T-Mobile G1 has its firmware hacked out by a camera with a twitch

Mobile phones
Share

Thumbnail image for Thumbnail image for t-mobile-g1-android-handset2.jpgThe T-Mobile G1 phone isn’t even available over here until Thursday, but already the hackers on the other side of the Atlantic have sunk their teeth into it, and so far don’t seem to be doing too badly. Though it’s a relatively open platform compared to the restrictive iPhone, it just wasn’t open enough for hacker RyeBrye, who took it upon himself to extract the firmware (the phone’s operating system) in perhaps the most convoluted way possible.

What happened was that he found an exploit in the phone – something that malfunctions and allows him to run “arbitrary code” (ie: code he’s written himself). In this case, it was in the LED on the camera, so he wrote some code that – get this – uses the LED to blink the firmware in binary by switching on and off to represent the 1s and 0s. He then used a photo-transistor to “watch” the blinking (like with a camera), which came into the computer through the microphone port so was treated like sound, which was then converted back to binary code… and then had to be disassembled into code. Pretty complex and time consuming, but it does mean that the hacking potential for the G1 has just massively increased.

What I find most interesting about this is that all of the faff isn’t that uncommon – apparently the iPod Linux people did a similar thing to get the 4G iPod’s firmware by using the click wheel noise to “spell out” binary code. Amazing.

(via BoingBoing and Oblomovka)

Related Posts: G1 on 30/10 in the UK | First G1 review

James O’Malley
For latest tech stories go to TechDigest.tv

2 comments

  • The story about the G1 being dumped using an LED is actually not true. I was in IRC talking about the different approaches that I have seen used – and one that I (and many others) have used to get firmwares out of Canon cameras – and some people (apparently you included) read that to mean that the G1 itself has had its firmware dumped.

    My G1 arrives tomorrow, so I can assure you I haven’t been able to hack it yet. I’ll let you know when I do.

Comments are closed.