Smartphone hacking without risk – plus, broken phones needed

[Adam Outler] and [Rebellos] have been working feverishly to advance the world of mobile device hacking. They’re attacking on two fronts, making it easier for the common hacker to monkey with the phone’s firmware and OS with impunity, and by finding ways to make regular handsets into dev-hardware for low-level hacking.

The Hummingbird Interceptor Bootloader (HIBL) circumvents the chain of trust on smartphones running the Cortex-A8 family of processors. This opens a lot of doors, not the least of which is the ability to run any OS that you’re capable of porting to the hardware. We’re certain that Android builds will come first as they are open-source, but there’s talk of iOS or Windows Phone being run after some heavy assembly hacking.

But the two developers are trying to bring more people into the fold with their recent hacks. [Adam] has put out a call for your broken hardware. He needs your dead smartphone boards to reverse engineer the circuitry. Soldering one wire from the OM5 pin on the processor to the OM1 resistor will make the phones unbrickable (something we heard about back in July) and remove the need for soldering in a JTAG interface. With borked hardware in hand he pops off the processor and traces out this connection as well as the UART pins.

The soldering isn’t an easy process, but it’s a marked improvement that breaks down more barriers that keep people from hacking their coveted hardware. The clip after the break shows how easy it now is to recover your phone if something goes wrong while messing with the firmware or OS.

Comments

  1. andrew says:

    Seems a little weird that unbrickable requires a password, but cool nonetheless.

  2. Adam Outler says:

    The password is required by Linux to access the linux device with smdk-tool for which permissions are not user level by default. You can check out thw source if you like http://hummingbird-hibl.googlecode.com

  3. Precurse says:

    @andrew

    That’s the Ubuntu admin password prompt I believe.. It needs that if it needs any root-level access to certain OS features.

  4. HHH says:

    Awesome! I wish I could send a device to these guys, but my only phone isn’t a brick yet :)

  5. I am says:

    Yeah! Ubuntu-Power!

  6. Jao says:

    Pretty please, could you port Maemo? There is only 3 phones that support it, and I want more.

    Also, one thing I never understood is why companies put so much effort and money into locking down their hardware; not releasing source I can understand (fear of being copied), but why block attempts to run new software on it? The only possible outcomes are:
    1- Nothing has interest or skills to port new software
    2- Someone ports that software increasing their device capabilities for free and they sell more.

    Seriously, can someone explain me what is the upside of them locking down their hardware?

  7. Adam Outler says:

    @HHH you can do it yourself as a preventive measure!

  8. Sheldon says:

    @Mike Szczys
    You might want to change your text to Cortex-A8 (M is for eMbedded/Mcu, A is for Application – and they’ve yet to design an M8 ;-)

  9. Rebell says:

    Affirmative, we’re working on Cortex A8 S5PC110 CPU, not M8. ;)

  10. DanJ says:

    Can someone explain the hardware hack? Is it correct that modifying the “OM5″ signal somehow changes the boot sequence of the processor so that they can use a UART in the device core to communicate with some built-in bootloader?

  11. Joe says:

    Is there an address we can mail these to?

  12. RJSC says:

    I’m surprised why phone manufacturers go this far to the point where they actively take measures to prevent load of other software.
    Phones that are easy to load new firmware in and have up to date ROM images available sell like hotcakes!
    Those who don’t are only bought by people who don’t know/care how to upgrade their software and generally don’t even bother to buy a phone with an OS that supports third party applications.
    When I’m buying a smartphone, my main concern is the availability of update OS images. If their official, better, if not, third party are ok.
    Its a shame most handset manufacturers (even Android ones) go with the policy of: Want a new OS version? Buy a new Phone!

  13. xorpunk says:

    They don’t use trustzone or a decent chain of strust

  14. Jonathan Wilson says:

    Ok so the question is, which CPUs and handsets does this work on?
    Based on the mention of “Samsung” I am guessing it works only on Samsung CPUs.

  15. thelinuxone says:

    Awesome work!!! I work on phones all day I’m sure this will come in handy sometime.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 92,041 other followers