[Update: Hoax] Motorola Sholes’s Bootloader Key Leaked By Developer; Custom ROMs to Follow?


[Update]: A quick update to let you folks know that this was a hoax to begin with. P3Droid – a developer who I mentioned earlier – had nothing to do with the shenanigans. I was given misinformation on the subject matter and have since attempted to correct the errors. (Due to extenuating circumstances and a lack of cooperation on WordPress’s part, my changes were never saved.)

I’d like to extend a sincere apology to P3Droid, all of his fans, and all of the folks in the DROID community who fell for this plot just as we did. We also apologize for taking so long to get this corrected – please believe me when I say it’s not because we didn’t care. We have been very busy with CTIA and all sorts of stuff and just haven’t had time to address the issue.

I hope P3Droid and the development community accepts this apology. Let me be clear that Phandroid is NOT the party who created this hoax. We simply reported on it. (That was before we knew it was a hoax, of course.) We won’t be so quick to pull the trigger on stories like this in the future.

And I take full responsibility for the misinformation as I had no time to actually research the issue when I was notified of the supposed breakthrough. (Again, I was getting ready to travel for CTIA and literally only had about 10 minutes to get the post up.) I’m sorry this took so long but better late than never, right? I just hope it isn’t too late. -Quentyn

Quentyn Kennemer
The "Google Phone" sounded too awesome to pass up, so I bought a G1. The rest is history. And yes, I know my name isn't Wilson.

AT&T Buys T-Mobile (And Why It’s Bad)

Previous article

Official: Nexus S 4G Announced for Spring Release on Sprint at $199 On-Contract

Next article

You may also like


  1. Awesome! Eat it Motorola.

  2. Welcome, but not surprising. The Dev community will. always. win.


  3. Awesome! Hopefully this doesn’t delay the launch of the Bionic though, while Moto tries to figure out how to re-lock the bootloader.


  5. oh sweet thats fantastic.. been waiting for that!!

  6. Lesson number 1 for moto: you cannot lock us out, you can delay us, but you cannot lock us out

  7. Wowwawia. This is surprising. Somebody at Motorola is probably going to get fired. No way Motorola can win in court, this is their fault.

  8. Don’t forget @nenolod! He seems to be doing the heavy lifting.

  9. @Ace

    Whether or not Motorola can win will depend on how the deal with Sony plays out in court. If Sony wins, Motorola can win.

  10. Very good news indeed.

  11. “and he had no other choice but to publish what he was able to do” Seriously? Was his life being threatened? His family? He had lots of other choices.

  12. Check your facts:
    * The key is for the Milestone, not Droid X
    * nenolod discovered the keys through a ton of analysis
    * P3Droid and the FreeMyMoto team are working hard to get a custom recovery going as soon as possible
    * We don’t know if the key works on the Droid X, but if it turns out the key is rejected when they try to load up a custom recovery, the real key should be revealed

  13. This is why big companies with sudden success like Motorola with its droid one money-making-machine are not about to last for a long time period on top of their throne. PSDroid has informed Moto about his knowledge already last year. They could have react to this information immediately. Now that it is too late, they start a legal-attack! WEAK!

    I hope so much, that Motorola lose their face for ever and ever!

  14. Of course Moto didn’t comment. You never respond to information about a security vulnerability. If you do, you acknowledge the vulnerability. If you say, “No, it’s not” in some cases, and other times are silent, people can interpret silence to mean “gotcha!”. So you don’t change how you do things. You always say nothing. Legal gets involved if any proprietary information gets published. It may be that the key is valid, it may be that legal is going to issue a C&D in any case, for the same reason as before.

  15. It wasn’t P3Droid who found it, it was nenolod (@nenolod on twitter).

  16. Hi, I helped with this project (and am still helping). P3Droid, even though I love the guy, had NOTHING to do with this. @cenolod deserves all the credit for this exploit. It was all him. Now, he has given all his code to freemymoto, who have shared this info with me, koush, cvpcs, P3Droid, and a few others who were in the IRC when we were going over our plan of attack. Phandroid, I love you, but you have never posted suck a wrong article!
    Oh, and @Trong: This is working on the Droid X, aliasxerog has it implemented with some success. We need koush before the recovery is finished, and to my knowledge he has not yet responded.

  17. Wow, just wow! What a shitty article!

  18. Excelent!!

  19. @11 you make it sound like this is a bad thing…

  20. Even if the devs do eventually unlock the bootloader, we should ask as a community whether we want to support a company that does this to us. Samsung for example has crappy support too – delayed updates. However, at the very least, it leaves its phones relatively easy for the devs to modify. Motorola on the other hand …

  21. w00pity fawkin d00… this phone is deprecated anyways… next…

  22. harder to crack = better phone.

  23. Samsung phones suck, I don’t care if they are easier to crack.

  24. Of course we should support them. Not much else to buy on Verizon.

  25. @Trong check your facts
    This is not only for the Milestone, its for the entire Motorola SHOLES platform on which the Droid X is a part of via the OMAP chip in it. p3Droid. The method works on the Droid X, its all over twitter already

  26. Here’s the keys, grab them while they’re hot:

    7e 21 a8 37 64 12 75 a3 47 13 54 42 12 48 58 12 71 a4 5e 41 a7 64 72 34 2a 6f e2 0a 97 8f <== sholes private key

    97 6a 21 7a 67 41 37 9f 26 53 4a 61 7f 2a 86 ae ff 71 21 78 2e 61 4f 71 90 3e 00 27 fe 9b <== initialization vector

    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 <== nonce (e)

  27. @JrzDroid I stand by what I said. The keys that nenolod posted are for the Milestone and they are not the full keys. The important part is that he gave us the formula to generate more keys so we can sign off on SBF files.

    It is not confirmed working yet. As far as Twitter is concerned, a few have claimed that it doesn’t work and the keys generated are incorrect. Others have generated keys and will be signing some SBFs soon.

  28. This story is breaking like a whirlwind and information is evolving as the night goes on. We’re getting info out as it comes available. If you read up to the minute tweets about it, some credible devs are saying it’s true and others are saying they’ll believe it when they see it. Please be patient. Phandroid will gladly make any corrections to the story and give credit to whom credit is due.

    Meanwhile, Motorola owners (I count myself as one): Enjoy the ride! :)

  29. so what exactly will an unlocked bootloader allow us to do? i know we can already do custom roms, to an extent, but what other freedoms do we get?

  30. Free the Atrix!!!

  31. Yay! Maybe soon I’ll be able to get my wife’s X working the way it should!

  32. If this comes to the Atrix, I shall be getting one as soon as it comes out over here! :D Exciting Monday news is exciting!

  33. wonder what, if anything, would become of all this effort if google were to release a nexus phone that were as good as the droid x: as fast, same size screen, hdmi out, and so forth.
    oh, and on a better network than sprint.
    just wondering.

  34. @18: Harder to crack = harder to customize. Got nothing to do with how “good” or “bad” a phone is.

  35. Guys. I’m afraid the story and keys are fake. nenolod is rambling random hype words and trolling for attention, and it’s not the first time he’s done it.

    If you want to know more read here. http://milestone.bekaakut.de/index.php?date=2011-03-21

    Sorry. And phandroid…… please… =/ get this story fixed

  36. Ooo eee ooo aahh aahh ting tang walla walla bing bang

  37. Silence on Phandroid so far today = Gearing up for CTIA.

    Bring on the news!

  38. Meh, CITA, Richard should have already prematurely ejaculated several times now, and buying up all the lotion he can get at this stage in the game. All for sprint to release a phone that will come out and be second best. Wow

  39. YEAH!!!! :D

  40. YEay…. now we can finally get some good fatal viruses for our phones… “eat it motorola” you get to sell us new phones when ours brick.

  41. Hackers will always win the war. Instead of working against us they need to work with us and quit fighting us. Its a never ending battle that we will never lose. When will they learn? Lol.

  42. Apparently this is a farce. At least that is what XDA is saying and it looks like Kush has tweeted that as well.

  43. Phandroid,

    Please remove my name from this farce, I had no part in this other than joing the irc for information in regards to the methods used. I did retweet what had been retweeted previously.

    It would also be best to issue a retraction/apology at the end of this story as an addendum.

  44. ummm, this article talks about the Moto Droid1 which is and always was unlocked.

  45. This was a real big journalistic failure! So many blogs, so many news sites just took one unknown guys tweets for real… I hope you will learn your lesson for the future! Basic rule: check the sources…

    This is an excerpt from irc with the so called “hacker” nenolod (posted here: http://www.android-hilfe.de/android-allgemein/88537-milestone-key-leaked-17.html)

    i think the bootloader signature verification is still worth looking into, even if my guess of what was going on was false
    [21:07] because that made motorola jump in a way i have never seen them jump before
    [21:09] nenolod: it’s more than just a “guess” no?
    [21:09] MimeNarrator: an educated guess, but it was a guess, and it was an incorrect guess.
    [21:16] Can we hack it with nenolod methode?
    [21:16] no
    [21:16] there is no nenolod method .. i think …
    [21:16] it isn’t working for any device
    [21:16] correct
    [21:49] yfrog.com/h2l8spp
    [21:50] jpullen: lul
    [21:50] jpullen: 100% true, all true
    [21:50] just like cvpcs saying CM7 coming to droid x in 15 seconds
    [21:50] ;)
    [21:50] Amazing how it gets your hopes up when you hear the boot is going to be unlocked. I was really having a good day untill now.
    [21:51] moral: pestering people results in massive trollage
    [21:51] jpullen: actually, the reaction i want is for people to boycott motorola and htc until they push software freedom
    [21:52] nenolod their are better ways to accomplish that goal
    [21:52] for shure
    [21:52] jpullen: oh yes, i agree
    [21:52] jpullen: in this case though i wanted some people who were bothering me to fuck off :P
    [21:52] jpullen: except it got blown all out of hand

  46. My personal apologies for tipping this to Phandroid and including P3droid in my tip. I misread the entire thing and feel bad for being a conduit of this farse.

    P3 is one of the finest android dev’s with integrity and skill and would never do anything to encourage a hoax. Sorry, friend.



  47. Phandroid either needs to grow up and start acting like journalists and making some effort at verifying and understanding what they post, or readers, including those who are misquoted have to accept that this is just a blog that reposts things they see elsewhere and don’t understand nor care to understand the details and meanings; they’re just electronic parrots. It has to be one or the other, no half measures. So what’s it to be?

  48. Who writes these bullshit articles? NONE of this info is correct.

    1. Nenolod not P3droid.
    2. FreeMyMoto not FreeMyDroid
    3. We have roms that remove motoblur.
    4. The hoax was about all sholes phones (DroidX/Droid2/etc) not “Motorola Droid”

    C’mon phandroid get your shit together. This is why I left this site.

  49. Really now, take P3droid’s name off of here and appologize already. The story is bogus and P3 didn’t start it. Many of us enthusiastic Android followers retweeted the info, but place the credit(and blame) where it is due.


  51. This will be my last visit to this site until it’s tweeted that the article has been corrected.

  52. Hmm, I don’t agree with you… Phandroid is an interesting blog and usually it’s quite a good place for Android stuff.
    There was a lesson to learn and this is a lesson for a brought range of web sites, from xda to Phandroid.
    Don’t blame him too much and keep polite. This is not a commercial site!
    Despite his credulity in this case, he is doing a great job.

  53. Not cool guys – check your sources. You’ve lost your edge. I’m out and not coming back.

  54. I was a bit upset right away. Not that you took the bait and posted the story. I was fooled just as you were. It actually looked good. I was upset in part(albeit small) that you credited the info to the wrong person, but hey, mistakes happen. I was really upset when it appeared that Phandroid wasn’t doing anything to correct the miscredit. However, I’m glad that you’ve made the appropriate corrections. I understand that CTIA was going on, and I wouldn’t expect you to NOT be busy with it! That, along with the fact that mistakes do get made as you are human just as any of us(besides the Androids of course), and your correction/apology have made things right with me(Although I am just a Android fan and not involved).

    I wish all the sites/blogs weren’t in such a race to be “first!” to release a story, though. I know there isn’t much you can do about it now, however. The readers demand instant gratification nowadays. Unfortunately, I have seen too many mistakes such as these due to sites trying to push fast info rather than good info. I know there were other circumstances in this case(kind of), but just using it to make a point! It’s not just this site, but literally every top Android site. Really, everyone seems to be more interested in getting the publicity that comes with breaking a story first, rather than getting a story right. I like my info fast just like the next guy or gal, but I wouldn’t mind waiting an hour or so to know the info I was reading was reputable. Many people will agree with me, but some of those same people will be bearing pitchforks and torches the first time an article isn’t posted in light speed. Again, it’s what the readers demand tho. If you delay on pulling the trigger with a story, they will go to one of the dozens of other Android sites. Anyway, just making an observation I guess. Too many times have I seen bad info passed along just so sites can be the one to “have the scoop”. And we all have seen how it spreads like wildfire once it’s out….

    But yea, glad ya made the correct redaction and set everything straight. All is forgiven in my book.

Leave a reply

Your email address will not be published. Required fields are marked *

More in Handsets