Cellphone Hacks

537 Articles

Automatic JTAG Pinout Detection

September 29, 2007 by 11 Comments

Figuring out the JTAG pinout on a device turns out to be the most time consuming hardware portion of many hacks. [hunz] started a project called JTAG Finder to automatically detect the JTAG pinouts on arbitrary devices using an 8bit AVR ATmega16/32L microcontroller. Check out the slides (PDF) from the talk as they break down how one finds JTAG ports on an arbitrary device, with or without a pinout detection tool. [hunz] is looking for people to pick up the project where he left off.

Once you determine the correct pinout, you will need a JTAG cable: there are two main types, buffered and unbuffered, both of which I have soldered up and tested from these circuit diagrams (image of completed buffered cable here). The software most hardware people use today are the openwince JTAG Tools. To get the JTAG Tools to compile, grab the latest source directly from their CVS repository.

The last time we featured JTAG was with regards to Linksys devices, but the tools listed above can be applied to any device with JTAG.

Simple IPhone Headphone Mod

September 19, 2007 by 19 Comments


Apparently the iPhone jack isn’t quite standard – it’s a bit recessed to the point that third parties are offering adapters for it. [John] offers this simple method for modding Etymotic’s fine ER6i headphones. (If only I could find mine. I haven’t seen them for 8 months.) I suggest using a utility knife over a pocket knife. It’s simple, easy, and will probably work on most headphones.

CCCamp 2007: GSM A5 Cracking

August 11, 2007 by 16 Comments


Steve Schear and David Hulton gave a presentation on A5 cracking. A5 is the encryption employed on GSM cellphone networks between the handset and the tower (nowhere else in the network). To sniff the GSM band, they use the GNU radio USRP. GNU radio is a software defined radio project, which given some effort you should be able to both receive and transmit in any RF band. You could use it to broadcast digital television, track radio tags, or even mess with garage door openers. For their initial investigation they used a Nokia 3310 in trace mode to dump the initial frames. Using a box with at least 27 FPGA’s they plan on constructing a 6+ terabyte rainbow table (it’ll take a couple months). Once complete, any GSM conversation can be cracked in less than 5 minutes using a single FPGA. The Hackers Choice has more info on the USRP based GSM analyzer and what they did to crack A5.

SMS Tracking With A GPS GSM Enabled AVR

July 15, 2007 by 20 Comments


[Alex] sent in some of his latest work. He interfaced some not so cheap components to give an AVR GPS and GSM I/O. For now it can read the GPS position and send text messages. Thanks to the GPS/GSM module, the schematic is pretty simple – anyone with basic soldering skills and a desire to put a dent in their credit card can probably build this. (Programming the AVR is probably the most difficult task)

IPhone Eve’ Extra

June 29, 2007 by 10 Comments


The guys at I-hacked put up a how-to on giving your windows mobile phone some iPhone skinned powers, but later in the day they decided to make it login required. Thanks to [Katrina] for the tip. (requiring logins for contributed content just doesn’t sit well with me.)

[chris] sent in his own round up of his personal projects.

[Chris Coleman] let me know about hacktherazr. They’ve got some decent guides on customizing just about everything on the things.

[Ben Heck] got sick of emails, so he’s offering to build one more xbox 360 laptop, if you give him a pile of money.

Staring sunday, I’ll be ripping the hell out of my new house (and re-doing most of the upstairs). Do me a favor and keep the tips line brimming over.

[David] has some interesting ideas involving wireless AP antennas and wireless keyboards. How about a cantenna…