Truely Hackable Phone ?
 Mohammad Hosein (MohammadHosein) <mhtajik gmail com> |
Thursday, May 14 2009 04:15.14 CDT |
Ok . this was big when hit the press " Openmoko is introducing a completely open cellphone " and added to it " this is a truly hackable phone " . well i needed to know how "open" is open and what do they mean by "hack" when they say its truly hackable . here is the short version of my journey .
1- i purchased one NEO Freerunner box plus its debug board . got here so fast . during the time i sent them several emails , they never responded .
2- it runs an ARM-based linux , GSM using TI's calypso , GPS , Wifi , Bluetooth . there are a bunch of tools , scripts and APIs to "develop" different application for this device . its fairly documented .
3- using development toolchain plus the debugging capabilities make life a little easier for an average linux developer . yeah you can port your enterprise applications to openmoko architecture with minimum effort . that's good , although it was not something i was looking for . i'm a hacker , right ?
4- all chipset details are under NDA from manufacturers . some people , somehow , published old versions of these spec documents and of course because downloading them is illegal i didnt do it . we are not outlaws , we are hackers , right ?
5- so you can not monitor or modify GSM stack parameters or read/write its memory or play with available registers for example to build a GSM fuzzer , at best it offers you a simples stupid GSM modem using /dev/ttySAC0 . you can not read or monitor wifi or bluetooth's Radio layer parameters from chips probably to develop a low level scanner without OS's interference , you can not hook into A/D IC bus to Baseband to add special voice filters , you can not ... actually you probably can do all these and more but you first need to do extensive linux kernel development on ARM , plus being able to read those NDA'ed documents . well , deal is the same with any windows mobile smartphone , or even your beloved iPhone . who said playing with kernel on embedded architectures and reading documents you are not supposed to read is more "open" on NEO than the others ? and how this box is "truly" hackable comparing to others ?
6- IMHO if you are looking for serious low level GSM-GPRS-Bluetooth-Wifi involvements cellphones are wrong places to look . you can read all about OpenMoko on its wiki while you need to pay for a deep Symbian book to get your hands on similar technical details , but this as open as it gets . no phone is more hackable than the others . software development using available tools is not a hack . you can develop software on openmoko the way you do it on a regular pc , that's nice , but that's not hacking . yes you can develop a device driver to attach an industrial hardware using the UART connection and its a lot easier on openmoko comparing to others ( and i'm not even sure about this , having iPhone OS 3 in mind ) but all said , this is not hacking . this is typical software development .
7- at the end of the day i learned hacking into anything that's related to Wireless Service providers business and wireless applications must be done via Software Defined Radio platforms , like USRP , not cellphones . cellphones are never Open if you are looking to extensively get involved with hardware , and they are only hackable if you make yourself ready to break the law or pray for miracles . why ? take a look at one of these ETSI specs and compare it to the implementation , you will figure why .
this was months ago and now that i'm on the right track i thought its good to write this here . folks , if a very low percentage of skilled IP network hackers were able to easily look into telecom networks like GSM and CDMA world would be a different place now . yes i have my own NDAs up in my ass about my projects , but this can be said that regular computer IP software and networks are much more robust and reliable , believe this even if you are reading about all sorts of compromises everyday .
SDR technologies are growing fast and this is gonna change the game big time . NDAs may save "their" business for sometimes but i'd like to see how its gonna save the world when on some blackhat presentation a hacker from a far strange country like mine showing how to run code on somebody's cellphone's baseband routing phone calls from one target to another , all remotely . yes , i'm hearing you all saying world is gonna be saved with all sorts of warnings and threats of lawsuits . we have seen this before . you are probably right about lawsuits but i'm not sure if its gonna save the world .
<Lost's Next Season E1>
[Richard Alpert presses a key and sits in front of a mic]
Desmond : excuse me , i called Kate's cell . who are you brother ?
the Voice : its John Desmond , John locke .
Desmond : OMG , this technology got there so fast , how are you brother ?
the Voice : all is good . yup we are using edgy technology to protect the Island . come back to the island and visit me at Hostile's camp
Desmond : alright Brother
[Richard looks at Benjamin Linus and smiles]
Comments
| Posted: Wednesday, December 31 1969 18:00.00 CST | |