Hacker Cracks Lumia Bootloader, Offers Tool For Root Access and Custom ROMs (hothardware.com)

← Back to Stories (view on slashdot.org)

Hacker Cracks Lumia Bootloader, Offers Tool For Root Access and Custom ROMs (hothardware.com)

Posted by timothy on Saturday November 28, 2015 @01:27AM from the even-more-yours dept.

MojoKid writes: Microsoft and Nokia have worked hard making Lumia smartphones difficult to break into at a low-level, but software hacker Heathcliff has just proven that it's not impossible. He's just released a solid-looking tool called Windows Phone Internals, and it can do everything from unlocking the bootloader to replacing the phone's ROM. WP Internals is a completely free download, though Heathcliff welcomes donations by those who've found the tool useful. According to the "Getting Started" section of the tool, supported models include Lumia 520, 521, 525, 620, 625, 720, 820, 920, 925, 928, 1020, and 1320. If your model is not on the list, the developer has said that he hopes to add more models in the near future.

72 comments

Min score:

Reason:

Sort:

Landfill-saving hero by drinkypoo · 2015-11-28 01:31 · Score: 3, Insightful

Hopefully this will lead to other operating systems being ported to these devices, which could make them useful for a variety of applications. A Lumia 520 is currently at a low of $25 used on eBay, and perhaps you can get them even cheaper if you lurk.

--
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
1. Re:Landfill-saving hero by binarylarry · 2015-11-28 01:43 · Score: 1, Troll
  
  Yeah if someone could get Android installed on them, they might actually be usable devices.
  
  --
  Mod me down, my New Earth Global Warmingist friends!
2. Re:Landfill-saving hero by pereric · 2015-11-28 01:50 · Score: 3, Interesting
  
  Or imagine them running an updated Maemo (from the N900), or some similiar full-sized and well-designed operative system.
3. Re:Landfill-saving hero by Billly+Gates · 2015-11-28 01:56 · Score: 3, Funny
  
  Funny I was thinking the same thing with my crappy slow and buggy samsung galaxy thats stuck with Android.
  WindowsPhone is the best mobile OS I ever used with a superior UI that never crashes, freezes, or glitches and runs 400 to 500% faster. My 820 which inferior hardware to my Galaxy S 5 was so much faster. To this day cut and pasting calander events with conference calls with pins is not possible with Android. You need to write down the pin with paper and a pen.
  The same sheep who choose Windows 98 over linux are the same choosing Android over Windows Phone.
  
  --
  http://saveie6.com/
4. Re:Landfill-saving hero by binarylarry · 2015-11-28 01:58 · Score: 0
  
  That's awesome bro.
  
  --
  Mod me down, my New Earth Global Warmingist friends!
5. Re:Landfill-saving hero by binarylarry · 2015-11-28 01:59 · Score: 1
  
  I owned a Nokia Maemo N series device and it really doesn't compare with iOS and Android devices.
  I definitely wouldn't want to go back to that.
  
  --
  Mod me down, my New Earth Global Warmingist friends!
6. Re:Landfill-saving hero by serviscope_minor · 2015-11-28 02:10 · Score: 4, Funny
  
  The same sheep who choose Windows 98 over linux are the same choosing Android over Windows Phone.
  I think I speak for everyone reading this post when I say: u wot m8?
  
  --
  SJW n. One who posts facts.
7. Re:Landfill-saving hero by jbssm · 2015-11-28 02:23 · Score: 1
  
  Windows runs way better in such a low spec mobile phone compared to Android.
  Running Android 5 in my Moto G with 1GB RAM was hell, slow to a crawl after opening some apps or some browser tabs. Now imagine doing that in a 512MB phone like the Lumia 520.
8. Re:Landfill-saving hero by smittyoneeach · 2015-11-28 02:49 · Score: 1
  
  I saw "U Wot M8?" open for "The Synthetic Doohickeys" in Tampa in '07.
  
  --
  Get thee glass eyes, and, like a scurvy politician, seem to see things thou dost not.--King Lear
9. Re:Landfill-saving hero by Anonymous Coward · 2015-11-28 03:42 · Score: 0
  
  a superior UI that never crashes, freezes, or glitches and runs 400 to 500% faster.
  It does. Pretty common issue (at least 920 and some 8xx, I think it was 800) was that the lock screen glitched in a way that you couldn't unlock it unless you pressed pretty much every button (usually the search button ended up unstucking it). I also managed to crash the phone at times. It was especially bad after some update (Cyan?) when using the keyboard with word flow enabled. IIRC there was about 80% chance of the phone restarting if I accidentally swiped some keys when writing normally. It got fixed eventually.
10. Re:Landfill-saving hero by Anonymous Coward · 2015-11-28 03:51 · Score: 0
  
  maybe Sailfis and not Maemo?
11. Re:Landfill-saving hero by Anonymous Coward · 2015-11-28 04:03 · Score: 0
  
  That's because Windows Phone in all of its forms is just a slight modification to the same old Windows-for-ARM kernel they've been using since the beginning of Windows CE on the Pocket PC. It could run on a 10MHz device with 1 MB of RAM. A modern GHz-or-more device with a GB of RAM or two is going to scream.
  The main thing that changed between Windows Mobile 6.5 and Windows Phone 7 was that the ABI was no longer compatible, and they didn't provide a shim layer. They broke it again between WP7 and WP8. This hints at some massive under-the-hood changes for the kernel itself, but probably not anything that makes it considerably slower on modern mobile hardware.
  I work with Windows Mobile 6.5 devices frequently, since WinMo is used for many rugged barcode scanning devices. We recently started upgrading from the Intermec CN50 to the CN51. Sounds like not a big deal, but... The CN50 is an ARMv4i device with a 200-300MHz processor, 256MB of RAM, 384MB of on-board storage (IIRC, that is), and a standard (for WinMo Pro) 320x240 screen resolution. The CN51 is an ARM7 device with a 1.1GHz processor, 1.5GB of RAM, 16GB of on-board storage (again, IIRC), and a 800x640 screen resolution. That's a big jump in capabilities, and there's one specific reason for it: The CN51 has the option of running Android 4.4. We continue to use Windows Mobile on ours, because that's the platform all of our custom software is written for. And believe me, nothing slows down on the CN51's when you use WinMo. Ever. It's so over-powered for WinMo it's not even funny.
  And that's why Windows Phone/Mobile/whatever-they're-calling-it-today is so much faster than any other mobile OS. It has 20 years of development behind it. Android has made huge strides lately, but aside from the UI, it's just now getting to where Windows was in about 2005. Android is seriously about 10 years behind Windows.
12. Re:Landfill-saving hero by Anonymous Coward · 2015-11-28 04:51 · Score: 0
  
  The OS is actually not bad. It's just that app makers don't really consider it a target market.
  And that's not really a good thing.
13. Re:Landfill-saving hero by Anonymous Coward · 2015-11-28 07:12 · Score: 0
  
  Let me know when Microsoft gets a version of Windows phone that a) doesn't have spyware and b) has a noteworthy application library.
  Until then, it's completely worthless and I'll continue using AOSP.
14. Re:Landfill-saving hero by Anonymous Coward · 2015-11-28 07:13 · Score: 0
  
  They don't have an Android sized battery. My Lumia 520 has a 1430mah battery. That will only run Android for approximately 20 minutes.
15. Re:Landfill-saving hero by Anonymous Coward · 2015-11-28 07:33 · Score: 0
  
  Oh, you'll have to do far better than that to earn your check from Microsoft.
16. Re:Landfill-saving hero by Pax681 · 2015-11-28 08:21 · Score: 1
  
  Or imagine them running an updated Maemo (from the N900), or some similiar full-sized and well-designed operative system.
  I had an N900.. fucking great idea.. terrible execution of that idea.
17. Re: Landfill-saving hero by Anonymous Coward · 2015-11-28 08:47 · Score: 0
  
  400-500% faster you say? Hmm interesting.
18. Re:Landfill-saving hero by Anonymous Coward · 2015-11-28 10:40 · Score: 0
  
  Why would anyone install the laggiest OS in the world on a cheap phone? Keep WP (now WM again) if your primary goal isn't to run lot's of apps.
19. Re:Landfill-saving hero by Anonymous Coward · 2015-11-28 11:26 · Score: 0
  
  That's your opinion, but I still use a N900 due to nothing else replacing it completely. I suppose that's a slightly different example of nothing "comparing" with it.
20. Re:Landfill-saving hero by Anonymous Coward · 2015-11-28 14:15 · Score: 0
  
  Until then, it's completely worthless and I'll continue using AOSP.
  Which still makes frequent contact with Google. (Seriously. Look at the code or Wireshark the phone.) It's just a matter of who you're comfortable with spying on you.
21. Re:Landfill-saving hero by WaffleMonster · 2015-11-28 17:46 · Score: 1
  
  WindowsPhone is the best mobile OS I ever used with a superior UI that never crashes, freezes, or glitches and runs 400 to 500% faster. My 820 which inferior hardware to my Galaxy S 5 was so much faster. To this day cut and pasting calander events with conference calls with pins is not possible with Android. You need to write down the pin with paper and a pen.
  Windows phone is the most oppressive piece of spyware Microsoft has ever released.
22. Re:Landfill-saving hero by Billly+Gates · 2015-11-28 19:04 · Score: 1
  
  Right because Google always has your best interests at heart
  
  --
  http://saveie6.com/
23. Re:Landfill-saving hero by Anonymous Coward · 2015-11-28 19:44 · Score: 0
  
  Which still makes frequent contact with Google.
  Uhh, no, it does not. You don't know what you are talking about.
24. Re:Landfill-saving hero by Anonymous Coward · 2015-11-28 19:49 · Score: 0
  
  Google provides an open source alternative. Microsoft does not. That's looking out for users a hell of a lot more than Microsoft ever has or ever will.
25. Re:Landfill-saving hero by Anonymous Coward · 2015-11-28 19:51 · Score: 0
  
  Windows runs way better in such a low spec mobile phone compared to Android.
  It's easy to run on lower specs when your phone doesn't actually do anything, lol.
26. Re:Landfill-saving hero by drinkypoo · 2015-11-29 00:35 · Score: 1
  
  Right because Google always has your best interests at heart
  Google released Android as Open Source, so I could look out for my own best interests. And I do; I load an alternate ROM on every device I own. Even if this tool lets you do that with Windows on Lumia phones, you still won't have the sources to what you're running, so you'll still be worse off in the best case... which ought to be Microsoft's slogan by now. "Microsoft: Worse off in the Best Case". Of course, Truth won't sell their crap.
  
  --
  "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
27. Re:Landfill-saving hero by Anonymous Coward · 2015-12-01 03:54 · Score: 0
  
  (Seriously. Look at the code or Wireshark the phone.)
  Uhh, yes, it really does. Have you tried any of the above suggested actions, yet?
28. Re:Landfill-saving hero by Anonymous Coward · 2015-12-01 04:12 · Score: 0
  
  To be clear, you know that AOSP is written and hosted by Google, right? Some modified versions of AOSP clean this aspect up more than others, but some don't (CM still contacts Google).
29. Re:Landfill-saving hero by beastofburdon · 2015-12-07 04:09 · Score: 1
  
  I was about to call you out on how stupid you were, until I noticed your username, you magnificent troll.
All 13 owners were ecstatic! by Anonymous Coward · 2015-11-28 01:34 · Score: 3, Funny

n/t
The real question by Anonymous Coward · 2015-11-28 01:52 · Score: 0

Does it run linux?
1. Re:The real question by Anonymous Coward · 2015-11-28 21:54 · Score: 0
  
  If you are willing to work at it then, probably. You can probably find a compiled kernel for it to get you started. If not, you can do it yourself. You'd probably have to compile a lot of things and getting it to actually be a phone and have all the hardware work might be a problem but you can find dialer code, etc.
  I guess, then, the real question is - is it worth the time, effort, and probably limited functionality? Well, maybe - that's up to you to decide. Me? Nope. Not in a million years. I actually recently got a Windows phone and, it pains me to admit it, I did so of my own free will and am pretty happy with that choice.
Will Lumias become usable? by Anonymous Coward · 2015-11-28 01:55 · Score: 0

Can I boot Android into them?
1. Re:Will Lumias become usable? by Anonymous Coward · 2015-11-28 02:05 · Score: 0
  
  Forget Android. I switched to Windows Phone to escape all the malware. Maybe Cyanogenmod, but better yet, Ubuntu Phone (I like the Maemo idea, too).
2. Re:Will Lumias become usable? by NotInHere · 2015-11-28 02:16 · Score: 2
  
  The easiest way to escape malware is to not download random stuff from the internet. Android has the play store and f-droid, both good places to get malware free apps, the linux distros also have their software repos, filled with non-malware software. And the only problem was that windows had no such repo.
3. Re:Will Lumias become usable? by jbssm · 2015-11-28 02:25 · Score: 1
  
  Why? Windows is much, much, much, much more optimized to run in such low spec devices than Android. True, windows seriously lacks in apps, but the ones that exist run much better.
4. Re:Will Lumias become usable? by Anonymous Coward · 2015-11-28 03:33 · Score: 0
  
  windows doesn't support old devices.
5. Re:Will Lumias become usable? by ArchieBunker · 2015-11-28 03:34 · Score: 1
  
  Some phones come with malware installed from the factory. Especially the cheap Chinese models.
  
  --
  Only the State obtains its revenue by coercion. - Murray Rothbard
6. Re:Will Lumias become usable? by Billly+Gates · 2015-11-28 04:42 · Score: 1
  
  Or just use a secure platform. Hint it's not Android.
  
  --
  http://saveie6.com/
7. Re:Will Lumias become usable? by Billly+Gates · 2015-11-28 04:43 · Score: 1
  
  What Android is optimized for well anything???
  
  --
  http://saveie6.com/
8. Re:Will Lumias become usable? by NotInHere · 2015-11-28 04:46 · Score: 1
  
  Most of the malicious apps just use the privileges the user gives them, without any exploitation of zero days or so. Combined with the shitty update situation of android, you get the mess currently present. But if you have a phone that's supported by a reliable ROM vendor like CyanogenMod, you can keep your phone updated and malware-free.
9. Re:Will Lumias become usable? by NotInHere · 2015-11-28 04:49 · Score: 1
  
  Some phones come with malware installed from the factory.
  Just install a trustworthy ROM without google play and other, more obvious, malware. Of course, you have to buy a device with existing alternative ROM support, the number of supported devices is usually very small.
10. Re:Will Lumias become usable? by arglebargle_xiv · 2015-11-28 21:20 · Score: 0
  
  Forget Android. I switched to Windows Phone to escape all the malware.
  That's only because you've also escaped all the apps. No worthwhile targets = no malware.
It's for x20 models by Anonymous Coward · 2015-11-28 02:12 · Score: 0

which are the original 8.0 phones, going back to early 2012. It's not a download me and let me make you right again, it's, download me and grab your ankles because either you or your phone will be Assanged in a most violent way.
Re:Root is for Cows by tepples · 2015-11-28 02:45 · Score: 1

And don't let the wildebeest trample you on the way out.
the higher level point by Anonymous Coward · 2015-11-28 02:54 · Score: 0

Microsoft and Nokia have worked hard making Lumia smartphones difficult to break into at a low-level
If people keep buying these devices - from ANY company and with whichever OS - which treat their owners like the enemy who must be kept from having control - than in the end, that is the way everything will be. Even desktops are trending in this direction, but also the vast majority of phones and tablets, and soon, all the IoT devices.
If you want a future where a multinational corporation controls all your computing devices, by all means, keep buying this shit.
1. Re:the higher level point by Opportunist · 2015-11-28 04:12 · Score: 3, Insightful
  
  Soon people will have to break the laws to own what they buy.
  For everyone who has ever wondered just why the decks in cyberpunk stories and games are so horribly expensive when technology is so pervasive (and hence should be cheap): They're devices that the owners own. Which is probably by the time these stories play already a grey area by itself, and certainly these things are not mainstream.
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
2. Re:the higher level point by retchdog · 2015-11-29 15:41 · Score: 1
  
  huh. i might consider accepting pervasive soul-crushing DRM if it meant that i could kill somebody over the internet.
  
  --
  "They were pure niggers." – Noam Chomsky
Windows 8 phone by Anonymous Coward · 2015-11-28 02:58 · Score: 0

Doesn't matter anymore, it's windows 8 mobile. I wouldn't be surprised if someone finally made it to show Microsoft the vulnerability, or Microsoft leaked it to get more ideas.
Was close to buying one by ArchieBunker · 2015-11-28 03:26 · Score: 1

I needed a new phone and these Lumia models were dirt cheap. What stopped me was the ability to block ads either via browser or hosts file. I ended up buying an Android phone from Leagoo.

--
Only the State obtains its revenue by coercion. - Murray Rothbard
Hacker Cracks by Anonymous Coward · 2015-11-28 03:33 · Score: 0

Doesn't that makes him a cracker?
Sailfish in Lumia by Anonymous Coward · 2015-11-28 03:55 · Score: 0

Lumia is Nokia hardware.
So, can we install Sailfish to run it?
https://sailfishos.org/
My boss gave me a lumia by Anonymous Coward · 2015-11-28 04:05 · Score: 0

It was dead cheap. I forget the model. Under $100. It has 2gb ram and I think 2 cpu cores. It's running Windows 8. It can update to Windows 10.
It's dead fast. The Ui is really nice. I played with it for a while. It's an ok phone. The OS seems solid.
I tried to run our corporate web apps on it and failed. Firefox, iOS, android all work. Google chrome works.
The windows phone could not even render the home screen properly. Seems like a JavaScript issue.
Besides this, it's a really powerful and cheap phone. And it works great with exchange. It got mail and showed me reminders and events.
1. Re:My boss gave me a lumia by Tough+Love · 2015-11-28 09:55 · Score: 1
  
  Good Android phones under $100 are everywhere now, check out Huawei.
  
  --
  When all you have is a hammer, every problem starts to look like a thumb.
2. Re:My boss gave me a lumia by Anonymous Coward · 2015-11-28 14:38 · Score: 0
  
  How about under $30?
I hope he didn't buy his phone with a credit card by Opportunist · 2015-11-28 04:09 · Score: 2

MS doesn't really like people tampering with their OSs. And doing a background check on everyone who bought a phone should be trivial, considering the annual meeting of the windows phone users happens in the phone booth next to the Android convention...

--
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
No, it uses standard Windows kernel by Myria · 2015-11-28 04:50 · Score: 3, Interesting

That's not true. WinPhone uses an ARM port of the same NT kernel used on desktops. It's essentially the same kernel as used on the Windows RT tablets, which had a desktop.
I know this because I managed to load an unsigned kernel driver using my CVE-2015-2552 exploit long before this release.

--
"Screw Sun, cross-platform will never work. Let's move on and steal the Java language." - Visual J++ Product Manager
1. Re:No, it uses standard Windows kernel by Anonymous Coward · 2015-11-28 06:22 · Score: 0
  
  WinCE ran on an ARM port of the desktop NT kernel long ago. It's all the same. The difference is that there were some rather large limitations on WinCE that they removed or relaxed when they rewrote it for WP7 (such as the 32MB process space memory limit). That broke ABI compatibility, but didn't change the fact that WinCE always was NT ported to ARM. WP8 corrected a few hang-ups that they missed during the WP7 update, and broke ABI compatibility again. (Proving that WP7 was truly a rushed screw-up OS if there ever was one...)
  WinRT is just the same old Win-on-ARM system as before, but with the WinRT library (confusing names! yay!), which is just a fancy update to COM that plays extra-nice with .Net COM Interop and doesn't require shim libs or heavy use of the managed runtime's marshaler to sling data structures back and forth between COM and managed code.
  I bet you could do the same exploit on WinCE with minimal changes.
  The fact that WinCE is just a pared down WinNT is evident by the way Win32 on CE handles various enumerations, structures, and other Win32 API calls. The bits and pieces are all present, but many of them are marked in MSDN with "does not work on Windows CE" or "for Windows CE use only".
They will just uninstall it by Stan92057 · 2015-11-28 05:38 · Score: 3, Insightful

And whats to stop MS from uninstalling the program? They started uninstalling programs on Win 10 without permission what to stop them from doing this?

--
Jack of all trades,master of none
1. Re:They will just uninstall it by Anonymous Coward · 2015-11-28 06:11 · Score: 0
  
  I think the point of this is to remove Microsoft's operating system and install something else altogether. At that point, no MS software would be on said Lumia at all.
2. Re:They will just uninstall it by twistofsin · 2015-11-28 06:12 · Score: 1
  
  If this leads to users installing custom ROMs I think the device lacking an MS OS on it would do a good job at preventing that.
3. Re:They will just uninstall it by rvw · 2015-11-28 06:18 · Score: 1
  
  And whats to stop MS from uninstalling the program? They started uninstalling programs on Win 10 without permission what to stop them from doing this?
  Root access!
Gratis or Free? by Anonymous Coward · 2015-11-28 06:33 · Score: 0

Is it really free?
1. Re: Gratis or Free? by Anonymous Coward · 2015-11-28 09:21 · Score: 1
  
  Free, dumbass. Stop trying to redifine terms, Richard.
I moved from Android to Windows by Frankie70 · 2015-11-28 07:51 · Score: 1

Been using a Windows phone for more than a year now. Won't go back to Android.
1. Re:I moved from Android to Windows by Tough+Love · 2015-11-28 09:51 · Score: 1
  
  Microsoft would sell more if they came with Android, market it as the "Microsoft HumblePhone". Surefire way to hold off irrelevance just that little bit longer.
  
  --
  When all you have is a hammer, every problem starts to look like a thumb.
2. Re:I moved from Android to Windows by Anonymous Coward · 2015-11-28 19:54 · Score: 0
  
  Been using a Windows phone for more than a year now.
  You might as well just go back to using a dumbphone. You'd get much better battery life and you'd be able to do more with it.
3. Re:I moved from Android to Windows by Anonymous Coward · 2015-11-28 21:10 · Score: 0
  
  Dump phone doesn't have web browser, gps navigation, or internet sharing to tether my laptop.
4. Re:I moved from Android to Windows by Anonymous Coward · 2015-11-28 23:11 · Score: 0
  
  My old dumbphone has a web browser and internet sharing. It can even run Quake II and ScummVM, two things that Windows Phone can't do.
You have no idea what you're talking about. by cbhacking · 2015-11-28 21:12 · Score: 1

Win32 != WinNT. Win9x (Windows 95, 98, ME) implemented Win32, but did not use the NT kernel. Hell, Windows 3.11 (which was 16-bit, while all NT versions have been at least 32-bit) had a partial Win32 implementation called "Win32s" that could be used to run some Win32 programs even though the kernel was still 16-bit. Windows CE (including Windows Mobile, aside from the confusingly-named "Windows 10 Mobile") implements Win32, but is completely unlike the NT kernel. A modified version of the CE kernel was used on Windows Phone 7 (I know, because I wrote code that parsed WP7 kernel data structures, which scarcely resemble NT ones), but CE was scrapped in favor of NT for WP8 and later.
CE has been ported to more platforms than NT and has much lower minimum requirements, but uses a far simpler memory manager, does not support SMP (multiple hardware cores), does not support NTFS (it uses a weird variant of FAT that allows files to be "modules" loadable as executable images but not openable as files; NT has no such concept), does not support any kind of access control (a rudimentary access control system was grafted onto the CE kernel for WP7, but it bore no resemblance to the NT access control system that WP8-and-later use), does not support NT drivers, does not use the NT bootloader, is missing many security features (of which user accounts and access controls are only the most visible) that NT has, and is generally unsuited for anything except embedded systems (but has some features targeting those, such as some real-time support, that NT lacks).

--
There's no place I could be, since I've found Serenity...