Hackers Finally Unlock iPhone 3G

nandemoari quotes a story at Infopackets: "2009 has gotten off to a great start for a team of iPhone enthusiasts with little regard for Apple's licensing requirements. They've finally figured out a way to get the phone to work with any cell phone carrier (and not just AT&T). The iPhone Dev Team is best known for their work on 'jailbreaking;' the technique of altering an iPhone so that you can run any applications on it, not just those approved by Apple. Given the company's questionable vetting policy for entry to the official App store, it's not surprising many users approve of jailbreaking."

Finally

[slugtastic (1437569)]

I can use Opera Mini on my iPhone.

Re:

[zobier (585066)]

I'm hoping we can get Android fully running (including supporting all hardware devices) on it.

Re:

[sunnytzu (629976)]

Well, Android has been made able to support all the features of the iPhone (or so it seems), just need some crafty driver developers now.

Re:Finally

[DECS (891519)]

Except for a multitouch screen. And Android doesn't support Bluetooth any better than Apple's nearly worthless level of support.

What exactly do you even have in mind when you say "all the features"? Because the features of the iPhone that are novel are not supported in Android, and those that are nothing special. What sets the iPhone apart is mainly its user interface, its software store, its smart integration into iTunes/iPod stuff. Android offers none of those things. It give users a DIY-UI, a software "store" without security, merchandising, or sales, and no PC connectivity.

Google's Android Platform Faces Five Tough Obstacles [roughlydrafted.com]

Re:Finally

[schmidt349 (690948)]

Um, you should probably watch the iPhone Dev Team's recent presentation at CCC [google.com] if you want to sound like you have any idea what you're talking about. This wasn't some simple privilege escalation coming out of a buffer overflow in the web browser. Apple signs the shit out of every binary on the phone. The kernel won't execute a binary in userland unless it's signed; the firmware loader won't execute the kernel unless it's signed; the low-level bootloader won't execute the firmware loader unless it's signed.

The iPhone 3G is a paragon of embedded device security, at least by way of making sure unapproved code doesn't run on the device, and it's a testament to just how amazing the iPhone Dev Team guys are that they actually found a way to (a) defeat the whole chain of trust in the iPhone firmware in order to jailbreak it. This by the way doesn't even take into account their real genius, the hack into the baseband firmware for the S-Gold radio device, which executes code in its own universe, completely separate from the S5L application processor.

In short, this hack wasn't some bunch of script kiddies having a sleepover and cracking the copy protection on Arkanoid 2 for the C64. This was a brilliant circumvention of some of the tightest security ever found on a PDA or mobile phone. So please don't disrespect the people who made it possible.

This is also an excellent case study

[Sycraft-fu (314770)]

In why DRM is retarded. As you say, this is some of the tightest security ever found. Yet, it has been broken by some very smart people. Such is the fate of any DRM that is sufficiently widespread that smart people care to go after it. You can be as clever as you like with your DRM scheme, you are going to find someone as clever as you will likely break it.

Also annoys me since I think some of these technologies are a good idea, if they weren't implemented in an assholish way. Code signing, for example. I really like the idea as a potential security measure for users/administrators. When I download Firefox, the fact that it is signed by Mozilla gives me a pretty high degree of certainty that it is legit, safe code. It's not 100%, of course, someone could break/steal their certificate, or someone inside could sign bad code, or my system could be compromised, but it is a good additional check. Also if anyone trys to break something like that, I'll say they are up to no good.

However when it is implemented in this "You may only run things we bless," well then you are being a jerk. People are going to break it because they want to be able to run their own stuff.

Personally I think Apple should have gone the route of having store with signed code but allowing unsigned code. If you install a signed app from their store, it installs with no question. If it is another app you get a "Warning, this code is unsigned and could be unsafe," box with a button for more info. Ask for more info and it explains that Apple has looked at signed apps and decided they are ok and aren't going to mess up your phone. They haven't looked at unsigned apps so they don't know, and if it messes up your phone they can't really help you.

Yes, that would mean people could have apps that'll mess up your phone... You know just like every other smart phone out there. Doesn't seem to have killed that market, I don't think it'd kill the iPhone.

Fortunately, there are people like this that will break their DRM, so you can use it as you wish.

Re:This is also an excellent case study

[rsmith-mac (639075)]

As you say, this is some of the tightest security ever found. Yet, it has been broken by some very smart people.

To be fair, at least for the iPhone itself, the DRM wasn't very good. Apple used the same S5L processor and encryption key set on both the iPhone 2G and iPhone 3G. With the iPhone 2G at launch, everything ran as root and a trivial Safari exploit could be used to remote execute code as root - being able to run that code allowed key retrieval. Since Apple did fix the root security issues with iPhone OS 1.1.3 and later with all applications now running as the very limited user Mobile, but since they did not change the keys for the 3G it was not very hard (in the scale of breaking DRM at least) to crack open the firmware of the iPhone 3G and jailbreak that too. The iPhone's primary hardware should not be considered a strong DRM platform because Apple did not properly implement it before it was broken for good.

This of course does not apply to the S-Gold radio; that was completely changed between the iPhone 2G and iPhone 3G, and the Dev Team beating that is indeed an amazing hack. Never the less, it took them 5-6 months to break it, which is actually rather remarkable. This was another case where Apple learned its lesson, as the 2G's radio was not properly secured, either.

Futhermore, if you want to look at an iPhone device properly secured, look at the iPod Touch 2G. Apple did change the keys that time, and so far it has not been possible to break it for 4 months. At a bare minimum, a remote code execution exploit and a local privilege execution exploit must be found in the Touch in order to have a chance at capturing its keys, and that's just to decrypt the firmware. We have no idea what other surprises are on the Touch since no one has made it that far yet.

I'm not entirely convinced that it's impossible to build an unbreakable device. DRM has been getting better over the years, the Xbox 360 still doesn't have a way to execute unsigned code (without hardware modification), for example.

Re:

[molarmass192 (608071)]

Good post, but it is impossible to build an unbreakable device simply by definition. If code runs on it, it's breakable, even if it means a brute force code signing "attack". It might take 10,000 years to get the correct key to use in signing, but it's possible. What impresses me is how quickly these guys find a way in. I've done some playing around cracking hardware, for educational purposes of course, and it's nowhere near as easy as they make it seem.

Re:This is also an excellent case study

[Ihmhi (1206036)]

How well would it reflect on Apple if some of their most popular apps were unsigned ones?

DRM might actually work for iPhone

[pikine (771084)]

This is also an excellent case study in why DRM is retarded. As you say, this is some of the tightest security ever found. Yet, it has been broken by some very smart people. Such is the fate of any DRM that is sufficiently widespread that smart people care to go after it.

If you watch the video, you'd see the only reason they're able to break it is because the bootrom (initially run by the hardware) is modifiable yet not signature checked. I suppose that's because they want to be able to upgrade the bootrom but signature checking is only implemented in software and not hardware. All the NOR and NAND flash memory and the processor is built inside an integrated chip, so it is possible that future revisions of the chip will also integrate a TPM to verify the signature of bootrom. Let's suppose Apple will do that. You will then have a completely working DRM framework on the iPhone.

TPM doesn't work on PC because you always have access to hardware without TPM, allowing you to run whatever you want and patch the software that requires TPM such as the hackintosh Mac OS X. However, for the iPhone, you can only buy the hardware from Apple that always has TPM on it (or settle for a previous generation iPhone without TPM). The whole point of iPhone craze is that you want to buy iPhone made by Apple, and all the restrictions follow from that, including choice of carrier and applications you can run.

Code signing, for example. I really like the idea as a potential security measure for users/administrators. When I download Firefox, the fact that it is signed by Mozilla gives me a pretty high degree of certainty that it is legit, safe code.

Do you have any means to verify that Firefox certificate is signed by someone you could trust? I could generate a certificate that looks like it's issued by Mozilla, and then sign a tempered copy of Firefox with it. Even if you can verify the mozilla.org certificate, the chain of trust ultimately leads to a root certificate that you must trust. Are you really sure that VeriSign or Thawte or other certificate issuing institutions cannot be compromised? I remember a past Slashdot story about one of the root issuer happily generating certificate for any domain name without verification.

Fortunately, there are people like this that will break their DRM, so you can use it as you wish.

If you have to use Apple's iPhone, your freedom is already automatically compromised, if not now, sooner or later.

Re:This is also an excellent case study

[bnenning (58349)]

If people paid for everything they got, and there was no piracy -- there wouldn't be DRM.

Nope. See DVD region codes, which are used to create market segmentation and remove first sale rights. And DRM would still be used to create lock-in and artificially cripple devices so that you have to pay the provider for functionality that you could normally add yourself.

I'm not attacking you here, just the idea that Apple's doing something dumb by protecting their assets and their market. That's capitalism for better or for worse.

DRM backed up by laws like the DMCA is not capitalism; it's a removal of our property rights.

Re:

[mrchaotica (681592)]

Capitalism goes both ways, you don't actually own what you think you do. Just because you buy some music doesn't give you the right to do with it what you please -- contrary to 'fair use' laws, simply because you enter into an agreement with Apple with their EULA.

You know, I'm really tired of explaining how this works over and over and over again. So here's the short version:

You're wrong. Completely. You're either a shill for the music industry, or you're an idiot who drank their kool-aid. They may try to t

Re:Finally

[xmpcray (636203)]

And to add to this, they explicitly say they don't want any donations.

We've seen some comments about you lovely people wanting to donate money to us. We'd just like to say that we DO NOT accept donations. There is no paypal account associated to us, there is no way to donate to us, we do this as a hobby and don't want to be paid and we fund all of this ourselves and it works out just fine.

Anyone who says "donate to DevTeam" in our name is lying, so don't send them anything, you'll just fund their crack habit.

Keep your dough for the lovely shiny Apple products, we think you'll need it.

If you do want to send us something, please send a scan of a postcard from your city, handwrite a nice message scan it and sent it over to blog@iphone-dev.com

http://blog.iphone-dev.org/post/41744653/donations-to-dev-null [iphone-dev.org]

Re:

[PopeRatzo (965947)]

The iPhone 3G is a paragon of embedded device security

Sadly, no.

(as they say)

Re:

[Hurricane78 (562437)]

And yet, what have they got. A free (as in freely usable) iPhone. But still an iPhone. Who the fuck seriously wants that piece of shit (old but funny) [thebestpag...iverse.net]?

Re:

[moxley (895517)]

Good post.

Hopefully the sophistication of this community and the hopelessness of DRM will further encourage those who make decisions about DRM to abandon this sinking ship. Anyone with a brain knows that all DRM can eventually be circumvented, and that there is no such thing as perfect security - thus, it makes much more sense to come up with a cooperative model that works with the community of users. I am not saying that anything goes, but what I am saying is that if Apple were to embrace the enthusiast co

Yes!

[XPeter (1429763)]

I can't wait to put Windows Mobile on my 3G!

Re:

[iammani (1392285)]

Atleast RTFS, the story is that now you can use other GSM carriers on your iphone.

Re:

[initialE (758110)]

At the very least, a wine environment.
What?

Is it worth it?

[rolfwind (528248)]

I've been thinking about one, but:

a)How do you get around activation at purchase time?
b)Does Apple break this later on, especially when I need it?

I could buy a legally unlocked iPhone from Hong Kong, but it costs $700+. In the unlocked countries, Apple prices it through the roof, I suppose. Although there has been talk about a prepaid version here for some time...

Re:

[frdmfghtr (603968)]

How do you get around activation at purchase time?

That's an easy one...you buy it used on eBay, Craigslist, etc.

Re:

[v1 (525388)]

I can't imagine the odds of someone selling their new iphone 3g while still under contract. Wouldn't the odds of such a thing for sale being hot be incredibly high? Those things have serial numbers (SSIDs) that they will need to activate the phone wherever so if you do get a hot iphone you probably won't have it for long.

Re:

[Richard_at_work (517087)]

The UK has prepaid versions on sale currently - 8GB for ~ £350GBP/$510USD, and 16GB for ~ £390GBP/$570USD. Free 3G internet access on O2 for the first year with the purchase of the handset, and you buy voice minutes and sms credit.

All comments on this story

[by Anonymous Coward]

I'll summarize every comment on this story, which will be of two types:

1) OMG APPLE IS TEH EVILZ, SUPAR CLOSED. Information wants to be free!!1 All things apple fail, apple will close all business and lose EVARATHING coz I think they suxxor even though I would never try it!

2) Apple is heaven and they're just doing this for your own protection, it saves you and gives a you a better phone experience! Now suck on Stevies cock like a good little bitch.

There are 3 type of comments, not 2

[by Anonymous Coward]

The 3rd type is the comment about other peoples stereotypical comments.

Rather than linking to some random blog...

[oPless (63249)]

Why not link to http://blog.iphone-dev.org/ [iphone-dev.org] themselves ?

Oh wait ... this is /.

My Bad.

Re:

[freedumb2000 (966222)]

And why is /. always a few days behind any other news source? Being a /. editor must be a posh job.

Re:

[pm_rat_poison (1295589)]

You must be new here...
We NEVER link to the most appropriate site for the story, that's what digg is for.

Trusted Computing

[Britz (170620)]

Trusted Computing used to be treated as one of the most evil things here on Slashdot:

http://www.youtube.com/watch?v=XgFbqSYdNK4 [youtube.com]

The appstore (where Steve decides what is trustworthy and what is not, to quote the video) sold the "I am rich"-app for cryin' out loud. Among a bunch of other crap. Other apps that are very useful are not given a chance and won't run.

Re:

[Dan East (318230)]

The number one seller is iFart, which was raking in over $10,000 per day for a while. It's still #1, so it's obviously continuing to pull in massive amounts of money.

Re:

[Corbets (169101)]

It also PULLED the I am rich app, sticking to their policy of deciding what's appropriate and what's not. Don't forget to leave out that little detail; you might not like them taking that responsibility/power upon themselves, but they DO do it rather consistently. They're not perfect, clearly, which is why the app made it to the store at all.

Why most people unlock...

[Tjp($)pjT (266360)]

Jailbreak has been around for a while to run non-App Store apps. But a lot of the reasons to run non-App store apps is gone as a lot of originally free pre-Apple iPhone SDK apps are now on the App store as "legitimate" apps. And those that were not were often available anyway. Jailbreak to run non-Apple apps was pretty quick. What "unlock" is all about is to use an alternative carrier. The prior 3G choice was buy an overseas (if you're in the US) unlocked iPhone, a hack SIM overlay card which messes with the registration numbers the network sees for your phone and the ones the phone sees, and which is illegal in most places, or wait for the iPhone Dev Team as most other hackers have fled the scene. Geohot seems to have once more been a quiet hero and provided a key exploit to allow the Dev Team the insertion vector.

So just running unapproved apps is not the reason for the unlock. The reason is so one can take their locked phone and use a different carrier. A great example is so I can use Kyivstar in Ukraine while traveling (or any other GSM/GPRS provider) and not pay thousands of dollars to roam from ATT while in Europe. Instead pay 50-60 USD and buy a local prepaid SIM. BTW. They sell at most airports. So if traveling, research first before you pay 75 dollars to have a 10-15 dollar SIM card kit mailed to you in the US.

And as this is BETA software, be patient while the bugs are worked out. Me especially as a Ukraine user reported Kyivstar was not playing nice yet.

Re:I do not understand...

[Mononoke (88668)]

Please, somebody tell me why anyone should buy an iPhone.

Because it meets their requirements, and the manufacturer support and aftermarket accessory selection is second to none.

Re:I do not understand...

[MtViewGuy (197597)]

Except it's still not the smart phone of choice for business users, due to its poor ability to type out messages. Apple needs to learn from two LG smart phones, the Voyager with its flip-open keyboard or the Incite with its haptic-response touchscreen; a third-generation iPhone with a haptic-response touchscreen (including the ability to type out messages when displaying in landscape mode) would make the iPhone a VERY serious competitor against the Blackberry or Palm Treo series of smart phones.

Re:I do not understand...

[mr100percent (57156)]

Haptic response?
If that's the case, why do critics HATE the Blackberry storm and rumor has it that Verizon is dealing with a ton of returns?

Just get firemail for iPhone and type your emails in landscape mode

Re:

[MtViewGuy (197597)]

You have to remember haptic touch response is still in its infancy and as such the Blackberry Storm and LG Incite may have limitations in terms of usability. But once we understand how to improve haptic touch response, I'd like to see Apple incorporate this technology into the third-generation iPhone, because with reasonably fast typing the iPhone can become a true competitor to the Blackberry and Palm Treo devices so commonly used by business customers.

Re:I do not understand...

[ijakings (982830)]

Luckily there are apps for a jailbroken iphone that build on the functions of the default apps. iRealSMS is a brilliant messaging app for the iphone, of course it will never be avaliable on the appstore as it competes with their rubbish sms app. Its got real inboxes outboxes and sent messages templates drafts landscape typing.

This is why un-jailbroken iphones arent as good. If an apple official app sucks, well thats just too bad.

Re:

[by Anonymous Coward]

"Because it meets their imagined requirements and is trendy and makes them look cool"

Fixed it for you

Re:

[by Anonymous Coward]

Because the iPhone happens to be an alternative to the iPhone alternatives.

Re:I do not understand...

[by Anonymous Coward]

... why people NEED to have an iPhone. There are alternatives in the market.

Few people NEED to have an iPhone. Many people WANT to have an iPhone. I won't buy an iPhone due to the operator locking-thingie/price, so I'd be happy to hear about the alternatives.

Please, somebody tell me why anyone should buy an iPhone.

It is a nice device. It reportedly works very well.

What the nerd community most often fail to realize is that all features aren't equal. A well implemented and well integrated feature in a convenient interface is worth way more than the same feature implemented crappy, or accessed through a annoying interface.

Re:I do not understand...

[garcia (6573)]

It is a nice device. It reportedly works very well.

It's just like every other device out there... It has its good points and it has its really bad points. What it does really well is viewing webpages as they were meant to be seen and playing music/video. These things are second to none on any device I have used.

What it doesn't do well are too numerous to list. Do I own one? Yes. Why? Because I ride the bus every day to work and I wanted music/video as well as good web surfing. Unfortunately what it doesn't do is type with ease, which I am used to from the 4 years I used a Sidekick, and run applications in the background. Seriously, that is the hardest thing for me to get used to (what do you mean I don't have IM running all the time?)

If T-mobile didn't suck so hard and the Sidekick wasn't marketed to douchebags, I'd probably go back to owning one in a heartbeat over the iPhone. But for now, it does most of what I want it to and I'm about 50/50 with the device.

Re:

[MtViewGuy (197597)]

I cite two reasons why people are buying iPhones:

1) Built-in full iPod functionality, so you can play music and videos processed through [i]iTunes[/i].

2) The App Store has allowed for a lot of very interesting third-party applications that you don't see on other "smart phones."

My major gripe is that typing messages on an iPhone still leaves much to be desired, which keeps the iPhone from being a serious competitor to a Blackberry or Plam Treo phones. They really need to either a) integrates a real keyboard

Re:I do not understand...

[JaredOfEuropa (526365)]

I cite two reasons why people are buying iPhones

Those are good reasons, but the most important reason I think is that the user interface just works so damn well. It does for me... I am no Apple fanboy (the only other Apple device I own is an iPod, the rest is all Windows stuff), but I bought one, despite
- no out-of-the-box todo lists
- no notepad that is actually useful (and syncs)
- no cut & paste (a major omission), and poor (if any) communication between apps
- crippled Bluetooth (only works with headsets, can't use it to hook up a Bluetooth keyboard or other peripherals).
- locked down OS (can't replace the standard keyboard with a custom one, for instance).
- rumours of poor battery life and poor reception (I haven't noticed any of these. Tip to increase battery life: turn off location services; the GPS chip is power hungry... like it is on any other cell phone).

So why are people buying despite all this? I don't think having a built-in iPod and some amusing apps make up for this. The following, however, does:
- Form factor. It's small. And I thank Apple for not putting a damn physical keybord inside, which would make it considerably bulkier.
- Ease of use. The UI is simple and responsive certainly compared to WME.
- The multi-touch screen: brilliant not because of the cute "pinch" zoom gesture, but because I can operate it with my fat fingers. Whereas my other smart phones required me to use a fingernail or the stylus, I can operate the iPhone 1-handed using my thumb.

Typing messages is actually pretty good on the iPhone. As you'd expect, typing speed is somewhere between the on-screen keyboard & stylus of WME phones, and phones with a physical keyboard. But that's not what Apple needs to work on to capture the business market. Apple needs to address security by offering a mandatory PIN login that cannot be disabled by the user, and a remote wipe function. Without those two, you can forget about corporations allowing these things to VPN in and access the Exchange server.

Re:

[frdmfghtr (603968)]

Apple needs to address security by offering a mandatory PIN login that cannot be disabled by the user, and a remote wipe function. Without those two, you can forget about corporations allowing these things to VPN in and access the Exchange server.

The remote wipe [apple.com] was added with the 2.0 software. From the Apple website:

IT administrators can securely manage any iPhone that contains confidential company information using remote wipe and enforced security and password policies. These device configuration and remote management capabilities allow IT departments to quickly and seamlessly deploy iPhone throughout their companies.

This may also answer your concern for mandatory password/PIN protection.

Re:

[WhatAmIDoingHere (742870)]

I always remembered to grab my iPod when I headed out the door. I almost always forgot my cellphone. When the iPhone was announced I knew that it was a solution to my problem. I haven't left the house once without my iPhone.

And there are some people, believe it or not, who actually like buying music and video through the iTMS.

Re:I do not understand...

[knutkracker (1089397)]

Because compared to the windows mobile device I had for three years previously, the iPhone's interface and tight integration of functionality feels like having a scented massage from a bikini-clad swedish pin-up girl.

Pretty much *everything* I wanted to be able to do previously is now possible in an elegant way, and I'm serendipitously finding that loads of oh-so-simple intuitive shortcuts have been quietly added and left to be discovered.

I won't bore you with details, but there is a good comparison to be made with open source - you sometimes need the BDFL to bring out the best in a project, simply to avoid the endless conflicts and design by committee which can lead to a product which does everything poorly, rather than doing a small number of things in a superbly polished way.

I have only bought an iPhone in the last three months, having held back since their launch on the grounds that slack-jawed fanboi drivel was not something to take seriously, but I've had to grudgingly admit that Apple have got something very right. Perhaps best summed up with Oliver Wendell Holmes' famous quote (take note, usability engineers!):

"I would not give a fig for the simplicity this side of complexity, but I would give my life for the simplicity on the other side of complexity."

Re:

[jabithew (1340853)]

A good example; you're standing on Oxford Street and feeling hungry. You open maps, get it to pull down your current location. Then type 'Italian' into the search. You look at one of them, e.g. Carluccio's*. From there you can get to their webpage, get directions to it and call them, all with one press of a button. After you eat there, you decide you like the place. Pull out your search results and add it to your contacts. Whenever you want to find it again you can pull it out of your address book.

It's pret

Re:

[Starayo (989319)]

Well, I don't strictly NEED an iPhone, but what I wanted was a good interface for web browsing on a phone and plan I could afford - and until the iPhone, mobile internet here in Australia was pretty damn poor. It still is, but no more do I have to pay $15 for 5MB of data.

Oh sure, there are things like the HTC touch (with windows mobile... yerk) or blackberries, but I can't get any of them for anywhere near the same price because the iPhone was subsidised by Apple. I'm a poor student, I can't afford to sp

Re:

[frdmfghtr (603968)]

I already had ATT so wtf do i care about jail breaking.

You're confusing jailbreaking with unlocking.

Jailbreaking=running third-party apps from sources other than the app store. Lots of people have jailbroken phones that are still SIM locked to AT&T. I used to have one until I sold it on eBay.

Unlocking=using a wireless carrier other than AT&T.

Re:

[Kooty-Sentinel (1291050)]

Argh! I didn't want to post anon :(