Elliott C. Back: Internet & Technology

This is interesting, and at the same time scary. According to Engadget, Apple’s Fairplay (TM) DRM has been hacked for the new iPhone 3G App Store, and the applications themselves are appearing on torrent sites:

There’s also a more traditional crack which allows apps to be stripped of DRM and shared without using iTunes, although you’ll have to jailbreak your phone to do it. The first app to be widely pirated is Super Monkey Ball, which isn’t surprising, and it seems like several other apps have followed it out onto various torrent sites. In addition to the relatively simple jailbreak procedure, running cracked apps requires you to open up SSH access and do some mucking around, so unless your time is worth less than $10, it’s probably not worth it.

The latest apps appearing on a torrent search for iPhone include Crash Bandicoot Nitro Kart 3D, Super Monkey Ball, iBeer, and Enigmo, a total (so far) of $32.96 of potential revenue destroyed by hackers.

The original post at Haklabs, Super Monkey Ball iPhone – Cracked, explains the motivation for the hack:

After the WWDC ‘08 Keynote, everyone wanted this iPhone game, it received almost as much hype as the iPhone itself. Super Monkey Ball from SEGA definitely has some good qualities, however it does have some bad qualities as well. First off, this game costs $9.99 which might be a little steep for some.

1. Make sure you are on firmware 2.0
2. Download the Super Monkey Ball Cracked file and extract the .ipa file from the archive to your desktop.
3. Drag and drop the Monkey Ball.ipa file into the iTunes application folder and wait for it to install.

So because an irate iPhone user believes the Super Monkey Ball game costs too much at $9.99, he creates a hacked version and gives it away for free. I actually paid for Super Monkey Ball, because it’s one of the few applications worth my $9.99, and I advise you to as well. If there’s no financial market for creating great iPhone applications, the entire market will suffer, and we’ll have crappy apps to run on our $400 phones.

The process of updating your 1.1.4 first-gen iPhone to 1.2.0 is simple. Even though the official winpwn release for Windows and the iPhone 3G isn’t out yet, here’s what you need to do to unlock, jailbreak, and upgrade your 1.4 iPhone to the 2.0 3G firmware!

[STEP 1] Download Winpwn 1.0.0.3 RC1 from the official source, or my local mirror. The filename is winpwn_1.0.0.3_RC1_Setup.zip; after you download it, download Apple’s 1.1.4 firmware, choose that ipsw from the “browse .ipsw” button, and click “iPwner” to WinPwn it. You’ll see something like this:

7/20/2008 4:10:49 PM – This is winpwn ver.:1.0.0.3 RC1
7/20/2008 4:10:50 PM – Apple Mobile Device Support Version 2.0.0.33 installed.
7/20/2008 4:11:01 PM – Debug level:1
7/20/2008 4:11:02 PM – Debug level:0
7/20/2008 4:11:02 PM – Debug level:1
7/20/2008 4:11:10 PM – File from: iPhone1,1_1.1.4_4A102_Restore.ipsw
7/20/2008 4:11:10 PM – Recognized as:iPhone1,1_1.1.4_4A102_Restore.ipsw Type: IPSW_iPhone
7/20/2008 4:11:10 PM – Be sure to connect an iPhone!
7/20/2008 4:11:13 PM – Failed to load image catalog
7/20/2008 4:11:34 PM – Failed to load payload catalog
7/20/2008 4:13:09 PM – Setting up iPhone device object
7/20/2008 4:13:09 PM – Registering callbacks
——————-
7/20/2008 4:13:10 PM – Unzipping .ipsw file to Application Data\cmw\winpwn\1.0.0.3\ipsw
7/20/2008 4:13:10 PM – Found device product id:4752
7/20/2008 4:13:10 PM – iPhone connected
7/20/2008 4:13:15 PM – OK
7/20/2008 4:13:15 PM – Creating ramdisk
7/20/2008 4:13:16 PM – Padding ramdisk
7/20/2008 4:13:16 PM – Ramdisk successfully created
7/20/2008 4:13:17 PM – Putting iPhone into recovery mode.
7/20/2008 4:13:17 PM – AMDeviceEnterRecovery res:0
7/20/2008 4:13:21 PM – iPhone disconnected
7/20/2008 4:13:29 PM – iPhone entered recovery mode
7/20/2008 4:13:30 PM – Sending ramdisk to iPhone.
7/20/2008 4:13:31 PM – Transfer took 1734.375ms
7/20/2008 4:13:31 PM – Modifying environment…
7/20/2008 4:13:31 PM – Starting pwnage
7/20/2008 4:13:41 PM – iPhone left recovery mode
7/20/2008 4:14:44 PM – Found device product id:4752
7/20/2008 4:14:44 PM – iPhone connected
7/20/2008 4:14:44 PM – Your iPhone has been pwned

[STEP 2]: Now you need to BootNeuter your phone. Using the Installer.App download an install it. Instruction on how to neuter the bootrom can be found on the dev team’s site. It’s quite easy, just run the app, select Neuter, and hit the “Flash” button.

[STEP 3]: Update iTunes to 7.7, if you haven’t already. Get a hold of a 2.0 firmware made with iPWNAGE 2.0 for the Mac. Firmwares, for example, are available on torrent file sharing sites.

[STEP 4]: Shift-click the “restore” button in iTunes and select the custom firmware you obtained above. Thanks to PWNAGE 2.0, you now have a first-gen iPhone running the 2.0 firmware, with full ability to run games and apps from the iTunes Application store! Enjoy Super Monkey Ball!

I am running through these steps right now on my first-gen iPhone, and so far everything works as advertised. Of course, I’m not responsible if something does go wrong and bricks your iPhone…

Update: If you have trouble getting your wallpaper to show up, or just see a black background, connect to the iPhone via SSH or from a terminal on the phone itself, delete private/var/mobile/Library/LockBackground.jpg, and restart. You’ll be able to set your own wallpaper.

Update 2: It’s official, WinPwn for Windows XP has been released, so just go use that!

Also, you should check out How to Unlock the iPhone 3G on Google Knol.

If you’ve been reading any tech news today, you probably heard that Robert Scoble was banned from Facebook for hacking it with an automated scraper to get his Facebook friends into Plaxo. Later today, Facebook reinstated his account after warning him to “refrain from running these types of scripts again.”

What was Scoble after? Your names, email addresses, and birthday. Information that he is allowed access to inside Facebook, but which his many of 5,000 so-called friends might not want hauled outside and stored with another company. Buzzmachine is right when they label him an identity thief in What he says:

I want Facebook to protect my email address. I don’t want Scoble downloading it and giving it over to Plaxo, a brand and company I will never, never trust and would never choose to do business with or hand data to on my own. So much of the reaction to this little incident gets it backwards; there has been much talk about how we should be able to get our data out of Facebook and that’s fine but we also need to protect our data from others making use of it without our permission and that’s what this is about in the end.

There’s a reason that I have set my privacy to avoid these things–in addition to defriending everyone I don’t actually know and trust. I don’t want people knowing where I live (as I’ve received death threats, prank calls, and various harassments that are more trouble to sort out then just avoid). I don’t want them knowing my email, phone number, or birthday. And I certainly would get pissed off to see someone harvesting them en-masse. As I wrote in Cornell violates mass student privacy, “Taken one-by-one, this kind of directory information is completely useless and publicly available. But when taken in aggregate form, the contact information is a secret.”

So, in mass-downloading his Facebook friends’ information, Scoble violated the Terms of Service, the implicit trust relationships he had with his Facebook friends, their privacy, and their identities. Now he claims that the information will be removed after their tests are finished, but at this point it’s too late. The cat (our identities) is out of the bag.

p.s., Techcrunch agrees as well…