YouTube home Comedy Week on YouTube
Upload

#HITB2012AMS D1T2 - MuscleNerd - Evolution of iPhone Baseband and Unlocks

Hack In The Box Security Conference Hack In The Box Security Conference·103 videos
1,312
33,852
Like     Dislike 2

Sign in to YouTube

Sign in with your Google Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to like Hack In The Box Security Conference's video.

Sign in to YouTube

Sign in with your Google Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to dislike Hack In The Box Security Conference's video.

Sign in to YouTube

Sign in with your Google Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to add Hack In The Box Security Conference's video to your playlist.

Published on Jun 16, 2012

----------------------------------------­----------------------------------------­----------------------
#HITB2012KUL (OCT 10-11) REGISTRATION NOW OPEN
http://conference.hitb.org/hitbseccon...
----------------------------------------­----------------------------------------­----------------------

Presentation Materials: http://conference.hitb.org/hitbseccon...

Since the first iPhone in 2007, the baseband that Apple uses for cellular communications has evolved in terms of both hardware and software. Some of the changes were minor but others were quite drastic and obviously aimed at deterring carrier unlocks. This paper details the most interesting of the changes and what effects they've had on both software-based unlocks and hardware-based SIM interposers. In addition to comparing the most recent baseband against its own earlier hardware and software incarnations, we compare it to other current Qualcomm handsets and discuss the ramifications of changes Apple has made to the traditional Qualcomm baseband boot sequence. This presentation will cover:

Baseband ROP: Overview of the role ROP plays in software unlocks like yellowsn0w and ultrasn0w. Comparison to ROP on the main Application-side CPU (jailbreaks). Why ROP wasn't even necessary on the first generation of iPhones.

Software Unlocks vs. Hardware Unlocks: How iPhone software unlocks differ from those using hardware SIM interposers. Which layers of the baseband are exposed to each, and how the exploit development environment differs. Description of even more radical hacks like baseband chipset retrofitting and what Apple has done to prevent them.

iPhone4 DEP: How Apple implemented DEP with specific hardware changes on the iPhone4 baseband, and what went wrong. How ultrasn0w was made to work despite aggressive hardware-based DEP.

Operating Systems: So far, Apple has used 3 completely different baseband operating systems in the iPhone line. Description of which parts Apple tends to customize and why. Comparison of past and present custom command parsing.

Infineon vs. Qualcomm: Discussion of the transition from Infineon baseband chipsets to Qualcomm chipsets. Comparison of the older serial-based AT interface (still used on many other handsets) to the USB-based QMI used by the iPhone4S.

Activation Tickets: Detailed description of the "activation ticket" Apple uses to authorize use with specific (or all) carriers. How activation tickets interact with the traditional PIN-based NCK codes. Contrasting activation tickets and baseband tickets.

Baseband Tickets: Details on how Apple authenticates software updates to the baseband. Comparison of baseband tickets to "ApTickets" that Apple now uses on the main Application CPU to control software changes. Why baseband tickets provide even strong protection than ApTickets. The role of nonces in both the baseband and main application CPU.

iPhone4S: What we've learned so far about the iPhone4S baseband. Overview of changes Apple has made to the original Qualcomm bootrom. How the iPhone4S baseband boot process differs from most other Qualcomm-based handsets. Which features the iPhone4S baseband has in common with other handsets and which have been removed. Description of the current attack surfaces, and comparing iPhone4 vs iPhone4S hardware-based protection mechanisms.

ABOUT MUSCLENERD

Member of the iPhone Dev Team, providing free jailbreaks and carrier unlocks since 2007. Our most popular programs have been redsn0w and PwnageTool for jailbreaks, and AnySim, yellowsn0w, and ultrasn0w for unlocks.

The interactive transcript could not be loaded.
Ratings have been disabled for this video.
Rating is available when the video has been rented.
This feature is not available right now. Please try again later.

Top Comments

  • Miketyler1015

    Miketyler1015 11 months ago

    An I was thinking this whole time he had a pineapple face

    · 11

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate Miketyler1015's comment.

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate Miketyler1015's comment.
  • TechHigh24

    TechHigh24 1 month ago

    His face is now UntetherdxD

    · 3

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate TechHigh24's comment.

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate TechHigh24's comment.

All Comments (31)

Sign in now to post a comment!
  • danatopereira

    danatopereira 2 months ago

    are u paying his salary? is anybody paying him at all for that?

    there u got ur jailbreak

    because of ppl like u, sometimes i wish he actually stopped jailbreaking so he could "work out" more and there wouldnt be comments like this.

    thank him for doing it, because its not his job, not his obligation

    ·

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate danatopereira's comment.

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate danatopereira's comment.
    in reply to goforkranthi79 (Show the comment)
  • goforkranthi79

    goforkranthi79 4 months ago

    Looks like Musclenerd's focussing on working out than jailbreaking!! Where is iOS 6 jailbreak??!!

    ·

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate goforkranthi79's comment.

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate goforkranthi79's comment.
  • iamDani3l

    iamDani3l 5 months ago

    looks like his face was booting tethered when he took that pic on twitter

    ·

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate iamDani3l's comment.

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate iamDani3l's comment.
  • iPhoneTy

    iPhoneTy 5 months ago

    I half expected a pineapple to give the speech.

    ·

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate iPhoneTy's comment.

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate iPhoneTy's comment.
  • Denis Le Court De Billot

    Denis Le Court De Billot 6 months ago

    He should do ASMR videos !

    ·

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate Denis Le Court De Billot's comment.

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate Denis Le Court De Billot's comment.
  • agentmax699

    agentmax699 7 months ago

    he is LEGEND :)

    ·

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate agentmax699's comment.

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate agentmax699's comment.
  • ILIK3HATERZ

    ILIK3HATERZ 7 months ago

    his face has been jailbroken , no longer a pineapple !

    ·

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate ILIK3HATERZ's comment.

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate ILIK3HATERZ's comment.
  • blackw1z4rd

    blackw1z4rd 11 months ago

    Maybe it's because they didn't want to let u hear something :(

    ·

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate blackw1z4rd's comment.

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate blackw1z4rd's comment.
    in reply to Almighty shO (Show the comment)
  • Loading comment...
Loading...
Advertisement
Loading...
Working...
Sign in to add this to Watch Later