Hardware Hacking Guide — Citizen Engineer

Solderingfool writes "MAKE Magazine's Phil Torrone and open source hardware hacker Ladyada from Adafruit Industries have a new video series called 'Citizen Engineer.' In the first video they show how a SIM card works, then build a SIM card reader which could be used to clone a SIM card. They also show how to use an old payphone as a regular home phone, later with coins, and for their final hack — how to 'Redbox' it. They released all the projects as open source, and the video is well produced."

How long will it take for the FBI to ride?

[VincenzoRomano]

I understand that they are just exploiting holes in design and implementation of telco stuff (SIMs, payphones, telco billing system),
Maybe the fact that a hole is there doesn't mean you can expoit it.
And, finally, does FBI understand it?

Re:How long will it take for the FBI to ride?

[Shaitan Apistos]

Maybe the fact that a hole is there doesn't mean you can exploit it.

I've seen a lot of videos on the internet that suggest there's no such thing as a hole you can't exploit.

Re:

[VoyagerRadio]

FBI, Schmeff-Bee-Aii. I hope they get Woz on their series, doing his thing: phone hacking or whatever. The stuff he used to do, back in the day, applied to today's phone technology. VoIP spoofing? (Somebody help me out here: what was the hack that Woz is known for -- the phone hack, that is?)

Re:

[VoyagerRadio]

Oh, and I'm not referring to the Danger Hiptop...Woz is known to have had experience with other phone hacks...

Re:

[Tsen]

Not all of them, actually. There was still a analog switching station vulnerable to phreaking operating in Minnesota until 2006. There's still phreakable switching stations in much of South America, and cell phreaking is growing rapidly.

Re:

[zerkon]

I think what you are referring to is Woz's involvement Phone Phreaking with Captain Crunch (aka John Draper)

It isn't on Woz's WP article, but I'm pretty sure there were some mentions of it in his book (iWoz I think it was called)

Re:

[VoyagerRadio]

That's right, phone phreaking, that was it. Heard about that years ago; IIRC it was on a TechTV show which Woz guest hosted. Either that or some interview with Woz. But yes, phreaking yes by God, that was it!

Re:

[Tsen]

Phreaking, though he was just an enthusiast (albeit a famous one), not a real phreaking pioneer. His Blue Box is on display, in the Smithsonian, I think. Wiki here: Phreaking [wikipedia.org]

Re:

[negRo_slim]

And, finally, does FBI understand it?

To the issues of 2600 at the book store in the mall, to the anarchist's cookbook and to the old text file archives of yore this information has been around for as long as we've wanted to learn it. Sure the FBI (or some other organization) might puff up with hubris but I doubt it and in fact I think it's high time we start seeing more things like this. And I think this place [hackaday.com] is a good start...

Re:

[negRo_slim]

The also had this same story [hackaday.com] back on the 19th...

Hole what hole?

[TheLink]

Why would it be wrong for me to backup my own SIM?

Re:

[Anonymous Coward]

Backing up your own SIM is perfectly legal, these are your data after all. Cracking your SIM to extract or modify operator keys is something else: since the card belongs to your operator you are not supposed to crack it open.

Anyway, cracking a smartcard is a very difficult and costly operation. Smartcard manufacturers took special care of making these tamper-resistant, so that the cost of extraction outweighs the gains by a very large factor. Without specialized hardware and complete specs from the manufact

Re:

[Free the Cowards]

The card belongs to the operator? Really? When I gave T-Mobile $5 and they gave me a SIM, they were actually... what? Renting it to me?

Re:

[Free the Cowards]

When I throw that SIM away, do they then come after me? Do I have to give it back to them when I'm finished with it?

This just makes no sense to me. I don't recall anything in the terms of service which said that they still owned the SIM (although I didn't read them very carefully) and it certainly appears to be mine as far as what I can do with it and who will or will not prosecute me if I do certain things with it.

Re:

[I'm not really here]

So explain to me how when I bought a phone at best buy (that was an "AT&T only" phone) and it came with an AT&T sim card (I already had my own at home with all of my information on it), that I was not required to then return this piece of hardware? If I am renting it, why can I buy any old sim card and activate it with AT&T? Why can I go into a store and have them copy my sim to a new card, transferring all data? (Yes, they erase the old one, but I still keep the hardware.)

Basically, from my

Re:How long will it take for the FBI to ride?

[Manip]

The video contains no holes in SIMs, Payphones, or the telco billing system.

Did you even watch it?

She had to rewire the phone in order to get a red box to work because modern phones keep the microphone unpowered before you pay.

A SIM reader isn't illegal or even really a black hat thing to do.

Re:

[Mike McTernan]

Well they did brute force the secret key (Ki [wikipedia.org]) from their SIM using the reader they build, but as they said, newer SIMs will detect the high number of requests and self-destruct. Additionally this was a 5V SIM reader, and many modern SIMs are 3V in anycase.

The only thing that worried me in the video was the quality of the soldering!

Mike

Re:How long will it take for the FBI to ride?

[ladyada]

From all the documentation I have read on smart cards, 3V (and 1.8V) cards are an extension of the 5V SIM spec. That is, they work at 5V as well (but with higher power usage, of course). If you have specific documentation otherwise, please post it. Secondly, I assure you the quality of my soldering is excellent (ie http://farm1.static.flickr.com/149/332269259_21900c5a01_b.jpg [flickr.com]), but the lighting and video makes perfboard-soldering (ie http://itp.nyu.edu/physcomp/images/tutorials/perfboard/solderaperf26.jpg [nyu.edu]) look bad

Re:

[Mike McTernan]

Hmm, you could be right, not sure. I was thinking of 3GPP 21.111, section 9 "Electrical characteristics and transmission protocols":

"Electronic signals and transmission protocols shall be in accordance with the specifications in TS 31.101.
The electrical specifications shall at least cover the 1.8V and 3V voltage ranges as specified in GSM 11.12 [9] and GSM 11.18 [10]. Lower voltages may be added in the future. 3G terminals shall not support 5V on the ME-UICC interface."

Linky: http://www.3gpp.org/ftp/Specs/ [3gpp.org]

Re:

[0100010001010011]

I know RTFA is a bit hard, but did you even see what they were doing?

"Modify a retired payphone so it can be used as a home telephone and for VoIP (Skype). Then learn how to modify the hacked payphone so it accepts quarters - and lastly, use a Redbox to make "free" phone calls from the modified coin-accepting payphone."

So they first show you how to use a retired home phone for personal use. Then how to set it up to accept coins (you own the phone). Then how to redbox the phone you own.

At the bottom they sho

SMI reader kit is for sale

[echucker]

On their sister site - http://www.adafruit.com/index.php?main_page=index&cPath=27 [adafruit.com]
$17 seems pretty reasonable to me.

Re:

[account_deleted]

Comment removed based on user account deletion

Payphones? Redboxes?

[strelitsa]

1981 called - it wants its meme back.

Re:

[pimpimpim]

really, it seems to be about making a payphone yourself and then hacking it. Quite of useless. In any case the video halts for me after a minute or so, maybe a server overload? Or crappy video flash format.

Re:Payphones? Redboxes?

[jeiler]

Hacking in its purest form is not necessarily about being "useful," but about being interesting--an interesting hack may have no intrinsic utility whatsoever, but allows a person who is curious to do something that is new ... to them, at least.

Re:

[strelitsa]

Fair cop. I hack and restore old tube-type radios myself.

Re:

[DNS-and-BIND]

Funny, back when I was redboxing fortress fones, we did it for one reason: because we had to. We would have mercilessly ridiculed any dilettante who said he was building a redbox just for the knowledge. What knowledge is there to be had by following instructions off some text phile you d/l'd off some pirate BBS, anyway?

Re:

[ibbie]

What knowledge is there to be had by following instructions off some text phile you d/l'd off some pirate BBS, anyway?

... Uhm. Plenty.

TLDR: Documentation is a Good Thing.

I have to agree. If you didn't already know how to do it, then those instructions taught you how to do it. In fact, correct me if I'm wrong, but I thought that was the point of a tutorial: Teaching you how to do something.

The Linux Documentation Project [tldp.org], at least, seems to think so.

Normally I'm in favor of elitism, but when one goes to the extent of saying, "There's no point in this documentation because anyone worth anything already knows it." they're going a tad too fa

Re:

[tehcyder]

I think the GP meant knowledge in the sense of contributing something new to the world i.e. if an individual just copies instructions they are adding nothing of value even to themselves, other than how to follow instructions.

This is analogous to script kiddies who don't even have to understand the damage they're doing, so there's no hacking involved.

Re:

[Narpak]

One way to archive practical experience is to practice.

Say I like to draw, if I want to get better at it I have to draw a lot. One way to get better is to get instructions; books, articles, videos and so on. By following instructions downloaded from the net, or listed in a book, you learn how to do it.

So without any great knowledge about this particular subject I can still see the benefit for someone interested in the field to thinker and tweak to increase their knowledge.

Re:

[StormReaver]

"1981 called - it wants its meme back."

1985 called - it wants its jokes back.

Why video?

[heptapod]

Online video is a waste of time and bandwidth unless it's porn.
I can easily skim an article and review a diagram much quicker than watching a video. Text also provides an easier point of reference than fast forwarding and rewinding a video to find a pertinent bit of information.
When it comes to online media the best innovation is no innovation at all.

Re:Why video?

[ZeroExistenZ]

Online video is a waste of time and bandwidth unless it's porn.

It's geekporn. A geeky girl, soldering, throwing together electronics and showing you her enthousiasm for hacking and electronics? This *IS* porn.

Why do you think there aren't as much reactions?

Re:

[KGIII]

I know she may read this and that I may get modded down for this but I really didn't find her all that attractive. Rather than state my reasons for that, which might be considered insulting, I'll add that I did find her work to be well done and I actually watched the entire video. I guess, to me, I wasn't watching to be educated but rather to get ideas that I might want to research later and to be entertained for a while. I, for one, appreciated the video for the content and the fairly decent editing and re

Re:Why video?

[syousef]

It's geekporn. A geeky girl, soldering, throwing together electronics and showing you her enthousiasm for hacking and electronics? This *IS* porn.

Dude! That was terrible porn. I mean she used Windows! Windows for crying out loud!!! And did you see her solder joints? They were messy and horrible! No way that reader's going to go the distance!

Re:

[Heather D]

It's geekporn. A geeky girl, soldering, throwing together electronics and showing you her enthousiasm for hacking and electronics? This *IS* porn.

Hear, Hear.

Re:

[Chemisor]

> Online video is a waste of time and bandwidth unless it's porn.

Not necessarily. Personally, I found the video quite educational. I've never seen someone assemble a circuit board before, having learned to do it from a book, and I have learned a few things by watching her do it.

Re:

[Majik Sheff]

For me it was more of an affirmation. My first thought was: "hey, that looks exactly like a lot of my quickie projects!"

It is interesting to encounter someone who has similar traits to your own.

In Latin class several of us had to translate some sentences on the chalkboard. When I sat back down at my desk and looked up I noticed that I couldn't tell where my (incredibly bad) handwriting stopped and the handwriting of a girl I had a crush on began. It was kind of spooky.

Re:

[Narpak]

Online video is a waste of time and bandwidth unless it's porn.

If a video is without interest it don't get watched; thus it only consumes space and not bandwidth as such. If it gets watched it uses bandwidth; but then if it gets watched it's obviously of interest to someone.

Re:

[the 1337 ag3nt]

Online video is a waste of time and bandwidth unless it's porn. I can easily skim an article and review a diagram much quicker than watching a video. Text also provides an easier point of reference than fast forwarding and rewinding a video to find a pertinent bit of information. When it comes to online media the best innovation is no innovation at all.

Sounds like somebody is upset that they still have dial-up.

Re:

[t0y]

Because they don't want to?

Re:

[taniwha]

sigh - you don't understand geek street cred - they're not applying for a job, nor VC money - if they were they'd drop on the suit.

Ada runs her own business, selling stuff to geeks, she understands her market - it isn't guys in suits

Re:

[Al Dimond]

And I've never understood why so many businesses that want and need competent programmers make them dress like tools and fit into a corporate culture that that's actually harmful to good engineering practice. But they do.

Fortunately I haven't worked for such companies; I know a few people that have, in various industries. I don't know why they take the jobs, just to be unhappy there, but they do.

Re:

[strelitsa]

There are $ome $pecific $ide benefit$ that u$ually accompany employment at tho$e companie$ with $ane, rea$onable and profe$$ional dre$$ code$.

In my business life, the parking lots at the companies where everybody dresses like Larry the Cable Guy seem to be full of Ford Escorts and Kia Rios. Conversely, the lots at the IBMs and Microsofts of the world seem to have a higher percentage of Lexii, BMWs and Harley dressers.

Video ends too early

[Easy2RememberNick]

I watched the entire (HD) video and I was all set to see the last part where she has the old payphone release the coin after a call is complete.

  "Time to try it out..." at 23:40 the HD video ends but the non-HD version continues on for another seven minutes.

  Other than that it's great, I've always been a fan of Ladyada since seeing her cellphone jammer project.

Re:

[ptorrone]

this is now fixed, vimeo tells me that their videos sometimes do that if the sound is 48khz, so we changed it to 44khz and it's fine now, plays to the end, thanks for catching that.

And those who are lazy

[saikou]

Could skip all this "build your own" stuff (ok, read it thoroughly) and buy one of those chinese-made SIM card duplicators for about 20 bucks. Or a USB reader for even less.
Because, you know, you don't always have to build stuff :)

Re:And those who are lazy

[KGIII]

Oh man but the beautiful thing about having done it yourself is that you've done it yourself and learned a lot in the process. What you made might not be perfect but it is your creation.

I have made many things from wood and they exist in houses around the area, some even across the country. (Some stuff went to Germany but I don't think I had much to do with that project.)

I had a 2000 Ford Explorer Sport that turned the lights on automatically. That got totalled (no I wasn't driving it). I got a 2001 model of the same vehicle but the mirror didn't have the sensor. Dash drilling and several weeks later (figuring on a failed attempt too and wondering how I'd cover the hole I'd drilled prematurely) and the sensor is embedded in the dash *with a timer even* so that it works properly and doesn't just randomly turn the lights on when the vehicle goes under a shadow. (It was tougher than I had anticipated and my mishaps were plentiful.)

Either way, it is something you did. Something only you did. Even if you go the directions from a site (I probably should have but didn't find one) the result is still your work and you will have learned so much from just having done so and (I think) will appreciate it so much more.

Re:

[I'm not really here]

I wholeheartedly second this.

Re:Open Source? Not exactly.

[ladyada]

"They released all the projects as open source" means that the project information - code, schematics and layout - are open source. See: http://ladyada.net/make/simreader/download.html [ladyada.net] (The payphone schematics will be up soon, also CC 2.5 BY-SA)

Re:

[Psyrg]

Cheers for the link, I was trying to catch a glimpse of the full schematic in the video but I didn't get to see it. Awesome stuff though - you're doing the hacking that I can't seem to find the time or resources to do anymore.

Out of curiosity, I've noticed the the I/O electronics for the SIM reader looks a bit like Dallas One Wire - but it has been years since I've designed anything for that so I'm not sure. Is it DOW?

Re:

[ladyada]

Oddly enough, its TTL serial (9600 baud) with a shared RX and TX line. The TX half is open collector so you need a pullup.

Re:

[Psyrg]

The pullup you had on your diagram is what made me wonder if it was Dallas one wire - it uses a very similar schema. Since you are using a serial port I did think it might be just plain old serial, but with a fast enough serial port you can emulate a 1-wire connection. A few years back I did a similar trick using a PIC micro and a 1-wire clock. We used these parts as size was a constraint - it was for the Key Phantom USB key logger.

Anyway, I'll keep an eye out for your next episode. Cheers!

Any dial the numbers?

[shadoelord]

Anyone else dial the numbers in the "last 10 phone calls"? One is from here in Atlanta!

2186813390 (80?)
4046296500
8003444539
6464653692

Re:

[shadoelord]

Note: The 800 number is digikey :)

Re:

[shadoelord]

218 ends in 80, its digikey's fax.
404 is for McMaster-Carr parts(?): http://www.mcmaster.com/#contact [mcmaster.com]

Lost all respect for Make

[Gothmolly]

When they had an article about adding a PID controller to the heater on a home espresso machine. The so-called geek who wired it in used an off-the-shelf IC that did the whole thing for you, and admitted that he had no idea what it was or how it worked, just that it did.

Um, thats what Walmart shoppers do. Geeks and engineers UNDERSTAND things, how else do you think anything gets made? "Make" degenerated into the Mythbusters level after the first year.

Re:

[Free the Cowards]

I suppose you make your own RAM, know exactly how every one of the 500 million transistors on your CPU is wired, and bake your own bread?

It's perfectly acceptable to simply accept that an IC does what it's specced to do without knowing why. Comparing it to a Wal-Mart shopper is asinine.

Re:

[story645]

I suppose you make your own RAM, know exactly how every one of the 500 million transistors on your CPU is wired, and bake your own bread?

Of course. He also built the powersupplies for all his tech toys, and refuses to use NAND IC's* (instead wiring his own.) He can even give the circuit diagram for his computer and trace all the voltage and current in it.

*For every single lab course I've ever had, we always used IC's for logic. I'm not sure you can buy a single nand gate, unless it's an educational kit for kids or something.

I just had to wire up an amp for a lab, and it's not something I plan to do again unless absolutely necessary 'cause th

Re:

[inasity_rules]

Surely you need some understanding of a control theory to use a PID? Otherwise you'll end up with weird over/under shoots. Not that it matters for coffee, but still.. What did he do? Just use the reference circuit from the datasheet?

Re:

[ptorrone]

the screw needed to be loosened before it could hold the clips for the phone (i edited this and cut it short). limor isn't an actor, she's an engineer - follow the links and you'll see all of her projects and work.

Re:

[DarKlajid]

Uhm.. A WHOOOOSH might be necessary here.

a) Either look at that part of the video or stop commenting: All screws are prepared already (i.e. loosened) and the part I was mocking is the one connecting the third screw/last two wires. She has no problems attaching the wire (the screw doesn't need to be loosened anymore) and turns the screw in the wrong direction afterwards.
b) I know that this is "real". I was trying to be funny. You messed it up.

Well. Here I am trying to start fun. Yes, it's nitpicking and the

Re:"Geek girl" that doesn't know how to screw righ

[ptorrone]

@DarKlajid - when women give examples of why they're not so interested in being part of a community like this, or even go in to the technical fields your comment about a "geek girl that doesn't know how to screw" pretty much symbolizes why. i realize it's a joke, it's just not that funny. to joke like that and then say it's fake to discount her ability as an engineer would make any person steer away from putting themselves out there to be made fun of. yes, it's a joke. i don't take it seriously, it's easier that way. something to think about, each one of us can be the change we want to see in the world...

Re:"Geek girl" that doesn't know how to screw righ

[ladyada]

yes i'm reading the comments here and i dont think its very funny either. the only reason girls seem to be 'resistant' to these sorts of comments is because those that dont like it leave or are shunned.

Re:

[Digital Pizza]

Thank you for responding and sticking up for yourself. I wish that more women would do likewise instead of just quietly leaving, as you say.

Re:

[ptorrone]

just because everyone is doing something like making jokes about women doesn't mean it's ok - why not be positive? if you want to see more diversity here, why not encourage it? why should someone need to be "resistant" to sexist jokes? i suppose any ethnic group or gender could get used to any amount of teasing, but why should it be that way? it's 2008 - maybe time to change?

Re:"Geek girl" that doesn't know how to screw righ

[John Whitley]

In fact, most girls that are into nerdstuff are quite resistant to all those jokes.

You are Legend..-arily clueless. Are you so blind that you don't realize this belief is self-fulfilling? I've known quite a number of women that really just don't want to put up with this disrespectful boys' locker-room crap... and they find other things to do. Spelling it out: insensitive bozos like you keep repelling bright creative minds from all manner of disciplines. STOP IT!

Re:

[nawcom]

Aw what is with this site? Are lesbians automatically modded down because they want to have a little fun with the subject matter who is female? You, mods, need to work on your tolerance certification.

Re:

[KGIII]

I'm going to call you on that one. Would you have said the same thing if it had been a male who'd said it or would you have thought them to be sexist? The reality is that the gender of the person in the video really shouldn't matter one bit.

Re:

[KGIII]

I know, this is /. but if you don't mind... Just this once...

Sexist pig!!!!

I wanted, I even tried to resist after a preview, but I so have to send this as I may never get to do this again.

Nice videos, but...

[NateTech]

All that stuff has been easily learned by anyone with the ability to READ for a long time now. What's the big deal?

Now some lazy ass can sit on his couch and be entertained by the THOUGHT of actually hacking on something by some folks on the pretty flashy LCD panel across the room.

Wanna hack? Build a workbench, turn the TV off, and grab a good book. [amazon.com]

would it been easier

[recharged95]

to get a used cheap nokia phone off ebay ($6.99), a nokia serial cable and just write software to access the sim contents? i.e. reusing an old phone as a sim reader?

though novel and educational, I don't see the reason for the effort when I can use existing h/w.

Re:

[ladyada]

accessing a SIM thru a cell phone is almost always done at the application layer...you can read and write SMS's but you can't 'undelete' or see low-stuff information like the the last-accessed cell tower location