Elliott C. Back: Technology FTW!

This is interesting, and at the same time scary. According to Engadget, Apple’s Fairplay (TM) DRM has been hacked for the new iPhone 3G App Store, and the applications themselves are appearing on torrent sites:

There’s also a more traditional crack which allows apps to be stripped of DRM and shared without using iTunes, although you’ll have to jailbreak your phone to do it. The first app to be widely pirated is Super Monkey Ball, which isn’t surprising, and it seems like several other apps have followed it out onto various torrent sites. In addition to the relatively simple jailbreak procedure, running cracked apps requires you to open up SSH access and do some mucking around, so unless your time is worth less than $10, it’s probably not worth it.

The latest apps appearing on a torrent search for iPhone include Crash Bandicoot Nitro Kart 3D, Super Monkey Ball, iBeer, and Enigmo, a total (so far) of $32.96 of potential revenue destroyed by hackers.

The original post at Haklabs, Super Monkey Ball iPhone - Cracked, explains the motivation for the hack:

After the WWDC ‘08 Keynote, everyone wanted this iPhone game, it received almost as much hype as the iPhone itself. Super Monkey Ball from SEGA definitely has some good qualities, however it does have some bad qualities as well. First off, this game costs $9.99 which might be a little steep for some.

1. Make sure you are on firmware 2.0
2. Download the Super Monkey Ball Cracked file and extract the .ipa file from the archive to your desktop.
3. Drag and drop the Monkey Ball.ipa file into the iTunes application folder and wait for it to install.

So because an irate iPhone user believes the Super Monkey Ball game costs too much at $9.99, he creates a hacked version and gives it away for free. I actually paid for Super Monkey Ball, because it’s one of the few applications worth my $9.99, and I advise you to as well. If there’s no financial market for creating great iPhone applications, the entire market will suffer, and we’ll have crappy apps to run on our $400 phones.

The process of updating your 1.1.4 first-gen iPhone to 1.2.0 is simple. Even though the official winpwn release for Windows and the iPhone 3G isn’t out yet, here’s what you need to do to unlock, jailbreak, and upgrade your 1.4 iPhone to the 2.0 3G firmware!

[STEP 1] Download Winpwn 1.0.0.3 RC1 from the official source, or my local mirror. The filename is winpwn_1.0.0.3_RC1_Setup.zip; after you download it, download Apple’s 1.1.4 firmware, choose that ipsw from the “browse .ipsw” button, and click “iPwner” to WinPwn it. You’ll see something like this:

7/20/2008 4:10:49 PM - This is winpwn ver.:1.0.0.3 RC1
7/20/2008 4:10:50 PM - Apple Mobile Device Support Version 2.0.0.33 installed.
7/20/2008 4:11:01 PM - Debug level:1
7/20/2008 4:11:02 PM - Debug level:0
7/20/2008 4:11:02 PM - Debug level:1
7/20/2008 4:11:10 PM - File from: iPhone1,1_1.1.4_4A102_Restore.ipsw
7/20/2008 4:11:10 PM - Recognized as:iPhone1,1_1.1.4_4A102_Restore.ipsw Type: IPSW_iPhone
7/20/2008 4:11:10 PM - Be sure to connect an iPhone!
7/20/2008 4:11:13 PM - Failed to load image catalog
7/20/2008 4:11:34 PM - Failed to load payload catalog
7/20/2008 4:13:09 PM - Setting up iPhone device object
7/20/2008 4:13:09 PM - Registering callbacks
——————-
7/20/2008 4:13:10 PM - Unzipping .ipsw file to Application Data\cmw\winpwn\1.0.0.3\ipsw
7/20/2008 4:13:10 PM - Found device product id:4752
7/20/2008 4:13:10 PM - iPhone connected
7/20/2008 4:13:15 PM - OK
7/20/2008 4:13:15 PM - Creating ramdisk
7/20/2008 4:13:16 PM - Padding ramdisk
7/20/2008 4:13:16 PM - Ramdisk successfully created
7/20/2008 4:13:17 PM - Putting iPhone into recovery mode.
7/20/2008 4:13:17 PM - AMDeviceEnterRecovery res:0
7/20/2008 4:13:21 PM - iPhone disconnected
7/20/2008 4:13:29 PM - iPhone entered recovery mode
7/20/2008 4:13:30 PM - Sending ramdisk to iPhone.
7/20/2008 4:13:31 PM - Transfer took 1734.375ms
7/20/2008 4:13:31 PM - Modifying environment…
7/20/2008 4:13:31 PM - Starting pwnage
7/20/2008 4:13:41 PM - iPhone left recovery mode
7/20/2008 4:14:44 PM - Found device product id:4752
7/20/2008 4:14:44 PM - iPhone connected
7/20/2008 4:14:44 PM - Your iPhone has been pwned

[STEP 2]: Now you need to BootNeuter your phone. Using the Installer.App download an install it. Instruction on how to neuter the bootrom can be found on the dev team’s site. It’s quite easy, just run the app, select Neuter, and hit the “Flash” button.

[STEP 3]: Update iTunes to 7.7, if you haven’t already. Get a hold of a 2.0 firmware made with iPWNAGE 2.0 for the Mac. Firmwares, for example, are available on torrent file sharing sites.

[STEP 4]: Shift-click the “restore” button in iTunes and select the custom firmware you obtained above. Thanks to PWNAGE 2.0, you now have a first-gen iPhone running the 2.0 firmware, with full ability to run games and apps from the iTunes Application store! Enjoy Super Monkey Ball!

I am running through these steps right now on my first-gen iPhone, and so far everything works as advertised. Of course, I’m not responsible if something does go wrong and bricks your iPhone…

Update: If you have trouble getting your wallpaper to show up, or just see a black background, connect to the iPhone via SSH or from a terminal on the phone itself, delete private/var/mobile/Library/LockBackground.jpg, and restart. You’ll be able to set your own wallpaper.

Update 2: It’s official, WinPwn for Windows XP has been released, so just go use that!

Also, you should check out How to Unlock the iPhone 3G on Google Knol.

How long will it be before someone can actually unlock the iPhone to work with other carriers? The iPhone OS passwords have already been cracked, according to a forum post on Hackintosh by sam, who claims:

The password for root is “alpine”
The “mobile” user accounts password is “dottie”

They’ve also found the encrypted restore image, which contains the machine’s instructions to run. If they can find a way to decrypt, modify, and replace it, they should be able to make the iPhone sing and dance. The other options is a mysterious service called Unlock Your Apple iPhone Today which claims to unlock “75% of all the iPhone we have currently tested with unlock codes generated from the phones IMEI.” Then again, they look like a spam operation, so trust them with your IMEI if you dare.

The sad thing is that even when someone unlocks the iPhone and gets it to work on another network, it doesn’t even have 3G support for fast internet, and the new provider probably won’t be able to provide data services, visual voicemail, or any other compelling iPhone features. Unlocking your iPhone is the same as bricking it.

According to an informal engadet poll, 40% of iPhones aren’t working properly, and another 12% had problems with activation. Those numbers are right, almost 50% of iPhones have activation problems! For those of you still waiting, the activation screen of glory looks just like this:

Here’s a few activation tips for you guys:

Activate with two iPhones

You’ll need two iPhones. Plug one into iTunes and select “I am a new AT&T Customer” and choose to activate “2 or more phones on an individual or FamilyTalk plan.” After you get the activation complete email, plug in the second iPhone and select “I am an existing customer” then “replace a phone on my account with this iPhone.” Reuse the earlier number and activate your second iPhone. When you plug in your second iPhone it will unlock for use but without an assigned number or account.

DVD-Jon’s Hacked Activation Server

You’ll need to install UltraEdit-32 and iPhoneActivationServer 1.0. Open iTunes.exe with UltraEdit and change the following offsets and values:

Offset 2048912, value 33C0C3
Offset 257074, value 28
Offset 257013, value 33C9B1

Open c:\windows\system32\drivers\etc\hosts and add the line “127.0.0.1 albert.apple.com.” Then run DVD Jon’s activation server, open itunes, and plug in your iPhone, which will activate automatically in about 60 seconds.

The Prepay Method

Buy an iPhone but don’t sign up with AT&T for any of their plans as of yet. Plug it into iTunes with 999-99-9999 as your SSN, and you’ll fail the credit check. At this point you can pick a GoPhone prepayed plan, and zip over to the AT&T GoPhone funding page to add some money to your card. Don’t fund it over the phone or set it up with actual AT&T employees, or it won’t work and you will be sad.

Calling AT&T

Call the customer support at 1-800-331-0500. If you’re coming from an old number or account try getting in contact with an AT&T state Number Porting office (1-888-898-7685). The number 1-877-800-3701 is supposed to be good, if not overwhelmed. The after hours number is 1-866-801-3600.

Reboot!

Turn off your iPhone and remove the SIM card. Cycle it, put the SIM back in, and turn it on again.

Ping like mad

You might think plugging in your iPhone to sync it with iTunes is good enough, but actually according to rc3, you should leave it plugged in until it activates. A support tech with AT&T told him that the activation system works by pinging the queue of unactivated iPhones. If your phone is not connected, you’ll lose your place and have to start over!

According to a Reuters story, the activation issues are solved, but I don’t believe them:

About 2 percent of those who bought iPhones since they went on sale Friday faced delays in activation with AT&T, the exclusive U.S. service provider for the widely anticipated cell phone, according to a source familiar with the matter. By Monday, those issues were mostly resolved, AT&T spokesman Mark Siegel said. “We have resolved nearly all of the issues and we feel confident this is behind us now,” Siegel said. “One by one, we worked to resolve (the problems) and now nearly all of them have been resolved.”

Yeah right… well, hope these tips help! Feel free to leave your complaints / sucess stories in the comments.

Wow! A blog of mine running Wordpress 2.0.4 just got hacked. The attacker, without logging in, was able to inject a bunch of spam links into three of my posts. I caught the attack because I read my own Wordpress feeds, and noticed the update. The IP address the attacker used was 64.252.168.207. Here is the timeline of his penetration into my poor, but out of date, Wordpress installation:

1) Visit Video Games Blog pretending to be Googlebot
2) Visit random pages just to confuse me
3) Visit the three target pages (1, 2, 3)
4) Grab the nonces from wp-admin/post.php?action=edit
5) Use the nonces to do something weird to /wp-admin/inline-uploading.php?action=view
6) Post to the regular edit page

If you don’t want to be hacked, here’s what you need to do:

• Upgrade to the latest version of Wordpress (2.0.10 in my case)
• Remove crap you don’t need. If you’re not using comments, remove wp-comments-post.php. If you don’t know what xmlrpc is, remove wp-xmlrpc.php as well.
• Permission your files. If you are on a shared host, it’s especially important that you don’t make your wp-config world read/writable, or anyone can steal your database login information, or just overwrite it with their own.

If you’re interested, here’s the full server log, as a text file: wordpress-hack-log.txt. The attacker didn’t compromise or access any other services, just used the web interface to insert his spam into my post.