Hologram.io Offers Developers Free Cell Data

If you’ve been thinking of adding cellular connectivity to a build, here’s a way to try out a new service for free. Hologram.io has just announced a Developer Plan that will give you 1 megabyte of cellular data per month. The company also offers hardware to use with the SIM, but they bill themselves as hardware agnostic. Hologram is about providing a SIM card and the API necessary to use it with the hardware of your choice: any 2G, 3G, 4G, or LTE devices will work with the service.

At 1 MB/month it’s obvious that this is aimed at the burgeoning ranks of Internet of Things developers. If you’re sipping data from a sensor and phoning it home, this will connect you in 200 countries over about 600 networks. We tried to nail them down on exactly which networks but they didn’t take the bait. Apparently any major network in the US should be available through the plan. And they’ve assured us that since this program is aimed at developers, they’re more than happy to field your questions as to which areas you will have service for your specific application.

The catch? The first taste is always free. For additional SIM cards, you’ll have to pay their normal rates. But it’s hard to argue with one free megabyte of cell data every month.

Hologram originally started with a successful Kickstarter campaign under the name Konekt Dash but has since been rebranded while sticking to their cellular-connectivity mission. We always like getting free stuff — like the developer program announced today — but it’s also interesting to see that Hologram is keeping up with the times and has LTE networks available in their service, for which you’ll need an LTE radio of course.

eMMC to SD Hack Rescues Data from a Waterlogged Phone

How do I get the data off this destroyed phone? It’s a question many of us have had to ponder – either ourselves or for friends or family. The easy answer is either spend a mint for a recovery service or consider it lost forever.  [Trochilidae] didn’t accept either of those options, so he broke out the soldering iron and rescued his own data.

A moment’s inattention with a child near a paddling pool left [Trochilidae’s] coworker’s wife with a waterlogged, dead phone. She immediately took apart the phone and attempted to dry it out, but it was too late. The phone was a goner. It also had four months of photos and other priceless data on it. [Trochilidae] was brought in to try to recover the data.

The phone was dead, but chances are the data stored within it was fine. Most devices built in the last few years use eMMC flash devices as their secondary storage. eMMC stands for Embedded Multimedia Card. What it means is that the device not only holds the flash memory array, it also contains a flash controller which handles wear leveling, flash writing, and host interface. The controller can be configured to respond exactly like a standard SD card.

The hard part is getting a tiny 153 ball BGA package to fit into an SD card slot.  [Trochilidae] accomplished that by cutting open a microSD to SD adapter. He then carefully soldered the balls from the eMMC to the pins of the adapter. Thin gauge wire, a fine tip iron, and a microscope are essentials here. Once the physical connections were made,  [Trochilidae] plugged the card into his Linux machine. The card was recognized, and he managed to pull all the data off with a single dd command.

[Trochilidae] doesn’t say what happened after the data was copied, but we’re guessing he analyzed the dump to determine the filesystem, then mounted it as a drive. The end result was a ton of recovered photos and a very happy coworker.

If you like crazy soldering exploits, check out this PSP reverse engineering hack, where every pin of a BGA was soldered to magnet wire.

LTE IMSI Catcher

GSM IMSI catchers preyed on a cryptographic misstep in the GSM protocol. But we have LTE now, why worry? No one has an LTE IMSI catcher, right? Wrong. [Domi] is here with a software-defined base transceiver station that will catch your IMSI faster than you can say “stingray” (YouTube video, embedded below).

First of all, what is an IMSI? IMSI stands for International Mobile Subscriber Identity. If an IMEI (International Mobile Equipment Identity) is your license plate, your IMSI would be your driver’s license. The IMEI is specific to the phone. Your IMSI is used to identify you, allowing phone companies to verify your origin country and mobile network subscription.

Now, with terminology in tow, how does [Domi] steal your IMSI? Four words: Tracking Area Update Request. When a phone on an LTE network received a tracking area request, the LTE protocol mandates that the phone deletes all of its authentication information before it can reconnect to a base station. With authentication out of the way [Domi] spoofs a tower, waits for phones to connect, requests the phone’s IMSI and then rejects the phones authentication request, all under the nose of the phone’s user.

Now, before you don your tinfoil hat, allow us to suggest something more effective. Need more cell phone related hacks? We’ve got your back.

Continue reading “LTE IMSI Catcher”

Hackaday Prize Entry: A Femtocell Repeater

For a Hackaday Prize entry, [TegwynTwmffat] is building a cell phone signal repeater. This sort of device is commercially available, but the options are either expensive or, as with some units available for $30 on DealExtreme, obviously noncompliant with RF regulations. This project intends to create a cost-effective, hackable device that works properly and conforms to the right regulations.

The core of this system is a LimeSDR transceiver. This is a board we’ve seen before, and it has a few interesting features. Basically, the core of the LimeSDR is a programmable RF transceiver with coverage from 100kHz to 3.8GHz. There’s also on-chip signal processing and USB 3.0 bandwidth to get the signals to and from a computer.

Right now, [TegwynTwmffat]’s focus is getting his LimeSDR up and working and figuring out how to set up a few radio blocks to do what is needed. There’s a great update to the project that showcases Pothos, and so far [Tegwyn] has a full-duplex repeater working. This is great work, and really showcases the capabilities of what software-defined radio can do.

Tearing Down the Boss Phone

Poke around enough on AliExpress, Alibaba, and especially Taobao—the Chinese facing site that’s increasingly being used by Westerners to find hard to source parts—and you’ll come across some interesting things. The Long-CZ J8 is one of those, it’s 2.67 inch long and weighs just 0.63 ounces, and it’s built in the form factor of a Bluetooth headset.

A couple of months ago Cory Doctorow highlighted this tiny phone, he’d picked up on it because of the marketing. The lozenge-shaped phone was being explicitly marketed that it could “beat the boss”. The boss in question here being the B.O.S.S chair—a scanning technology that has been widely deployed across prisons in the U.K. in an attempt to put a halt to smuggling of mobile phones to inmates.

The Long-CZ J8 is just 2.67 inch (6.8cm) long.

I wasn’t particularly interested in whether it could make it through a body scanner, or the built-in voice changer which was another clue as to the target market for the phone. However just the size of the thing was intriguing enough that I thought I’d pick one up and take a look inside. So I ordered one from Amazon.

Continue reading “Tearing Down the Boss Phone”

Linger Keeps You Around After You’ve Gone

We’re not sure if this is art, anti-snooping guerilla warfare, or just a cheeky hack, but we do know that we like it! [Jasper van Loenen]’s Linger keeps the SSIDs that your cell phone (for example) spits out whenever it’s not connected to a WiFi network, and replays them after you’re gone.

Some retail stores and other shady characters use MAC addresses and/or the unique collection of SSIDs that your phone submits in probe requests to fingerprint you and track your movement, either through their particular store or across stores that share a tracking provider. Did you know that you were buying into this when you enabled “location services”? Did the tracking firms ask you if that was ok? Of course not. What are you going to do about it?

Linger replays the probe requests of people who have already moved on, making it appear to these systems as if nobody ever leaves. Under the hood, it’s a Raspberry Pi Zero, two WiFi dongles, and some simple Python software that stores probe requests in a database. There’s also a seven-segment display to indicate how many different probe-request profiles Linger has seen. We’re not sure the price point on this device is quite down to “throwie” level, but we’d love to see some of these installed in the local mall.  Continue reading “Linger Keeps You Around After You’ve Gone”

Upgrading RAM on a Nexus 5X

A screenshot of the status screen indicating the phone has detected the extended RAM.

A denizen of the venerable XDA forums reports that it is possible to upgrade the RAM of the Nexus 5X from 2GB to 4GB.  Having suffered the dreaded bootloop, [Cathair2906] decided to send their phone off to China for repair. The technician advised that since reflow of the CPU was necessary anyway, it makes sense to upgrade the RAM as well. This is due to the RAM actually being fitted directly on top of the CPU, a method amusingly known as Package on Package (SFW).

Upgrading RAM in the average computer is a relatively trivial task. Pop the case open, and you slide the new sticks into the extra slots. It’s not the same case for smartphones and tablets — in the endless quest for the slimmest form factor, all parts are permanently soldered. In addition, every device is essentially bespoke hardware; there’s no single overarching hardware standard for RAM in portable devices. You could find yourself searching high and low for the right chips, and if you do track them down, the minimum order quantity may very well be in the thousands.

Unless, of course, you had access to the Shenzhen markets where it’s possible to buy sample quantities of almost anything. Given access to the right parts, and the ability to solder BGA packages, it’s a simple enough job to swap a bigger RAM chip on top of the CPU during the repair.

It’s the sort of thing that’s trivial in Shenzhen, and almost mind-bogglingly impossible in the West. The price of the repair? About $60 USD. [Cathair2906] was even nice enough to share the address of the shop that did the work.

We’ve seen similar antics before – like this Nexus 5 storage upgrade to 64GB.

[via XDA Developers, thanks to Jack for the tip!]