33C3: Dissecting 3G/4G Phone Modems

[LaForge] and [Holger] have been hacking around on cell phones for quite a while now, and this led to them working on the open cellphone at OpenMoko and developing the OsmocomBB GSM SDR software. Now, they are turning their sights on 3G and 4G modems, mostly because they would like to use them inside their own devices, but would also like to make them accessible to the broader hacker community. In this talk at the 33rd Chaos Communications Congress (33C3), they discuss their progress in making this darkest part of the modern smartphone useful for the rest of us.

This talk isn’t about the plug-and-play usage of a modern cell-phone modem, though, it’s about reprogramming it. They pick a Qualcomm chipset because it has a useful DIAG protocol, and in particular choose the Quectel EC20 modem that’s used in the iPhone5, because it makes the DIAG stream easily available.

Our story begins with a firmware upgrade from the manufacturer. They unzipped the files, and were pleasantly surprised to find that it’s actually running Linux, undocumented and without the source code being available. Now, [LaForge] just happens to be the founder of gpl-violations.org and knows a thing or two about getting code from vendors who use Linux without following the terms and conditions. The legal story is long and convoluted, and still ongoing, but they got a lot of code from Quectel, and it looks like they’re trying to make good.

Qualcomm, on the other hand, makes the Linux kernel source code available, if not documented. (This is the source on which Quectel’s code is based.) [LaForge] took over the task of documenting it, and then developing some tools for it — there is more going on than we can cover. All of the results of their work are available on the wiki site, if you’re getting ready to dig in.

Continue reading “33C3: Dissecting 3G/4G Phone Modems”

A Field Guide to the North American Communications Tower

The need for clear and reliable communication has driven technology forward for centuries. The longer communication’s reach, the smaller the world becomes. When it comes to cell phones, seamless network coverage and low power draw are the ideals that continually spawn R&D and the eventual deployment of new equipment.

Almost all of us carry a cell phone these days. It takes a lot of infrastructure to support them, whether or not we use them as phones. The most recognizable part of that infrastructure is the communications tower. But what do you know about them?

Continue reading “A Field Guide to the North American Communications Tower”

New A4 jailbreak debacle puts the brakes on for iPad

If you’ve been waiting in the wings for the next Jailbreak to be release you should know there’s been a bit of a speed bump. [ChronicDevTeam], which has been working on an exploit for A4-based iOS devices called SHAtter,¬†tweeted last Thursday that the fully tested,¬†untethered, and unpatchable package knows as greenpois0n would be released today. But on Friday [Geohot], who you may remember from the PlayStation 3 Hypervisor exploit, rolled out his own mostly untested and admittedly beta jailbreak called limera1n.

So where does that leave the situation? Because [geohot] used a different exploit, the [ChronicDevTeam] decided not to release greenp0ison. If they did, it would give Apple a chance to block two different exploits. Instead they are working feverishly to incorporate, test, and repackage using the same exploit as limera1n.

If you don’t want to wait, jailbreak now, but you risk problems with an unstable exploit method that is only available for Windows.

[via @ChronicDevTeam]