Saw a thread on another forum from a user called 'sdeens' talking about the theoretical possibility of the above and wondered what some of you fellow df'rs thought about this.
Dont wanna take credit for another blokes theorising so have pasted below most of what he said, pretty interesting and worth a read if nothing else.
Also posted link to original thread below.
---------------------------------
SDEENS
"If they are blowing OTP registers in the CPU via these kernel udpates (e-fuses) then theoretcially: YES they can be "jumpered" with a GLITCHING daughter board solution that can glitch past the blow fuses that are disabling the HYNIX TSOP/ nand from running any custom code.
but the question is: can such a daughter boot loader board be designed and have they traced back the necessary installation solder points on mobo that are tied to the underside of the CPU-BGA?
Precident:
We used bootloader daughter boards for our physically damaged or blown satellite TV "H cards" about 10 years ago when DirecTV was blowing OTP/e-fuse registers inside the card. It was called the "Black Sunday" bootloader boards and they simply glitched past the blown e-fuse using a simple Atmel 2313 chip with custom glitching code on board. The europeans first made the discovery...STUDLOVE was the developer.
So in theory it should be possible with the addition of a 3rd party Boot-Loader daughter board that can "circumvent and spoof" the blown e-fuse via some glitching protocol tied directly to the CPU via a surface MOBO solder point that is traced out. Maybe they have NOT found such solder points after decaping the CPU BGA?
"
Link to original thread:
http://tech-modz.net/showthread.php?t=573
Social Networking Bookmarks