Theoretically I can watch boot through an on-chip debugger (OCD), and when the boot section we are interested in is requested force the code, or something. I can already mess up (cheat in games too :mrgreen:) variables real time in devices with OCD, no problem.
Or, forget all that, and just watch for the security part loading and mess that up, granting root there, and trust the MicroSD to run shell/script/whatever off of. Dump the data to the MicroSD (or MicroSD port).
This still requires ripping the device apart and finding TAPs.
Vendors that use ASIC based processors this could be an issue.
I think this could be done.
↧