There are numerous examples of hardware which has latent features waiting to be unlocked by software. Most recently, we saw a Casio calculator which has the same features as its bigger sibling hidden within the firmware, only to be exposed by a buffer overflow bug (or the lead from a pencil if you prefer a hardware hack).
More famously, oscilloscopes have been notorious for having crippled features. The Rigol DS1052E was hugely popular on hacker benches because of it’s very approachable price tag. The model shipped with 50 MHz bandwidth but it was discovered that a simple hack turned it into the DS1102E 100 MHz scope. Tektronix has gotten in on this action as well, shipping modules like I2C, CAN, and LIN analyzation on the scope but requiring a hardware key to unlock (these were discovered to have a horribly insecure unlock method). Similar feature barriers are found on Rigol’s new reigning entry-level scope, the DS1054Z, which ships with protocol analyzation modules (among others) that are enabled only for the first 70 hours of scope operation, requiring an additional payment to unlock them. Most scope manufacturers are in on the game, and of course this is not limited to our tools. WiFi routers are another great example of hardware hosting firmware-unlockable features.
So, the question on my mind which I’d like to ask all of the Hackaday community is this: are unlockable features good for us, the people who use these tools? Let’s take a look at some of the background of these practices and then jump into a discussion in the comments.
Continue reading “Ask Hackaday: Are Unlockable Features Good for the User?”
Who doesn’t like the user interface in the movie Minority Report where [Tom Cruise] manipulates a giant computer screen by just waving his hands in front of it? [AdhamN] wanted to unlock his door with hand gestures. While it isn’t as seamless as [Tom’s] Hollywood interface, it manages to do the job. You just have to hold on to your smartphone while you gesture.
The project uses an Arduino and a servo motor to move a bolt back and forth. The gesture part requires a 1sheeld board. This is a board that interfaces to a phone and allows you to use its capabilities (in this case, the accelerometer) from your Arduino program.
The rest should be obvious. The 1sheeld reads the accelerometer data and when it sees the right gesture, it operates the servo. It would be interesting to do this with a smart watch, which would perhaps look a little less obvious.
We covered the 1sheeld board awhile back. Of course, you could also use NFC or some other sensor technology to trigger the mechanism. You can find a video that describes the 1sheeld below.
Continue reading “Hand Waving Unlocks Door”
The elevator at [Alex]’s office building has some quirks which make it very inconvenient to everyone in the building. The major problem was that the doors of the elevator at each floor stay locked until someone walks down the hall to hit a button. Obviously this was a hassle, so [Alex] built a controller that can remotely call and unlock the elevator. (Part 2 of the project is located on a separate page.)
The first step was to source the hardware and figure out exactly how the controls for the elevator worked. [Alex] decided to use an Electric Imp for this project, and after getting it connected to the Internet, he realized that he could power it directly off of the elevator’s 10V supply. From there, he used relays to interface the Electric Imp with the “elevator call” and “elevator unlock” buttons inside the elevator’s control panel.
Once the hardware side was completed, it was time to move on to the software side. [Alex] wrote a mobile app for a user interface that can be accessed from anywhere, and also wrote the code for the Electric Imp agent and the code that runs on the Electric Imp itself. Now, a simple tap of a button on a mobile device is enough to call the elevator or unlock it, rather than in the past where someone had to run down a hall to hit the button.
We hope there is some security on the mobile app, otherwise anyone in the world will be able to call the elevator and turn it into a passenger-less useless machine!
[Adam Outler] and friends have been hard at work unlocking the bootloader of some Verizon Android devices. His most recent adventure involves unlocking the Verizon branded Samsung Galaxy Note II.
You can’t run Cyanogenmod on a device that has a locked bootloader. This is presumably why it took no time at all for the XDA forum users with Verizon phones to raise enough money to put one of these puppies in [Adam’s] hands. He walks through the process he used to find the exploit in the video after the break. We’re not experts on the process, but apparently the .pit file used when flashing Odin is the entry point for the exploit. A bit of code has been injected into it which provides an opening to flash a replacement bootloader.
We mentioned the Galaxy S3 in the title. Apparently that has been unlocked as well but with one big hang-up. An over-the-air update could possibly brick the S3. To avoid this issue with the Galaxy Note II the original bootloader is patched and reflashed as part of the exploit.
Continue reading “Unlocking Verizon Galaxy Note II and Galaxy S3”
Sony Ericsson recently added a new section to their developer world portal called Unlocking the boot loader. They provide all the information and tools needed to root some of their newer Android phones.
Of course, this information comes from Sony Ericsson dripping with warnings, disclaimers and warranty-voiding rhetoric. Once you’ve waded through all of that, you’ll have to enter your phone’s IMEI number, your name and email address in order to get your phone’s unique bootloader unlock key. Here’s hoping they don’t use the form information to instantly void warranties.
Unlocking doesn’t come without consequences, but from UI tweaks and performance improvements to custom apps and tethering, there are probably more reasons to unlock your Android device than there are reasons to leave it alone. In an age where people are making a fuss about companies adding stumbling blocks for would-be jailbreakers, it’s good to see that at least one of them is doing what they can to help hackers take the plunge. Anyone want to clear up why Sony Ericsson feels like supporting hackers but Sony sues people for doing similar things on the ps3?
Thanks to [flip] | remixed image credit (cc by-sa 2.0): [email@example.com]
The g2 has finally been rooted. Even though a temporary root exploit was found shortly after the phones release, a NAND lock prevented modifying the non-volatile RAM for a permanent root. Some controversy surrounded the g2 when it was erroneously thought to have a rootkit protecting the OS. Supposedly the rootkit would watch for changes to the file system and then reset the phone to default settings when any unauthorized changes were made. On the other hand a NAND lock functions by fooling the operating system into thinking there isn’t any memory available, essentially “locking” the memory in key areas. Once it was discovered to have the NAND lock it was only a matter of time before the g2 was permanently rooted. NAND locks have become a popular (and unsuccessful) deterrent employed by device makers to stop the jailbreaking comunity. While this exploit is nothing groundbreaking it is another notch in the belt for the jailbreaking community and a welcome benefit to g2 users.
The iPhone dev-team has released an updated version of PwnageTool. It supports jailbreaking iPhones using the 3.0 firmware. This update does not include the much easier to use QuickPwn, but it should be coming soon. The release also doesn’t include the UltraSn0w unlock which will be coming via Cydia.