Originally Posted by munky875821417
couldn't the bootloader be decrypted by just replacing the metldr file in metldr838exploit with a bootldr. Just an idea. I expect someone to just shoot me down but I would like to know why not. I know its too simple to be complicated.
That would be the idea, the metldr exploit re-loads metldr in order to exploit it. The unfortunate thing is, bootldr does not re-load like metldr does, or atleast, we don't know how.
If we can re-load bootldr, indeed we can work on exploiting it, or even dumping the lv0 metadata like math explained.