Day: December 27, 2021

The Label Says HDMI 2.1 But That Doesn’t Mean You’ll Get It

December 27, 2021 by 48 Comments

Technology moves quickly these days as consumers continue to demand more data and more pixels. We see regular updates to standards for USB and RAM continually coming down the pipeline as the quest for greater performance goes on.

HDMI 2.1 is the latest version of the popular audio-visual interface, and promises a raft of new features and greater performance than preceding versions of the standard. As it turns out, though, buying a new monitor or TV with an HDMI 2.1 logo on the box doesn’t mean you’ll get any of those new features, as discovered by TFT Central.

Continue reading “The Label Says HDMI 2.1 But That Doesn’t Mean You’ll Get It”

First Hacks: The Brand New Nokia 5G Gateway Router

December 27, 2021 by 28 Comments

Aside from being the focus of a series of bizarre conspiracy theories, 5G cellular networks offer the promise of ultra-fast Internet access anywhere within their range. To that end there are a new breed of devices designed to provide home broadband using 5G as a backhaul. It’s one of these, a Nokia Fastmile, that [Eddie Zhang] received, and he’s found it to be an interesting teardown and investigation. Spoiler: it runs Android and has exploitable bugs.

A privilege escalation bug in the web administration tool led to gaining the ability to export and modify configuration files, but sadly though a telnet prompt can be opened it’s not much use without the password. Uncovering some blocked-off ports on the base of the unit revealed a USB-C port, which was found to connect to an Android device. Via ADB a shell could be opened on Android, but on furtherĀ  investigation it was found that the Fastmile is not a single device but two separate ones. Inside is a PCB with an Android 5G phone to handle the connection, and another with a completely separate home router.

With access to the Android side and a login prompt on the router side that was as far as he was prepared to go without risking bricking his Fastmile. It only remained to do a teardown, which reveals the separate PCBs with their own heatsinks, and an impressive antenna array. Perhaps these devices will in time become as ubiquitous as old routers, and we’ll see them fully laid bare.

It’s a shame that we’ve had to write more about the conspiracy theories surrounding 5G than real 5G devices, but maybe we’ll see more teardowns like this one to make up for it.

Inspecting a SIM card via MTM

Diving The Depths Of Ma Bell

December 27, 2021 by 13 Comments

The modern smartphone is a marvel of sensors, radios, inputs, outputs, and processing power. In particular, some of those radios, such as WiFi and cellular, have grown fiendishly complex over the years. Even when that complexity is compressed down for the user into the one-dimensional space of the signal strength bars at the top of your phone. So when [David Burgess] was asked to look at some cellphone records of text messages and figure out where some of the more mysterious messages were coming from, it led him down a rabbit hole into the dark arts behind the glowing phone screen.

The number in question was 1111340002, sent by a phone connected to AT&T at the time, and was crucial for a legal case around distracted driving. [David’s] tools in his investigation were YateBTS (a cellular network simulator), SimTrace2 (pictured above), and old reliable Wireshark. Since the number isn’t a specific phone number and is not reachable from the public phone network, it must be a unique number inside AT&T processed by one particular AT&T SMSC (Short Message service center). The SMSC in question is in Atlanta and isn’t a typical texting center, so it must have some particular purpose. The message’s payload is raw binary rather than text, and [David] has done a pretty good job of decoding the majority of the format.

The most exciting revelation in this journey is that the phone (in the traditional sense) does not send this message. The processor on the phone does not know this message and executes no code to send it. Instead, the SIM card itself sends it. The SIM card is connected directly to the baseband processor on the phone, and the baseband polls the sim every so often, asking for any commands. One of those commands is an SMS (though many other commands have worrying consequences).

The SMS that [David] was chasing is triggered whenever a SIM detects a new IMEI, and the message lets the network know what about the previous and current IMEI. However, in the case of this message, it was unlikely that the SIM changed phones, so what happened? After some additional lab work and the deposition of an AT&T employee, [David] showed that a baseband firmware update would also trigger this SMS.

It’s a fascinating journey into the fragmented world of a smartphone’s minds and [David] does a fantastic job on the writeup. If you’re interested in sniffing wireless accessories, you will enjoy this soundbar’s wireless protocol laid bare.