Truely Hackable Phone ?

Thu, 14 May 2009 04:15:14 -0500

Ok . this was big when hit the press " Openmoko is introducing a completely open cellphone " and added to it " this is a truly hackable phone " . well i needed to know how "open" is open and what do they mean by "hack" when they say its truly hackable . here is the short version of my journey .

1- i purchased one NEO Freerunner box plus its debug board . got here so fast . during the time i sent them several emails , they never responded .
2- it runs an ARM-based linux , GSM using TI's calypso , GPS , Wifi , Bluetooth . there are a bunch of tools , scripts and APIs to "develop" different application for this device . its fairly documented .
3- using development toolchain plus the debugging capabilities make life a little easier for an average linux developer . yeah you can port your enterprise applications to openmoko architecture with minimum effort . that's good , although it was not something i was looking for . i'm a hacker , right ?
4- all chipset details are under NDA from manufacturers . some people , somehow , published old versions of these spec documents and of course because downloading them is illegal i didnt do it . we are not outlaws , we are hackers , right ?
5- so you can not monitor or modify GSM stack parameters or read/write its memory or play with available registers for example to build a GSM fuzzer , at best it offers you a simples stupid GSM modem using /dev/ttySAC0 . you can not read or monitor wifi or bluetooth's Radio layer parameters from chips probably to develop a low level scanner without OS's interference , you can not hook into A/D IC bus to Baseband to add special voice filters , you can not ... actually you probably can do all these and more but you first need to do extensive linux kernel development on ARM , plus being able to read those NDA'ed documents . well , deal is the same with any windows mobile smartphone , or even your beloved iPhone . who said playing with kernel on embedded architectures and reading documents you are not supposed to read is more "open" on NEO than the others ? and how this box is "truly" hackable comparing to others ?
6- IMHO if you are looking for serious low level GSM-GPRS-Bluetooth-Wifi involvements cellphones are wrong places to look . you can read all about OpenMoko on its wiki while you need to pay for a deep Symbian book to get your hands on similar technical details , but this as open as it gets . no phone is more hackable than the others . software development using available tools is not a hack . you can develop software on openmoko the way you do it on a regular pc , that's nice , but that's not hacking . yes you can develop a device driver to attach an industrial hardware using the UART connection and its a lot easier on openmoko comparing to others ( and i'm not even sure about this , having iPhone OS 3 in mind ) but all said , this is not hacking . this is typical software development .
7- at the end of the day i learned hacking into anything that's related to Wireless Service providers business and wireless applications must be done via Software Defined Radio platforms , like USRP , not cellphones . cellphones are never Open if you are looking to extensively get involved with hardware , and they are only hackable if you make yourself ready to break the law or pray for miracles . why ? take a look at one of these ETSI specs and compare it to the implementation , you will figure why .

this was months ago and now that i'm on the right track i thought its good to write this here . folks , if a very low percentage of skilled IP network hackers were able to easily look into telecom networks like GSM and CDMA world would be a different place now . yes i have my own NDAs up in my ass about my projects , but this can be said that regular computer IP software and networks are much more robust and reliable , believe this even if you are reading about all sorts of compromises everyday .

SDR technologies are growing fast and this is gonna change the game big time . NDAs may save "their" business for sometimes but i'd like to see how its gonna save the world when on some blackhat presentation a hacker from a far strange country like mine showing how to run code on somebody's cellphone's baseband routing phone calls from one target to another , all remotely . yes , i'm hearing you all saying world is gonna be saved with all sorts of warnings and threats of lawsuits . we have seen this before . you are probably right about lawsuits but i'm not sure if its gonna save the world .

<Lost's Next Season E1>

[Richard Alpert presses a key and sits in front of a mic]

Desmond : excuse me , i called Kate's cell . who are you brother ?
the Voice : its John Desmond , John locke .
Desmond : OMG , this technology got there so fast , how are you brother ?
the Voice : all is good . yup we are using edgy technology to protect the Island . come back to the island and visit me at Hostile's camp
Desmond : alright Brother

[Richard looks at Benjamin Linus and smiles]

iDA

Mon, 09 Feb 2009 06:24:15 -0600

well , turned out the best way to use IDA on Leopard is Parallels Desktop . using Air is always a pleasure now having IDA there i can do more . last night i had a date and while i was waiting down there near our building in a green-space ( yeah , and much as we have of these spaces , Tehran is still horribly ungreen ) it just came to me that i'm getting old . so i ran a couple of commands to setup a VNC server in Leopard remotely and i must admit iDA is always a pleasant familiar face , even over a weak WiFi connection , at night in a green-space that's not even green . it was the best 15 mins that i've ever waited for a girl because there i solved the problem and my first hex-rays SDK based application got compiled .

Rootkit.com died ?

Tue, 12 Feb 2008 17:06:10 -0600

its almost two weeks i cannot reach rootkit.com , tried from several providers/proxies and asked several friends nobody knew what happened . what's the story ?

Win32 CodeHook

Mon, 04 Feb 2008 08:09:38 -0600

a free open source library for Delphi and C++
http://www.kbasm.com/codehook.html

Windows Bugs Floating around

Tue, 11 Dec 2007 16:32:10 -0600

it was a long time before since i'v seen the same
yesterday and today , it was more like 15 critical vulns on windows published , SMB2 - IE - Vista kernel - FTP Client - Directx ... . is it the month of windows "itself" or its just Christmas ? ;)

OpenRCE: Blog

Truely Hackable Phone ?

iDA

Rootkit.com died ?

Win32 CodeHook

Windows Bugs Floating around