jump to navigation

iPhone unlock: it’s real, and it’s here August 23, 2007

Posted by reverseengineer in Hacks, Hardware, iPhone, Security, Telecommunications.

It’s real – the iPhone Unlock works, and is becoming widespread here in Mac-A-DoodleLand, the Philippines.

I’ve always hesitated to write about these iPhone unlock stories because they’ve always been remote and distant from me, like they happen on another planet and I just hear the stories third hand from space travelers passing through and try to pass them on to the people here on Earth. These SuperSIM techniques from Europe or the United States exist somewhere so far away they might as well be myths and legends to the poor iPhone-deprived in Asia.

This afternoon, I get a call from an old friend who happened to be one of the very first here to own an iPhone (a silly prospect because in the Philippines, it’s just a glorified iPod). Early on in the game he somehow got most of the non-telecom features to run, but in reality he just owns the world’s fanciest and most expensive 4gb digital music player.

So today he calls me and goes, “How does my voice sound?” I go, “What?” and he says, “Does it sound clear? Clear as a bell?”

I said, “What? …nooooo-o.”

Smug silence.


And so began the first call I’ve received from an iPhone – on a local Globe Telecom Platinum account. And my first direct experience that it’s real, that it can be done. And has been, several times over, already.

My friend had it unlocked by someone using the SIM card reader/writer trick with downloaded software and Silvercards, which are those credit cards embedded with a blank, writable SIM chip and isn’t really die-cut and meant to pop out for use in a cell phone. (You need to carefully trim off the excess credit card plastic with a pair of sharp scissors or a box cutter into the distinctive shape of a cellphone SIM before you can use the chip.)

The hardware hack works by copying info off the original (local) SIM chip, then modify it with the software by adding codes that make the phone think it’s an AT&T account being used, while in reality it’s a local account. Then it’s all copied onto a Silvercard, or some blank chipped card like those used for hotel keys or electronic payment. (It’s kinda-sorta like SIM spoofing.)

The someone who did the deed for my friend has done it for a least a half dozen people already (all of whom I know, incidentally), and can do it for you too if you pony up for the expenses – around PHP5500 (slightly over US$100) per unlock, including the materials. (Ironically, he does it on a Windows PC, not a Mac.)

It’s spreading like wildfire too. My other friends are ordering units from the US and are lining up to have the unlocking done.

It’s not exactly a service, but I can see a lucrative business waiting somewhere in the wings, if not for this guy, for some other unscrupulous folk – at least until a better option comes along, or if the European iPhone will be released unlocked later this year as rumors claim.

A few caveats though: no visual voicemail (or course not, silly), and no YouTube (which was available pre-unlock, oddly enough). Otherwise, it’s good to go, and no one’s the wiser. Not Apple, not AT&T, not the local carriers (who don’t really care – they get the business anyway.)

Apparently Globe accounts are recreated quite easily, as are Sun Cellular numbers, but Smart accounts seem nearly impossible to fake (hats off to Smart). The original AT&T SIMs aren’t even needed, just the other carrier SIM so they can be copied. Older accounts seem easier to copy too. Post- or pre-paid, it doesn’t matter.

But it isn’t all roses. One curious flaw is that Caller ID is erratic. Sometimes it works and sometimes it doesn’t – seemingly because the iPhone requires a complete and precise format of numbers for the Caller ID to work. The local implementation of this seems to be very poor as far as Globe is concerned, since some numbers carry the full prefix (+63915xxxxxxx) while some just need a leading zero instead (0915xxxxxxx).

Additionally, my friend didn’t seem to have any trouble applying the updates to his iPhone even after his faux activation. So, there’s really nothing holding the hordes back now; I fully expect to see more working iPhones here in the coming week. And elsewhere in the world, I suppose.

So the local carriers win with even more airtime used (hey, you gotta show off, right?), Apple wins because more people will buy the damn thing now, and as expected, the big loser is still AT&T, who’s once again massively SOL, and whose SOLness will now increase exponentially with each day that passes.

iPhone security too loose August 4, 2007

Posted by reverseengineer in Apple Inc., iPhone, Operating System, Security.
add a comment

The man who uncovered the security hole that led to Apple’s recent software update of the iPhone has criticized Apple‘s general platform security for the new cellphone as being largely poor, and their attitude “negligent”.

Charles Miller spoke at the Black Hat security conference in Las Vegas the other day and slammed Apple’s security practices. Quoted in a ChannelWeb report, Miller said:

Before they released the patch, I couldn’t really say that much because I didn’t want to give anyone enough to replicate the exploit. It was really frustrating, because a lot of people leapt to Apple’s defense without really knowing the details. Everyone said, ‘Oh, everyone gets bugs,’ and ‘Apple’s good on security,’ and ‘They’re better than Microsoft.’ When you look at the details of this bug, though, the reality is that Apple’s been negligent, I think.”

The criticism extends to the Macintosh as well, and Miller says that the problem stems from Apple’s inclusion of sections of older, outdated, less secure open source code in the newer OS X platform, leaving pre-existing vulnerabilities for hackers to take advantage of.

More on the issue from MacNN.

BrickPod July 30, 2007

Posted by reverseengineer in Apple Inc., Hardware, iPods, Security.
1 comment so far

Apple has patented a technology which would brick an iPod if someone tries to operate it on an unauthorized computer.

Apple already has software that pairs iPods with the owners’ computers, and it would be a simple matter to put in something that would totally disable the unit by disallowing it to charge forever. When attached, a security code in the iPod would be matched to a code in the computer, and if they don’t match, kaboom. Or rather, pfft.

The patent states that a “guardian circuit” could be triggered when this happens which in turn would permanently disable the charging circuit. Then it’s brick time.

Cool if a thief steals your iPod and sells it, but what about if someone just wanted to get a file off your player in disk mode? Scary tech, if you ask me. See patent app here.

Your iPhone has a hole July 24, 2007

Posted by reverseengineer in Apple Inc., Hacks, iPhone, Security, Video.
add a comment

Some nice folk with lots of time on their hands at Independent Security Evaluators thought it might be fun to find a vulnerability in the iPhone, and after a couple of weeks of on-again, off-again work, inevitably found one.

Then they followed the hole to its logical conclusion – a full, workable exploit, which probed with tools made by the other nice folk at #iphone dev still feverish trying to crack the phone after a month, can do stuff like steal your SMS messages, address book, call history and voicemail, among other things. This is done using a malicious website opened on Safari on the iPhone.

More a proof of concept than actual malicious intention, the ISE people have informed the mothership so patches can be created, and full disclosure will be made with fanfare in Las Vegas at Black Hat USA 2007 on Aug. 2 at precisely 4:45pm. Meantime, details abound on the net:

Article from the New York Times here.

YouTube video here.

PDF of preliminary technical paper here.

ISE website with instructions here.

TIP: Secure your GMail Notifier July 10, 2007

Posted by reverseengineer in Hacks, Security, Tips.
1 comment so far

If you’re like me, with no push email on my phone but still obsessive about getting the latest from your Gmail inbox, you probably use Google‘s freeware GMail Notifier, which updates you as to what’s new as it arrives.

Imagine my horror when I discovered that the Notifier sends your password out in clear text every time it accesses your inbox over the net. Thankfully, I found this out at about the same time a tip was being shared to shut down this loophole. The tip is so useful I can’t resist passing it along.

Here’s what you do, courtesy of a comment by poster Highplace on an O’Reillynet.com thread and repeated on macosxhints.com:

Pull down the Notifier menu (either Calendar or Gmail), hold down Command and Option, and click Preferences on the menu. You’ll see a hidden settings editor. Enter ‘SecureAlways’ in the Key field (upper and lower case must be entered as shown) and 1 in the Value field, then click Set. Quit Notifier and start it up again. From now on all connections with both Gmail & Gcal will be https.

Nice to know.

…almost there July 7, 2007

Posted by reverseengineer in Hacks, iPhone, Security.
add a comment

More blah blah blah.

According to a thread at Hackintosh, late yesterday the very industrious folk over at #iPhone have enabled a full interactive shell in the iPhone OS using the iPhoneInterface app mentioned previously, coupled with some creative soldering involving a resistor and some pins, plus three short commands through iPhoneInterface. The resulting serial console got the hackers an interactive shell with a near complete command list that is a massive step towards achieving their holy grail. (At least that’s how I understand it.)

We officially don’t support this – we’re just reporting it – but nevertheless the world waits with bated breath.

Fake! Fake! July 2, 2007

Posted by reverseengineer in iPhone, Security.
add a comment

A website that purports to unlock iPhones so they can be used outside of AT&T service (meaning anywhere in the world that uses the GSM system) has been exposed as a fake.

Digg reports that iphoneunlocking.com is a big fat scam to secure iPhone IMEI codes by the truckload, and cites a blog called Stand Your Grounds (which makes me think of messy coffee makers) that claims to prove (a bit unintelligibly) that the site is a fake. Hey, I could have told you that right off.

Americans beware. Non-Americans, wishful thinking. Shame on you.

Breaking News: iPhone firmware leaked; hacking proceeds apace July 1, 2007

Posted by reverseengineer in Downloads, iPhone, News, Operating System, Security.
add a comment

Not even 24 hours since its release, hackers are hard at work at kracking the iPhone from a 91.5MB iPhone OS System Restore Image now available for download on the internet, and sourced, apparently, from an Apple webserver.

Mac-A-Doodle will not be a party to this by posting a link to the Mac hacker forum where this download is available, although we will say that with a little, um, digging, it can easily be found. (Not that most of us can do anything with it; the DMG from the IPSW file is passworded, and even if you succeeded in decompressing it, is only useful to the precious few who can work the black magic.)

But boy, that was fast, wasn’t it?

iTunes 7.2 released May 30, 2007

Posted by reverseengineer in iTunes, Security, Updates & Patches.
add a comment

Fire up Software Update: a new version of iTunes has just been released. iTunes 7.2 allows you to

preview and purchase iTunes Plus music—new higher-quality, DRM-free music downloads from participating music labels.

Additionally (according to iTunes help):

The iTunes Store also offers songs without DRM protection, from participating record labels. These DRM-free songs, called “iTunes Plus,” have no usage restrictions and feature higher-quality encoding.

The first time you buy an iTunes Plus song, you specify whether to make all future purchases iTunes Plus versions (when available). You can change this setting by accessing your account information on the iTunes Store.

If you already have iTunes Store purchases that are now available as iTunes Plus downloads, you may upgrade your existing purchases. To do so, visit the iTunes Store and follow the onscreen instructions.

At least this saves us all the DRM-purging step of burn-to-a-CD then re-rip. The download is 29.2MB for most systems.

On a side note, also available is Security Update 1.0 for Quicktime 7.1.6. It’s a 1.9MB download. More on this here.

“Mac Hacked!” Update May 3, 2007

Posted by reverseengineer in News, Security, Updates & Patches.
add a comment

Apparently that Zero Day Hole in Safari I wrote about in a previous post that allowed a coupla guys to hack into, and win, a Macbook (and US$10K) in the CanSecWest security competition the other week wasn’t even in Safari at all – it was a hole in Quicktime for Java. Which prompted the security update I mentioned in the last post that Apple released a couple of days ago, which upped QT to 7.1.6 to plug that hole exposed by the hacking contest. And it’s not just Mac OS X affected – Quicktime for Windows is equally vulnerable, which is no big surprise.

Quick, fast action by Apple, who was caught with their pants around their ankles. I guess it’s one of the better things to come out of these busywork hacking contests that pop up now and then. A slight problem for Windows users who have disabled the automatic updates though. Let’s be nice to our neighbors and tell them, ok?