📚
OpenRCE
is preserved as a read-only archive. Launched at RECon Montreal in 2005. Registration and posting are disabled.
About
Articles
Book Store
Distributed RCE
Downloads
Event Calendar
Forums
Live Discussion
Reference Library
RSS Feeds
Search
Users
What's New
Customize Theme
bluegrey
blackgreen
metal
simple
Flag:
Tornado!
Hurricane!
Login:
Password:
Remember Me
Register
Blogs
>>
MohammadHosein
's Blog
Created: Thursday, May 14 2009 04:15.14 CDT
Modified: Thursday, May 14 2009 04:23.11 CDT
Printer Friendly ...
Truely Hackable Phone ?
Author:
MohammadHosein
# Views:
2271
Ok . this was big when hit the press " Openmoko is introducing a completely open cellphone " and added to it " this is a truly hackable phone " . well i needed to know how "open" is open and what do they mean by "hack" when they say its truly hackable . here is the short version of my journey .
1- i purchased one NEO Freerunner box plus its debug board . got here so fast . during the time i sent them several emails , they never responded .
2- it runs an ARM-based linux , GSM using TI's calypso , GPS , Wifi , Bluetooth . there are a bunch of tools , scripts and APIs to "develop" different application for this device . its fairly documented .
3- using development toolchain plus the debugging capabilities make life a little easier for an average linux developer . yeah you can port your enterprise applications to openmoko architecture with minimum effort . that's good , although it was not something i was looking for . i'm a hacker , right ?
4- all chipset details are under NDA from manufacturers . some people , somehow , published old versions of these spec documents and of course because downloading them is illegal i didnt do it . we are not outlaws , we are hackers , right ?
5- so you can not monitor or modify GSM stack parameters or read/write its memory or play with available registers for example to build a GSM fuzzer , at best it offers you a simples stupid GSM modem using /dev/ttySAC0 . you can not read or monitor wifi or bluetooth's Radio layer parameters from chips probably to develop a low level scanner without OS's interference , you can not hook into A/D IC bus to Baseband to add special voice filters , you can not ... actually you probably can do all these and more but you first need to do extensive linux kernel development on ARM , plus being able to read those NDA'ed documents . well , deal is the same with any windows mobile smartphone , or even your beloved iPhone . who said playing with kernel on embedded architectures and reading documents you are not supposed to read is more "open" on NEO than the others ? and how this box is "truly" hackable comparing to others ?
6- IMHO if you are looking for serious low level GSM-GPRS-Bluetooth-Wifi involvements cellphones are wrong places to look . you can read all about OpenMoko on its wiki while you need to pay for a deep Symbian book to get your hands on similar technical details , but this as open as it gets . no phone is more hackable than the others . software development using available tools is not a hack . you can develop software on openmoko the way you do it on a regular pc , that's nice , but that's not hacking . yes you can develop a device driver to attach an industrial hardware using the UART connection and its a lot easier on openmoko comparing to others ( and i'm not even sure about this , having iPhone OS 3 in mind ) but all said , this is not hacking . this is typical software development .
7- at the end of the day i learned hacking into anything that's related to Wireless Service providers business and wireless applications must be done via Software Defined Radio platforms , like USRP , not cellphones . cellphones are never Open if you are looking to extensively get involved with hardware , and they are only hackable if you make yourself ready to break the law or pray for miracles . why ? take a look at one of these ETSI specs and compare it to the implementation , you will figure why .
this was months ago and now that i'm on the right track i thought its good to write this here . folks , if a very low percentage of skilled IP network hackers were able to easily look into telecom networks like GSM and CDMA world would be a different place now . yes i have my own NDAs up in my ass about my projects , but this can be said that regular computer IP software and networks are much more robust and reliable , believe this even if you are reading about all sorts of compromises everyday .
SDR technologies are growing fast and this is gonna change the game big time . NDAs may save "their" business for sometimes but i'd like to see how its gonna save the world when on some blackhat presentation a hacker from a far strange country like mine showing how to run code on somebody's cellphone's baseband routing phone calls from one target to another , all remotely . yes , i'm hearing you all saying world is gonna be saved with all sorts of warnings and threats of lawsuits . we have seen this before . you are probably right about lawsuits but i'm not sure if its gonna save the world .
<Lost's Next Season E1>
[Richard Alpert presses a key and sits in front of a mic]
Desmond : excuse me , i called Kate's cell . who are you brother ?
the Voice : its John Desmond , John locke .
Desmond : OMG , this technology got there so fast , how are you brother ?
the Voice : all is good . yup we are using edgy technology to protect the Island . come back to the island and visit me at Hostile's camp
Desmond : alright Brother
[Richard looks at Benjamin Linus and smiles]
Add New Comment
Comment:
There are
31,328
total registered users.
Recently Created Topics
[help] Unpacking VMP...
Mar/12
Reverse Engineering ...
Jul/06
let 'IDAPython' impo...
Sep/24
set 'IDAPython' as t...
Sep/24
GuessType return une...
Sep/20
About retrieving the...
Sep/07
How to find specific...
Aug/15
How to get data depe...
Jul/07
Identify RVA data in...
May/06
Question about memor...
Dec/12
Recent Forum Posts
Finding the procedur...
rolEYder
Question about debbu...
rolEYder
Identify RVA data in...
sohlow
let 'IDAPython' impo...
sohlow
How to find specific...
hackgreti
Problem with ollydbg
sh3dow
How can I write olly...
sh3dow
New LoadMAP plugin v...
mefisto...
Intel pin in loaded ...
djnemo
OOP_RE tool available?
Bl4ckm4n
Recent Blog Entries
halsten
Mar/14
Breaking IonCUBE VM
oleavr
Oct/24
Anatomy of a code tracer
hasherezade
Sep/24
IAT Patcher - new tool for ...
oleavr
Aug/27
CryptoShark: code tracer ba...
oleavr
Jun/25
Build a debugger in 5 minutes
More ...
Recent Blog Comments
nieo
on:
Mar/22
IAT Patcher - new tool for ...
djnemo
on:
Nov/17
Kernel debugger vs user mod...
acel
on:
Nov/14
Kernel debugger vs user mod...
pedram
on:
Dec/21
frida.github.io: scriptable...
capadleman
on:
Jun/19
Using NtCreateThreadEx for ...
More ...
Imagery
SoySauce Blueprint
Jun 6, 2008
[+] expand
View Gallery
(11) /
Submit
Printer Friendly ...
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}