Iphone-dev Team 3G Soft Unlock Coming Soon

November 19, 2008 by Eliot 11 Comments

[vimeo 2291914]

The iphone-dev team has officially stated “all that remains is implementation“. They’ve developed all the pieces they need to perform a software unlock for the iPhone 3G, now it’s just a matter of putting them together in user friendly fashion. They’ve managed to run unsigned code on the baseband, developed custom AT tools, and are now showing injection of a background task. They will combine all of these techniques to override the carrier lock baseband code. As usual, they warn against performing any official firmware updates to the phone.

Reversing Google’s IPhone Voice Search

November 18, 2008 by Eliot 4 Comments

Google recently updated their Google Mobile App with a couple new features. Voice Search automatically starts listening when you raise the phone to your ear. Just say what you’re looking for, and it will poll Google and return the results. The app leverages Google’s voice recognition engine, which they’ve been training with Goog-411. [Andy Baio] has been experimenting with audio transcription and was curious what the new app was doing behind the scenes. He started by sniffing the packets as they traversed his network. Unfortunately, the size of the data packets transmitted is so small that he’s almost certain he’s missing something. He’d appreciate any help in this endeavor. Part of the problem might be Google getting special treatment and using undocumented iPhone SDK features.

Google Explains Android Patches

November 13, 2008 by Eliot 6 Comments

g11

Google has been trickling out info about what they’re actually fixing in the G1 firmware updates. Before RC29, users were able to bypass the phone lock using safe mode. RC29 also brought WebKit up to date, presumably patching the bug [Charlie Miller] found. RC30 takes care of root console problem. Unfortunately there are very few details as to what or how particular items were broken. This release method leaves much to be desired; having the official Android Security Announcements group be the absolute last place to get security news is asinine.

[photo: tnkgrl]

Running Debian And Android On The G1

November 11, 2008 by Eliot 6 Comments

tmobileg1

[Jay Freeman] has a rather exhaustive tutorial on how to set up a Debian environment on your T-Mobile G1. The first major issue with this is that getting root level access through telnetd is being patched. It certainly is a security issue that needs to be fixed, but a user shouldn’t have to root their own phone to begin with. While the G1 comes with some Linux tools, they’re limited. [Jay]’s goal was to create a familiar Debian environment on the phone. It takes a few tricks, but if you’re familiar with the command line, you shouldn’t have any problems. Debian already has ARM EABI support, so creating a working image isn’t a problem. The image file is stored on the SD card and mounted using the loopback device. The G1’s kernel has module support turned on, so [Jay] created an ext2 and unionfs kernel modules. [Benno Leslie]’s Android version of busybox is used to perform the actual mounting. Once mounted, you just need to chroot into the environment to start playing with native Linux apps. [Jay] takes this a step further by using unionfs to make the Android and Debian environments share the same root. This is really a great how-to and it’s nice to know that modules can be added to the kernel.

[photo: tnkgrl]

[via Hackszine]

Android Executes Everything You Type

November 9, 2008 by Eliot 11 Comments

This is one of the more bizarre bugs we’ve ever heard. The T-Mobile G1 has an open root shell that interprets everything you type as a command. It was discovered when a user just happened to type the word ‘reboot’ in a conversation and the phone immediately rebooted. A patch has already been rolled out to fix this issue. It also buttons up the earlier telnetd SUID problem.

[photo: tnkgrl]

Getting Root On The G1

November 5, 2008 by Eliot 27 Comments

If you’ve been holding off on a T-Mobile G1 purchase because you didn’t like the apparent user restrictions, there’s some good news. The Android powered phone comes with an easy button for getting root. Install a terminal app and you can manually start the telnetd service. All that’s left is telenetting into the device and it’ll give you root level access.

Smart Phone Hacking Roundup

October 26, 2008 by Eliot 11 Comments

[vimeo 2049219]

T-Mobile’s G1 was released last week and there has been at least one Android vulnerability announced already. The New York Times reported on research done by [Charlie Miller], who also helped find one of the first iPhone bugs, so we think the report is fairly credible. Last year, we saw him deliver a seminar on real world fuzzing at ToorCon 9. It covered exactly how they found the iPhone bug.

If you just want to use a G1 without service, you can activate it with any T-Mobile SIM card.

Above is Boing Boing Gadgets’ concise video review of Griffin AirCurve. It’s garbage. We first talked about it in our loaded horn post because it looked like something fun to redesign.

The iphone-dev team published a video today showing access to the iPhone’s baseband processor. They connect to the device over ssh and then use minicom to issue AT commands. They’re writing custom AT commands for full control.