Verizon Blackberry GPS Hack

Thu, 08 Oct 2009 15:08

Ever since I got my first Verizon Blackberry I have been pissed off that Verizon ships the device, that I paid my hard earned money for, in a crippled fashion. Verizon chose to ship the device with the GPS disabled so that you can't use it without paying them 10$ a month. It could have been 1$ a month and I would have been angry about it, but 10$ a month to use a piece of GPS hardware that doesn't even use their network is just ludicrous.

Well, I've been doing quite a bit of research into mobile devices recently (for other reasons not listed) and came across some documentation that demonstrates exactly how to enable the GPS for free. I've copied it here for posterity; this is not my research, but it's certainly cool enough that I'll post it here to every Verizon phone user to read.

1. Enter your device's engineering screen. On the Storm press and hold the back arrow hard key and press the top left, top right, top left, top right of the touch screen. Then enter the code generated from http://absolous.no-ip.com/projects/escreen/. Other models may differ.
2. Choose Radio Engineering Screens (Multi) -> GPS -> GPS Options -> Operation Mode and set the value to "Standalone".
3. Save by pressing menu and choosing save.
4. Enjoy your now working free GPS and make sure to send Verizon the middle finger.

Addendum:

Python escreen generation code:
#!/usr/bin/env python

import hmac
import hashlib

pin = 'ffaa0000' # Device PIN [XXXXXXXX]
app = '4.6.0.100 (233)' # OS Application version [n.n.n.n (n)]
uptime = '12345' # Uptime in seconds
duration = 30 # Duration for key to last [1, 3, 6, 15, or 30]

lifetime = {
1: "",
3: "Hello my baby, hello my honey, hello my rag time gal",
7: "He was a boy, and she was a girl, can I make it any more obvious?",
15: "So am I, still waiting, for this world to stop hating?",
30: "I love myself today, not like yesterday. I'm cool, I'm calm, I'm gonna be okay"
}

secret = 'Up the time stream without a TARDIS'

data = pin + app + uptime + lifetime[duration]
hash = hmac.new(secret, data, digestmod = hashlib.sha1)
key = hash.hexdigest()[:8]

print key

Reference:

http://feisley.com/2009/09/26/blackberry-escreen-keygen/

Home | Tags: infosec | Category: /infosec | Link

About:

Tyler Shields
Creator/Philosopher/Slacker

Personal:

Homepage ~txs
Twitter Feed
txs_ Twitter RSS Feed

Tweet Tweet:

Calendar:

Categories:

/ (143)
  book_reviews/ (7)
  generic/ (35)
  humor/ (22)
  infosec/ (69)
  poker/ (3)
  programming/ (6)
  rants/ (1)

Book List:

05/2010::100% Done
Run for Your Life, by James Patterson and Michael Ledwidge

05/2010::100% Done
Chelsea Chelsea Bang Bang, by Chelsea Handler

04/2010::100% Done
My Horizontal Life A Collection of One-Night Stands, by Chelsea Handler

01/2010::100% Done
The Girl Who Played with Fire, by Steig Larrson

10/2009::100% Done
The Lost Symbol, by Dan Brown

more...

Pimping: