Dissecting a firmware image

dissecting-a-firmware-image

[Leland Flynn] did a great job of picking apart the firmware image for a Westell 9100EM FiOS router. Unfortunately he didn’t actually find the information he was looking for. But he’s not quite done poking around yet either. If you have never tried to make sense of an embedded Linux firmware image this serves as a great beginner’s example of how it’s done.

He was turned on to the project after port scanning his external IP and finding a random login prompt which he certainly didn’t set up. Some searching led him to believe this is some kind of back door for Verizon to push automatic firmware updates to his router. He figured why not see if he could yank the credentials and poke around inside of the machine?

He started by downloading the latest firmware upgrade. Running ‘hexdump’ and ‘strings’ gives him confirmation that the image is based on Linux. He’s then able to pick apart the package, getting at just the filesystem portion. His persistence takes him through extracting and decompressing three different filesystems. Even though he now has access to all of those files, broken symlinks meant a dead-end on his login search.

Unlocking Verizon Galaxy Note II and Galaxy S3

galaxy-note-II-verizon-unlock

[Adam Outler] and friends have been hard at work unlocking the bootloader of some Verizon Android devices. His most recent adventure involves unlocking the Verizon branded Samsung Galaxy Note II.

You can’t run Cyanogenmod on a device that has a locked bootloader. This is presumably why it took no time at all for the XDA forum users with Verizon phones to raise enough money to put one of these puppies in [Adam's] hands. He walks through the process he used to find the exploit in the video after the break. We’re not experts on the process, but apparently the .pit file used when flashing Odin is the entry point for the exploit. A bit of code has been injected into it which provides an opening to flash a replacement bootloader.

We mentioned the Galaxy S3 in the title. Apparently that has been unlocked as well but with one big hang-up. An over-the-air update could possibly brick the S3. To avoid this issue with the Galaxy Note II the original bootloader is patched and reflashed as part of the exploit.

[Read more...]

Use Droid Bionic as a mobile hotspot without paying extra

Apparently Verizon customers are expected to pay for a second data plan if they want to be allowed to use a cellphone as a mobile hotspot. This means one data plan for the phone, and a second for the tethering. [DroidBionicRoot] thinks this is a little silly since there is already a data cap on the phone’s plan. But he’s found a way around it if you don’t mind rooting the phone to enable free tethering.

Not surprisingly it’s a very simple alteration. The phone is already capable of tethering, to enable the feature without Verizon’s permission just edit one database value. In the video after the break, [DroidBionicRoot] starts the process with a rooted Droid Bionic handset. He purchases an app for $2.99 which allows him to edit SQL databases on the handset. From there he navigates to the ‘Settings Storage’ database and changes the ‘entitlement_check’ key value to 0. Reboot the phone and tethering is now unlocked.

[Read more...]

WiFi on a Sprint Pixi

The Sprint version of the Palm Pixi doesn’t have a WiFi option but the Verizon version (called the Palm Pixi Plus) does. The hardware is almost the same and [Gitit20] figured out how to do some hardware swapping to add WiFi. The radio board inside the phone is fairly easy to remove. Close inspection of the Sprint radio board shows some solder pads where a WiFi chip would go. The Verizon version has this chip, and moving that radio board into the Sprint phone will enable WiFi. This is strictly a hardware hack as the device identification (IMEA) is paired with the motherboard and not the radio board.

Now we want to see someone source that WiFi chip, solder onto the board, and enable it within the OS so that we don’t need a donor phone to make this work.

[Thanks Juan]

Verizon users shout “I am root!”

Droid has been rooted. It was only a matter of time but we do like to celebrate this sort of thing. Why? Because if you pay for it you should own it. This will probably spark a flame war about licensing agreements and such in the comments but answer this: if it breaks, who pays to fix it? If you’re the one paying for it, you should be able to do what you want with it.

The process seems simple. Copy the magic file onto your SD card and go through the firmware upgrade process. Just make sure you know what you’re doing so that you don’t brick this sexy device.

[via Gizmodo]

Vaio P HSDPA mod

sim

[tnkgrl] has concluded her Sony Vaio P by adding GSM support. We covered the switch to XP earlier, but this should work on Vista too. The Vaio P is sold in the US with support for Verizon’s EVDO wireless broadband, but it uses the same hardware as the European model that uses GSM. This is possible because of the the Qualcomm Gobi radio module. To get GSM support, you trick the VZAccess Manager into loading a different firmware than the stock EVDO. The difficult part is that the Vaio P doesn’t come with a SIM card slot, so you’ll have to solder in your own. When you’ve got the computer reassembled, just change VZAccess Manager to use your carrier.

UPDATE: Wired has an article on the Gobi chipset.

ToorCon 9: CDMA unlocking and modification


[Alexander Lash] gave a short overview of what you need to unlock a CDMA phone. He strongly recommended Howard Forums for finding most of the info you need. You’ll probably need BitPim and the Qualcomm PST (product support tools). Using the PST you can flash your new carrier’s firmware and then activate the phone on their network.

Verizon offers two ways to get unlimited EVDO data. $59 for a data plan or $15 for VCast. You’re not supposed to be able to use your VCast phone as an EVDO modem and it sends a different network access identifier (NAI) if you tether the phone. Using the PST you can change the NAI and use the cheaper VCast plan for data access. Here is a forum post detailing the process.

Follow

Get every new post delivered to your Inbox.

Join 96,742 other followers