The T-Mobile G1 phone isn’t even available over here until Thursday, but already the hackers on the other side of the Atlantic have sunk their teeth into it, and so far don’t seem to be doing too badly. Though it’s a relatively open platform compared to the restrictive iPhone, it just wasn’t open enough for hacker RyeBrye, who took it upon himself to extract the firmware (the phone’s operating system) in perhaps the most convoluted way possible.
What happened was that he found an exploit in the phone – something that malfunctions and allows him to run “arbitrary code” (ie: code he’s written himself). In this case, it was in the LED on the camera, so he wrote some code that – get this – uses the LED to blink the firmware in binary by switching on and off to represent the 1s and 0s. He then used a photo-transistor to “watch” the blinking (like with a camera), which came into the computer through the microphone port so was treated like sound, which was then converted back to binary code… and then had to be disassembled into code. Pretty complex and time consuming, but it does mean that the hacking potential for the G1 has just massively increased.
What I find most interesting about this is that all of the faff isn’t that uncommon – apparently the iPod Linux people did a similar thing to get the 4G iPod’s firmware by using the click wheel noise to “spell out” binary code. Amazing.
(via BoingBoing and Oblomovka)