The WiFi adapter in your laptop has a special mode – monitor mode – that can be used to listen in on WiFi traffic and, with a little patience, can be used to crack a WEP password. Surprisingly, this monitor mode can’t be found on any Android device due in part to the limitations of the hardware. A group of three researchers, [Ruby], [Yuval], and [Omri], decided to spend their vacation adding monitor mode to their Android smartphones, allowing for a much more portable version of WiFi pwnage tools.
The phones used by the researchers – the Nexus One and Galaxy S II – used Broadcom chipsets that didn’t support monitor mode. To get around this limitation and allow the OS to see full 802.11 frames the team needed to reverse engineer the firmware of this Broadcom radio chip.
The team has released a firmware update for the bcm4329 and bcm4330 chipsets found in the Nexus One and Galaxy S II. The update may work for other phones with the same chipset, but don’t take our word on that.
There’s still a lot of work [Ruby], [Yuval], and [Omri] need to do. They’d like to add packet injection to their firmware hack, and of course create an APK to get this into the wild more easily.
If you have experience with kernel development and would like to help out, send the team an email. The source can be found at google code if you’d like to play around with it.
According to TUAW, Pwnage Tool 2.0 will activate, jailbreak, and unlock first generation iPhones running any firmware up to and including version 2.0. Unfortunately, it will not unlock an iPhone 3G (at least, not yet). iPhone 3G owners can still use the tool for activation and jailbreaking (so you can run 3rd party apps not supported by Apple and the new iPhone App Store).
So far, skimming through the 1322 comments on their announcement post, I’ve not seen any complaints or death threats about the tool bricking iPhones, but one should still proceed with caution. According to one update to the post, some people either get an error 1600 from iTunes or they notice a “failure to prepare x12220000_4_Recovery.ipsw” in the log. They’ve provided a workaround, however. If this happens to you, simply mkdir ~/Library/iTunes/Device Support or alternately nuke all the files in that already extant folder and re-run Pwnage Tool.
The iPhone dev team, notorious for jailbreaking the iPhone has just released a video of the iPhone 3G hacked. Keep up to date with it and watch for a release on their blog. This is a major update to the PwnageTool which is already available for previous versions of the iPhone.
They have added a lot of new features such as: canned web searches, custom installer configuration, and custom root partitions. They promise to release it soon, but state that it will not be this weekend. You can get a the high resolution version of the video from our mirror.