iPhone Dev Team to Open Source Free Unlock

An anonymous reader writes "In an effort to keep up with changes from Apple at a faster speed, the iPhone Dev Team is considering open sourcing AnySIM, the free unlocking solution for the iPhone. In a chat with Gizmodo, iPhone Dev Team member Sam said that this move could 'open a lot of possibilities for the future,' mainly in terms of the speed of the updates and avoiding sloppy and possibly dangerous binary patches. They are now looking for community input to get the project started."

How is this going to work?

[Trintech (1137007)]

I could be completely wrong about this but I though that the unlocking programs utilized exploits, buffer overruns, etc to unlock the iPhone. If thats the case, how is releasing the source going to help this project? Won't Apple just read the code and release updates keeping the program from working?

Re:

[4D6963 (933028)]

Won't Apple just read the code and release updates keeping the program from working?

Yeah, because until now Apple had no idea at all how that anySIM thing worked. Now that they'll be able to access the source, they'll like instantly know how to prevent the hack from working.

You see that's as if makers of cutting pliers published the plans of their products, then car makers would as soon know how to prevent thieves from cutting the wires of a car in order to steal it.

Re:

[Trintech (1137007)]

I really hope Apple didnt know about the buffer overrun that allowed the first unlocking tool to work [unlockedip...orsale.com]

I can appreciate your point that Apple will never be able to keep people from reverse engineering the iPhone but saying that Apple won't be able to do a better job of preventing this if they know exactly how the "crackers"(not sure if thats the right word for the phone world) are going to accomplish their goals is highly unlikely.

Re:How is this going to work?

[mrsteveman1 (1010381)]

If Apple doesn't have the source already, they must have found out about that exploit somewhere.......the source had nothing to do with it. Closed source is not going to stop Apple from running the latest binary unlocker on a test machine and watching what it does.

Re:How is this going to work?

[DaleGlass (1068434)]

Right, because Apple is a tiny poor company that doesn't have the resources to watch the traffic over the wire, or to disassemble the program. They couldn't possibly figure it out without the source.

Re:

[ibbey (27873)]

Umm... I think the parent was being sarcastic. Not terribly subtly, either.

Re:How is this going to work?

[thePowerOfGrayskull (905905)]

Quite possibly. Puts us OSS fans in a quandary, doesn't it? On the one hand, proprietary software is Teh Ebil. On the other hand, keeping this proprietary allows to keep a platform pseudo-open. It's really no choice at all though - either you believe in the principles FOSS or you don't. If so, then this should be released. If not, it should not. If you find yourself on the fence, perhaps you're not as firm an OSS believer as you liked to think. (Note: 'you' here is in the plural sense, not directed at parent who didn't express an opinion one way or the other...)

Re:

[Money for Nothin' (754763)]

It's really no choice at all though - either you believe in the principles FOSS or you don't.

What does this statement, and the statement by President Bush that "you're either with us, or you're with the terrorists", have in common?

Both are an example of a false dichotomy/false dilemma. [wikipedia.org]

There is a third way: it's called "being reasonable", or "having nuance", or "creating exceptions where it's pragmatic to do so". Open source works and/or is desirable for many projects and situations - but not all.

Re:

[thePowerOfGrayskull (905905)]

If you truly believe in the underlying principles behind OSS - that is, that information cannot be 'owned' by any one individual or group - this is no false dichotomy. If not, then my post wasn't directed at you. I thought I made that clear in original context, but I can see how it may not have been.

Re:

[Money for Nothin' (754763)]

I actually think OSS works pretty well as a development model and more-broadly as a cultural advancement in the way information is communicated and evolved. I just don't take it as religion, that's all. :-)

Re:

[thePowerOfGrayskull (905905)]

Are you sure you're at the right web site?

Re:

[Money for Nothin' (754763)]

*grins* :) I argue with people here pretty much any time I post, but I've been here for a few years, and since around the turn of the millenium at least as a lurker...

Re:How is this going to work?

[arivanov (12034)]

Some of the exploits have been public for ages and Apple knows that these are the exploits used. It still does not fix the underlying buggy code for some reason. They are not the only ones as PSP and other small devices have a similar history of not caring about security fixes. On a second thought I am not surprised. People in corporate environments tend to check in an open source lib in the local repository once (often as a binary) and they are not bothered to follow it for ages after that. Following external components and updating them for stability and security is the exemption, not the norm.

Re:

[PhotoGuy (189467)]

I think that's wrong.

I offered to assist a friend open his iPhone to another carrier (here in Canada, where we can't get AT&T if we wanted to).

His uses the latest ROM, 1.1.2, and they've upgraded the bootloader in this version to close the hole that was in the previous versions. There is currently no software crack for this phone, although hopefully someone will figure something out. (TurboSIM, a sim interceptor card, which makes the iPhone think it's talking to AT&T, when in fact it's not, is app

Re:

[ardiri (245358)]

I could be completely wrong

yes, you are wrong. AnySim is an iphone application - not a hack. the device must first be hacked (jailbroken); in order to install applications onto the phone. once done, AnySim simply updates the baseband firmware. the jailbreak process uses the exploits; not AnySim.

Re:

[Xformer (595973)]

What legal action? More specifically, what legal action in their own country?

Phone unlocking is legal in many places in the US, if not all over, and the DMCA recently had an exception added to it so that circumventing phone locks to unlock them isn't a violation of that law. I'm curious, then, just what they could use to make a case.

I guess that just leaves them with one option.

The Drawbacks?

[TubeSteak (669689)]

Wouldn't this make it easier for Apple to break AnySim?

Re:The Drawbacks?

[larry bagina (561269)]

break it? You mean fix buffer overflows and other vulnerabilities? That would be a good thing.

Re:

[DECS (891519)]

How persuasive would that be? It sounds like saying the popularity of DVD rip software "will eventually win over the labels to embrace the idea of piracy."

Are you suggesting that some profitable new market will emerge from FOSS users that will convince Apple to change its sales strategy to target "people who don't want to pay for things" as opposed to "people to pay a premium for higher end products"?

Without a service subsidy (and it is a subsidy, even if AT&T is paying Apple rather than the customer),

Re:

[Joe Tie. (567096)]

but there are no $399 touch screen wireless computers that can be manufactured new at a profit.

Isn't that about the standard price for a windows mobile based PDA with wireless and a good screen?

Re:

[DECS (891519)]

No. The "Windows Mobile Smartphone" typically has no touch screen (Motorola Q, Samsung Blackjack) and has ~128 MB RAM, not 8GB. An 8 GB SD card costs $200 itself. They also offer a 1/4 resolution screen. Add in service (to flush out the hidden subsidy) and those phones cost $400 more over two years than the iPhone.

Ten Fake Apple Scandals: 1 - Phony Rage About iPhone Price and Profits [roughlydrafted.com]

Re:

[mollymoo (202721)]

An 8 GiB SD card may cost $200, but an 8 GiB USB drive costs about a quarter of that. 8 GiB SD cards are at the cutting edge of flash density and are priced to match, you just don't need that density in a device the size of an iPhone, you can use lower density, cheaper flash.

Re:

[DECS (891519)]

That may be true, but it's irrelevant. An 8 GB SD Flash card is the only way a user can expand the capacity of Windows Mobile phones that ship with 128 MB. So a $399 WM smartphone needs that expensive SD flash to match the 8GB iPhone. Sure, a manufacturer could source 8GB of Flash for cheaper than $200, but problem is that none actually are doing that. Users can't solder in Flash RAM chips themselves.

In any event, adding 8GB of RAM would significantly increase the cost of mobiles. Adding a large touch scree

Re:

[digitalchinky (650880)]

Adding 8 gigabytes to the Nokia N95 didn't increase its initial selling price by much at all. The price has actually fallen quite a good deal over the last couple of months and is now just a small amount above the original N95.

Phones are not designed to be given away for free at all, you just need to read the fine print on your contract a little better. In nearly all cases you end up paying a significant amount more for a contract phone than you would if you had just purchased it outright from the beginning

Re:

[OrangeTide (124937)]

8GiB SDHC for $51 [newegg.com]. The prices are coming down fast!

Re:

[jamar0303 (896820)]

Heh- see how far behind America is? Japan's already offering 854x480 widescreens in their phones and we're still on 480x320!

Re:

[Nullav (1053766)]

Are you suggesting that some profitable new market will emerge from FOSS users that will convince Apple to change its sales strategy to target "people who don't want to pay for things" as opposed to "people to pay a premium for higher end products"?

It's not the desire to get out of paying. Far be it, most carriers I've been with have thrown a huge bill my way for canceling mid-contract. It's just that AT&T sucks.

Which $399 phones have 8GB of RAM and a large touch screen?

Flash isn't RAM and I seriously d

Re:

[DECS (891519)]

You're talking about freedom from a hardware manufacturer tying its phone to a provider. The solution you offer is to return to service providers dictating the features of phones. If you're really interested in freedom and choice, you should reevaluate your position.

Apple charges you $399 + it gets whatever it extorts directly from AT&T. AT&T charges you $1000 per year (you can now opt out of the data plan, so it's more like $600/year). Other service providers charge the same thing or more for a sma

Not safer

[SuperBanana (662181)]

this move could 'open a lot of possibilities for the future,' mainly in terms of the speed of the updates and avoiding sloppy and possibly dangerous binary patches.

Ugh. This is just another version of "open source code is more secure because you can review it and compile it yourself." Open source code can be more secure, because a qualified individual can conduct a lengthy security audit, and maybe catch some malicious or insecure code."

• virtually nobody that uses the code will be even remotely qualified to even understand how the code works, much less be able to tell if it'll screw up their phone.
• Opening development to more people makes the chances of someone SUBMITTING (note, I said "submitting", not "successfully getting away with putting malicious code into an official release) go up; now the few people who know what they're doing have to spend a lot of time reviewing code not just for correctness but malicious intent, something they may not be qualified to do.
• Releasing the source code now makes it exceptionally easy for people to trojan the code and release a compiled version. The bar has been lowered from "knows assembler and iPhone internals" to "is decent with C."

Re:Not safer

[vertinox (846076)]

virtually nobody that uses the code will be even remotely qualified to even understand how the code works, much less be able to tell if it'll screw up their phone.

All it takes is one person who knows how to read the code to make a rambling blog post detailing the vulnerabilities and submit it to Slashdot.

Then all the people who didn't know how to read code will now know and the code reader will have his share of adsense for the month.

But more seriously... When I have doubts about a software package, I just hit it up in Google to see if there has been wide spread complaints or other issues.

As far as your other issues you bring up, in a closed source scenario what is to prevent a malicious person from just renaming any old trojan that they compiled to be the same exact size as the closed source exe and putting up a torrent of it? Sure it won't work at all as far as running the program, but it will do what they need to do. (Checksums anyone?)

Even if a person uploads something maliciously into the main package, someone will eventually notice and with more eyes the faster this will happen. Of course this also helps out if the original coder is the one who is malicious.

Re:Not safer

[palegray.net (1195047)]

Thank heavens we have a ton of security firms who make a living finding holes in both open and closed source software and publishing the results. Of course, their work is just a bit easier if the source is available, and it's just slightly easier to write a patch that solves the problem ;). I guess my main point is this: it isn't just the average user who looks at the source code for high-profile projects.

Re:

[Deanalator (806515)]

I think that the type of people looking to unlock their phones are the type of people who would be interested in seeing how the unlock code works.

Re:

[TubeSteak (669689)]

Releasing the source code now makes it exceptionally easy for people to trojan the code and release a compiled version. The bar has been lowered from "knows assembler and iPhone internals" to "is decent with C."

The process I went through involved jailbreakme.com & then installing AnySim from the installer.

To trojan that process, someone would have to hack the 'trusted source' I used or provide instructions that point the user to a trojaned source.

Why would anyone install anysim from anywhere other than the official anysim website?

Much safer

[bit01 (644603)]

Enough with the "closed source is inherently superior" propaganda. Whether you like it or not open source for the user is everything that closed source is. Plus the source is available.

The idea that "closed source" is magical security pixie dust needs to die.

this move could 'open a lot of possibilities for the future,' mainly in terms of the speed of the updates and avoiding sloppy and possibly dangerous binary patches.

Ugh. This is just another version of "open source code is more secure because you can review it and compile it yourself."

No, it hasn't. Try to understand that it's not just you reviewing the code but potentially many other parties apart from the originator. Are you trying to tell us independent third party review is not a good idea?

Open source code can be more secure

No, open source is likely to be more secure. Because many independent third parties can review it. Not just a vendor who has a commercial, ego or "not-enough-manhours" incentive to hide mistakes.

, because a qualified individual can conduct a lengthy security audit,

No, because many different individuals with many different levels of expertise can conduct all sorts of audits, security and otherwise, and in addition use the code in ways the the original author[s] never even envisaged.

and maybe catch some malicious or insecure code."

Better than no chance at all.

* virtually nobody that uses the code will be even remotely qualified to even understand how the code works, much less be able to tell if it'll screw up their phone.

So, out of a population of billions that leaves a population of thousands, or more, who are more than qualified to look at it. Think the statistics.

* Opening development to more people makes the chances of someone SUBMITTING (note, I said "submitting", not "successfully getting away with putting malicious code into an official release) go up; now the few people who know what they're doing have to spend a lot of time reviewing code not just for correctness but malicious intent, something they may not be qualified to do.

Malicious code is a strict subset of incorrect code. You check all your code for correctness, right? If you're not qualified to do that then you're not a programmer.

* Releasing the source code now makes it exceptionally easy for people to trojan the code and release a compiled version. The bar has been lowered from "knows assembler and iPhone internals" to "is decent with C."

No, it hasn't. Let me know when you've managed to break code signing and vendor repositories. Every binary package I use was either compiled/signed by the vendor or compiled by myself from vendor signed source code.

---

I want a free and open market. Do you?

Re:

[TheSeer2 (949925)]

The idea that "open source" is magical security pixie dust needs to die.

Re:

[bit01 (644603)]

The idea that "open source" is magical security pixie dust needs to die.

I know you're joking but nobody says it is, just that open source gives more options. Independent third party review is important, in everything from politics to crime to code.

---

Keep your options open!

Re:

[Cheapy (809643)]

You're absolutely right. Many third parties can review the code.

But do they?

Re:

[HalAtWork (926717)]

No shit end users won't. Parties who are trying to figure out ways to unlock the iPhone themselves, will, however. Open Source does allow end users to participate in documentation, translation, sending crash dumps, etc. You're right, end users won't be of much help to this particular open source project. However, other devs and other hackers will be able to help.

To what?

[noidentity (188756)]

I am not understanding title article what

Re:

[rueger (210566)]

iPhone Dev Team

Gotta say that I'm a pretty rabid Slashdot reader, I also immediately took that phrase to mean Apple itself. Which seemed pretty damned strange, but then again every time that I use Finder I get the same feeling that some things Apple does make no sense whatsoever.

Re:

[stormguard2099 (1177733)]

can we make this AC an editor?

Re:

[Goaway (82658)]

I love how there's a verb used as a noun AND a noun used as a verb in that title.

Open Source

[BigZaphod (12942)]

The iPhone dev community is largely open source already and the closed nature of some of the hack projects has always bothered me. I've released all of my code from my iApp-a-day [google.com] project which took place last month, and a lot of people are learning from it and building better things now. I know I'd be interested to see how something like AnySim actually works under the hood. It's one thing to have an academic knowledge of how these things work, but quite another to see and experiment with it first hand.

This is very confusing

[Punto (100573)]

By "iPhone dev team" do they mean the team at Apple that develops the iphone? why would they get to decide if the tool gets released without input from their corporate overlords? or is it just a bunch of people in their mom's basement who have nothing to do with apple that like to call themselves 'the iphone dev team'? in that case, why wasn't this open source in the first place? who runs a binary that can probably brick your iphone without having the source?

Re:

[Sancho (17056)]

That was my thought.

If I saw a headline which read, "Windows Dev Team to foo" I would assume that it was someone associated with Microsoft.

Widespread use in countries where it is not sold

[kbahey (102895)]

Here in Canada, Apple has not released the iPhone yet. Rumors last month said that Rogers will announce it before Christmas.

However, you see some people here who use iPhone.

Even in places as far away as Qatar, the iPhone is widely used there.

Since all the sets had to come from USA (or recently from Germany and UK), they have to be unlocked in order to work with the "normal" GSM carriers. Which means it is a widely used practice.

Perhaps Apple's dev team are just bowing to the inevitable. But how does that fa

Anyone else think "iPhone Dev Team"

[SteeldrivingJon (842919)]

is awfully self-aggrandizing on their part?

The iPhone Dev Team is at Apple. These people are, at best, the iPhone Hack Team.

Re:

[QuietLagoon (813062)]

Yikes, I posted the comment on the wrong thread. this is sooooo embarrassing....

Re:

[QuietLagoon (813062)]

:)

Re:

[mrsteveman1 (1010381)]

Apple is well aware of how the current unlocks are being accomplished, this changes nothing on that end. It does make it much faster to RESPOND to Apples re-locking attempts though.