havikx wrote:Are there any other devices that use the atom processor that are android and have been rooted. If so...id say start there. I'm on 3.1 and was looking up how to root some 3.1 tabs but they all look device specific exploits.
I'm down to mess around if any1 has any ideas.
Android has been predominately ARM, and of the x86 Android devices that I know of, none of them except the GTV devices use one of the Intel Atom CE processors.
I found this list
of SoCs and the devices they're in:
Intel CE4100 (Sodaville) family
- SGX535 + Atom-based CPU
Orange Orange Box
Sony Bravia Internet TV NSX-GT1
Sony Internet TV Blu-Ray Player NSZ-GT1
Intel CE4110 (Sodaville)
- SGX535 at 200MHz + Atom-based CPU at 1.2GHz
D-Link Boxee Box
Intel CE4150 (Sodaville)
- SGX535 at 400MHz + Atom-based CPU at 1.2GHz
Logitech Revue (970-000001)
Iliad Freebox Revolution
AcRyan `FLUXX` Media Player
I've italicized the ones that I know are Android... nothing else on the list is in the family. The Sony devices are listed as CE4100, but the CE4100 doesn't have HDMI input. I suspect they are either CE4130's or CE4150's, and more likely they are CE4150's so that their graphical capabilities are on par with the Revue.
I'm also having problems tracking down any white paper or other information regarding how the CE4100's implement their boot security. Presumably the devices themselves have a public key on them (on the SoC), and then they authenticate the signatures on what boot code they find. If the public key is stored in some flashable region of the device, we might be able to replace it with another key to match our private (and then publicized) key. Resigning all the code thereafter with our new private key. If it is in an ASIC or on-die, that would suggest that the public/private keys are produced for a vendor (in our case Logitech) for each production run... that sounds expensive. Maybe it is a key available with the SDK, in which case if we got the SDK, we might be able to recompile or sign our own code. Lastly, maybe it is a hashing system, whereby each vendor has their own key that can be authenticated with a public key stored on-die, and that key points back to a vendor. In this way, if the key is ever leaked, you would know what vendor to blame, and you might be able to implement a black-list system where the SoC rejects known compromised keys. This last approach works well for systems like BluRay and HD-DVD, but I don't know if something like the CE4100's would be able to implement a black-list... how would it receive updates?
With so few devices supporting these chips, it is unlikely that we're going to just happen upon an exploit on some other device.
edit: More up to date list of Intel SoC, doesn't change anything - http://imgtech.wikispaces.com/List+of+I ... d+products