ones that accepted packages signed by my key as well. Also allowed to accept unsigned images for SD boot. However, Sony has closed the hole in switcher in the T2 (amazing that they found the exact problem in their logic, which leads me to believe that they used a code analyzer tool of some sort, or stole my code that has not been published). So, a new exploit is now needed. Last edited by porkupan; 10-07-2012 at 04:44 PM. Reason: Clarity