Free 3G/EDGE internet on any T-Mobile phone without a data plan

Well, the secret is out. I refreshed my iPhone’s Cydia to find somebody selling “free T-Mobile Internet access”. I knew immediately what the method was, as I’ve been using it for almost a year now. Since it’s now public, and T-Mobile will close the hole anyways, I might as well help you save your money from these crappy “services”.

So what’s the “bug” that allows free internet? It seems like the stupidest thing in the world, and I’m almost certain that some technician left it in on purpose. Basically, any URL with the word “tmobile” is accessible without a data plan. (as long as your APN is set to epc.tmobile.net) So all you have to do is make a proxy site (aka PHProxy) with “tmobile” somewhere in the URL (tmobile.yoursite.com or freehost.com/tmobileproxy) and it would be accessible via your phone.

It gets better. As far as I know, the above is the only thing that’s “leaked”. Here’s some new information: the method above only allows web site browsing, there is a way to 1) not use a slow and unreliable proxy, and 2) work with all HTTP apps on the phone other then web browsers. If you append the string “?tmobile” at the end of the URL, it loads without fail. So just install a local proxy (like Privoxy, or a custom one) on your iPhone (or whatever smartphone) which adds “?tmobile” to the end of the URL (or “&tmobile” for pages with GET requests) and it will work.

If you don’t get a word I said, don’t worry. When I have time, I’ll post my custom proxy written in Python, or even post an iPhone Cydia package.

P.S: This method only works with HTTP requests (not HTTPS, or any other protocol). I have another, slower method of getting access to everything, but I’m not ready to reveal it yet.

New projects and new ads

Remember the two scripts I’ve posted earlier in the week? Well, I finally have the time to formally insert them into the database, so here they are:

http://www.yifanlu.com/p/psn_update_finder

http://www.yifanlu.com/p/facetime_surveillance

Also, I’ve finally had it with Google Adsense. They banned me for no legitimate reason. Google said that my PSN Update Finder (and “maybe other similar pages”) was “in violation of our program policies”. After re-reading their policies, I still don’t know which policy I supposedly broke, and emailing them only got a reply that is the same message. Therefore, I’m now trying out new ad networks, seeing which is the fastest, most non-intrusive, and the most relevant. If you see any intrusive ads or malware ads, please send me an email and I will take care of it. Thanks.

OSX FaceTime auto-accept script

Another quick half-hour script I wrote. This is an AppleScript that lets you use FaceTime as a video monitor. Just run the script in background, and whenever you want to see your house, just do a FaceTime call to your iMac and the script will accept it.

Assumptions:
1) Nobody else knows your Mac’s FaceTime email. Make it secret, or people can spy on you by calling your email.
2) You haven’t resized FaceTime. I’m lazy so, it closes FaceTime whenever the window size is 638 by 585.

http://pastebin.com/yb3ak41s

joshpong_screen

Load Creative Zen V Plus’s firmware on your Zen V

So thanks to a Napster promotion, I’ve got a free 1GB Creative Zen V. If you know anything about me, you’d know that the first thing I did was pop open IDA Pro, and see what I can make this device do that it’s not made for doing. After some quick Googleing, I’ve noticed there’s no modifications or anything for this POS music player. However, I did notice that Creative sells a higher priced player that plays videos too. Anyways, enough talk, here’s how to turn your Zen V to a Zen V Plus (NOTE: You still won’t get radio because it’s not in the hardware)

Directions:

  1. Download the ZEN V Plus firmware 1.32.01 here. It’s last update was in 07, so I don’t think there’s going to be a newer version, but if there somehow is, follow the “DIY” instructions in the next section to do it manually.
  2. Make a copy of the ZENVPlus_PCFW_L22_1_32_01.exe file you just downloaded. Name it ZENV_Patch.exe.
  3. Patch ZENV_Patch.exe with this IPS file using any IPS patching utility.
  4. Run ZENV_Patch.exe and let it reboot your Zen V.
  5. Now, you should be getting an error on the device. THIS IS NORMAL. The firmware update should fail and put you in recovery mode.
  6. In recovery mode on the Zen, choose “Reload Firmware”
  7. Now, on your PC, force quit ZENV_Patch.exe and open up ZENVPlus_PCFW_L22_1_32_01.exe
  8. Wait until the update is done, and your Zen V is now a Zen V Plus!

DIY

Now, how does this work? Well, basically the first “firmware update” with ZENV_Patch.exe makes the device think it’s a Zen V Plus, and the second update with the official file actually copies the firmware on. ZENV_Patch.exe is just the Zen V Plus updater hex-edited to run on the Zen V. You can make your own ZENV_Patch.exe by taking the official update, opening a HEX editor, and replacing every instance of “C.r.e.a.t.i.v.e. .Z.e.n. .P.l.u.s” to “C.r.e.a.t.i.v.e. .Z.e.n” (Please note that the periods represent the ASCII character 00 (null)). After doing so, the updater will accept the Zen V.

Now, maybe one day, I’ll port RockBox or something to it…

Compiling the Linux kernel for Amazon Kindle

So, I recently bought a Kindle 2. As usual, the minute it arrived, I ripped it apart, poked every chip, and then started to reverse engineer the damn thing. Wait. I didn’t have to! I found this out days late, after messing with IDA Pro. Amazon has generously released most of the back end code for the Kindle as open source. (The front end, aka the stuff you see, is written in Java and we might get to that another day). So I decided to compile my own Kindle kernel. Why? Why not. Here’s how:

Part 1: Prerequisites

  • Get a root shell of your Kindle. If you don’t know, Google “usbNetworking”
  • A Linux computer for compiling code
  • Amazon’s sources for your version of the Kindle: http://www.amazon.com/gp/help/customer/display.html?nodeId=200203720
  • An ARM cross-compiler. You can compile Amazon’s code, or if you’re lazy, use CodeSourcery’s precompiled toolchain: http://www.codesourcery.com/sgpp/lite/arm
  • The following packages, get them from your distro’s repo: libncurses-dev (for menuconfig), uboot-mkimage (for making the kernel image), and module-init-tools (depmod)

Part 2: Compiling the kernel

  1. Extract the source to anywhere. If you can’t decide, use “~/src/kernel/” and “cd” to the source files.
  2. Now, you need to configure for the Kindle, type “make mario_mx_defconfig
  3. Edit the “.config” file and look for the line that starts with “CONFIG_INITRAMFS_SOURCE“. We don’t need that, delete that line or comment (#) it out.
  4. Here’s the part were you make all your modifications to the kernel. You might want to do “make menuconfig” and add extra drivers/modules. I’ll wait while you do that.
  5. Back? Let’s do the actual compiling. Type the following: “make ARCH=arm CROSS_COMPILE=~/CodeSourcery/Sourcery_G++_Lite/bin/arm-none-linux-gnueabi- uImage”. This will make the kernel image. I assume you installed CodeSourcery’s cross compiler to your home folder (default). If your cross compiler is elsewhere, change the command to match it.
  6. Compile the modules into a compressed TAR archive (for easy moving to the kindle): “make ARCH=arm CROSS_COMPILE=~/CodeSourcery/Sourcery_G++_Lite/bin/arm-none-linux-gnueabi- targz-pkg” (again, if your cross compiler is installed to a different location, change it).
  7. For some reason, depmod refuses to run with the compile script, so we’re going to do it manually. Do the following “depmod -ae -F System.map -b tar-install -r 2.6.22.19-lab126 -n > modules.dep” Change 2.6.22.19-lab126 to your compiled kernel version.
  8. Open modules.dep up with a text editor and do a search & replace. Replace all instances of “kernel/” with “/lib/modules/2.6.22.19-lab126/kernel/” (again, use your version string). I’m not sure this is needed, but better safe then brick.
  9. Now copy arch/arm/boot/uImage, linux-2.6.22.19-lab126.tar.gz (or whatever your version is), and modules.dep to an easy to access location.

Part 3: Installing on Kindle

  1. Connect the Kindle to your computer, and open up the storage device. Copy the three files you moved from the previous part to your Kindle via USB.
  2. This part is mostly commands, so get a root shell to your Kindle, and do the following commands line by line. Again, anywhere the version string “2.6.22.19-lab126” is used, change it to your kernel’s version. Explanation follows.

mv /mnt/us/linux-2.6.22.19-lab126.tar.gz /mnt/us/modules.dep /mnt/us/uImage /tmp

mv /lib/modules /lib/modules.old

cd /tmp & tar xvzf /tmp/linux-2.6.22.19-lab126.tar.gz

mv lib/modules /lib/

chmod 644 modules.dep

mv modules.dep /lib/modules/2.6.22.19-lab126/

/test/flashtools/update-kernel-both uImage

sync

shutdown -r now

Wow, that’s a lot of commands. What did that do? Well, line by line:

  1. Move the files we compiled to the temp folder. That way, we don’t have to clean up.
  2. Back up the old kernel modules
  3. Go to the temp folder and untar the modules
  4. Install the modules
  5. Correct the permissions for the modules.dep file (in case something happened after copying from your computer)
  6. Move the module dependencies list to it’s correct folder.
  7. Flash the kernel (I don’t know why it has to be flashed twice to two different partitions, but if you don’t, it won’t load, maybe sig checks?)
  8. Make sure everything is finished writing
  9. Reboot