Challenge for the community: Custom OTA using a femtocell.

bobbiac

Well-known member
Nov 21, 2010
65
2
0
Visit site
Okay so I have a crazy idea. AT&T has their MicroCell device for one's home. It effectively becomes the nearest cell tower when in range. So... instead of rooting your phone... why not write a custom firmware for the MicroCell that accepts a man in the middle attack on connected phones.

Here is how I see it. We would have to write a program / linux liveusb image that would actually inject the OTA payload. Then, we need to figure out how to send it throughout the femtocell; be it via a custom firmware or signing our payload. Finally, we send a custom ROM (cynogen or w/e) as a fudged OTA.

The challenge I have is this: Update a phone without actually altering any permissions or software on said device, using the over the air mechanism.


Can it be done? Sure. Is it worth it? That is for us to find out.

DISCLAIMER: I do not advise voiding your warranty by hacking your devices. I have a minute amount of coding experience and wouldn't attempt this myself. (Nevermind altering software without a lengthy guide and scripts / programs to do the lifting.) This is not for the feint of heart.
 
Last edited:

igotsanevo4g

Retired Moderator
Jul 31, 2010
3,396
601
113
Visit site
Not possible because unless your devices is rooted, you cannot fudge the custom software to look like a carrier ota. The signature cannot be forged.
 

ls377

Well-known member
Aug 6, 2010
1,462
268
0
Visit site
Not possible because unless your devices is rooted, you cannot fudge the custom software to look like a carrier ota. The signature cannot be forged.

+1. Plus, if you could make it look like an OTA, you could just do it over wifi or manually update the device.

The OTA signature check is only between the phone and the software. Where it comes from/through doesn't make a difference.
 

Forum statistics

Threads
942,842
Messages
6,916,153
Members
3,158,685
Latest member
flyveleder