Once more a bad news to start the day with. Not necessarily for what this crack does but because we are reminded that PlatSec is needed, that the world is not full of innocent developers looking for the best solution to a end-user's problem but there are also lot of people who start the day with the revelation that there's something stupid to be done today, let's do it. And they do.

I don't read that forum and I am not about to register on it just to read about the hack. The whole finding is useless to any decent developer, and I claim to be one of those.

Tote, the Carbide.c++'s free edition is called Express. It is the developer that uses it that is the Expert ;)

For a second there I thought you were about to reveal some major security breach.

So, you can make the software do something it wasn't supposed to with system level debugging. No surprises there.

I don't completely agree with ltomuta on this one though. People trying to hack a really good security architecture is like people trying to climb a really high mountain. They do it because it's there and they like a challenge.

I think PlatSec as implemented on the devices is good and needed. I'm not so convinced about the system for who gets what certificates and how and confusing the qualtiy certification program with the security mechanism.

Back to sleep for now - hopefully there'll be some good news in this area sometime soon.

Mark

Hi there,

I agree with Mark that only good software gets cracked and this is actually something we could already calculate with. This solution is very limited and I think the damage that can be done is not too big, either.

Life goes on, :)

Tote

I believe that there could be a bit more to it than what the immediate disadvantages you list here make it look like.

To me, the interesting point seems to be that MetroTRK apparently has sufficient capabilities to compromise platform security in principle - keep in mind that it is only a remote "agent" that normally does the bidding of the Carbide server on the PC, but it could just as well get its commands from another source.

So the interesting question is whether the severity of this would change if, say, someone managed to give MetroTRK the "right" commands from an application running on the phone itself (simulating what otherwise Carbide would send, after analyzing the protocol in the same way that other over-the-wire formats were reverse-engineered).

But as you say, it is indeed surprising how long it took for people to try these kinds of attacks, compared to how quickly the first iPhones were "jailbroken". 3rd Edition has been on the market for much longer and in much greater numbers, and yet this is still miles away from any kind of "turnkey" solution...

Don't you think that symbiansigned changes have something to do with it?

One door is closed, another one will open. It's inevitable.

They already made an X-plore ver for installing into \sys\ folder. That ver have enouth capabilities for browsing protected folders and work even after phone reboot. They say what they soon will be able to patch software directly on device. Looks like this is the end of Symbian shareware?

Source: http://forum.sgh.ru/topic26966s120.html#

I register blank user for everyone who whant get attached files from that thread.
User: temp_reg
Password: temp_reg

@Marcus: you hit the nail on the head. I could not imagine that such a software exist that can have access to very sensitive resources. Perhaps it does not expose such an API that enables 3rd-party software to make use of the API *on the device*, not to mention that even if it does, then accepted sw must pass a strict security check.

@truf: it would help if the article (discussion board topic) you were referring to was not in Russian.

It's not a new version of xplore, just a change in capabilities assigned to the exe and a new hash. This is how the AllFiles capability survives the reboot - but it's not the best solution since you can no longer write to /sys - for that you need TCB which means a server. Once that is done, then it really is bye bye symbain signed.

@truf: Please, provide more information *in English*. I don't know anything about the solution as long as it's described in Russion.

(yes, I'm commenting under an account from bugmenot.com since I can't be arsed to register just to comment on this)

Personally I think this is really good news. After all the user should have the final say in what they do with their own device which they paid good money for. I do agree that most users are clueless, but that shouldn't be a reason enough to restrict those who really know what they're doing (and make money via the certification process while at it).

It would be great if there was, say, a physical jumper in the phone's mobo which would enable a special "developer mode" in which the phone allows all capabilities to be granted by the user. Accessing this jumper would require you to disassemble at least a bit of the phone's casing which should keep away most of the clueless, especially if it voided your warranty. This way the whole system would not reek simply of a giant money-making scheme.

I for one will not be updating my E90's firmware until it's sure the next version can be hacked too.

Also, it doesn't require expensive tools anymore, and it works for FP1 phones too now (my E90 v7.40.1.2 for example).

The person who discovered the hack wrote a Python script which emulates the PC debugging interface so you don't need the CodeWarrior or Carbide IDE on your PC, and the TRK SIS package which you install to your phone is available for free from: http://tools.ext.nokia.com/agents/index.htm

I don't know if you're allowed to install and use those linked SIS packages without being properly licensed, though.

I think I'll write a C program based on the Python script so that people on Windows will not have to bother with installing Python + the 2 required add-ons (users on *nix systems are much more likely to already have it).

It's really kind of you to take care of Symbian crackers. Hope you can feel the irony from my words.

Damn, now I realize how stupid I am. My hacked phone just started crashing. Is is because of the new software update messing with the hack or have I got a virus? How do I solve this? Is my phone warranty void now? I'm f***ed.

...It seems you really can't understand the issue... These "Symbian crackers" are the legal owners of their legally bought mobile phones. And being their own property they are allowed to handle them in the way they want to - and this implies using phones' full capabilities - without being forced to pay someone (Symbiansigned) to allow these capabilities.