[bobbiac]

Okay so I have a crazy idea. AT&T has their MicroCell device for one's home. It effectively becomes the nearest cell tower when in range. So... instead of rooting your phone... why not write a custom firmware for the MicroCell that accepts a man in the middle attack on connected phones.

Here is how I see it. We would have to write a program / linux liveusb image that would actually inject the OTA payload. Then, we need to figure out how to send it throughout the femtocell; be it via a custom firmware or signing our payload. Finally, we send a custom ROM (cynogen or w/e) as a fudged OTA.

The challenge I have is this: Update a phone without actually altering any permissions or software on said device, using the over the air mechanism.


Can it be done? Sure. Is it worth it? That is for us to find out.

DISCLAIMER: I do not advise voiding your warranty by hacking your devices. I have a minute amount of coding experience and wouldn't attempt this myself. (Nevermind altering software without a lengthy guide and scripts / programs to do the lifting.) This is not for the feint of heart.

[CarrierUnlock]

How does this involve android unlocking?

[bobbiac]

last i checked i pm'ed a mod to move this ...

[igotsanevo4g]

Not possible because unless your devices is rooted, you cannot fudge the custom software to look like a carrier ota. The signature cannot be forged.

[ls377]

Not possible because unless your devices is rooted, you cannot fudge the custom software to look like a carrier ota. The signature cannot be forged.

+1. Plus, if you could make it look like an OTA, you could just do it over wifi or manually update the device.

The OTA signature check is only between the phone and the software. Where it comes from/through doesn't make a difference.