Zone-MR Central Server - [entry]

Zone-MR Central Server - [entry]: "Last Saturday, MoDaCo (the world's largest smartphone community) held a get-together for their forum members. Unfortunately the positive community spirit was soured by an individual who decided to steal one of the charity raffle prizes - a C550 mobile phone.

On Monday, Paul O'Brien (MoDaCo founder) contacted me with information on the stolen phone's IMEI number. I operate the SPV-Developers community which offers the free online SPV-Services unlock tool for this type of phone. It seemed likely that the thief would attempt to remove the SIMLock using this service in order to switch the phone to a non-UK network - bypassing the UK's IMEI blacklist which renders stolen phones useless.

Initially it seemed like there was little I could do to help. The SPV-Services server was not programmed to log the IMEI numbers of it's users. It seemed like a dead end, until I remembered something. When a user unlocks their phone, our server keeps a backup of the phone's first flash block (kept for a few days, in case the changes need to be reversed). This block contains 64kB of RSA-encrypted data such as the phone's SIMLock state, Carrier ID, and other concealed information - it seemed likely the IMEI would be buried within it. Shortly my suspicion was confirmed - after decrypting the block, the IMEI can be found inside (albeit scrambled with a simple transposition).

I started writing a short script - which would check each backup in turn to see if it originated from the stolen phone. After 30 minutes of writing, testing, and running the script - we had a match! The stolen phone had been unlocked. The creation timestamp on the backup file gave us an exact time - August 21, 2005, 10:18:32 PM.

The next step was cross-referencing this information with our web server logs. When a user uses our software to unlock their phone the software uploads the encrypted block to our server, which sends back a list of modifications which need to be made in order to remove the SIMLock. As we knew the exact time when this happened, we could find the corresponding web server entry :

2005-08-21 22:18:32 POST /services/simlock_2.php - 82.163.137.156

Bingo! I passed this IP address back to Paul who cross-referenced it with Modaco's database. From this, he was able to identify the guilty member. A quick lookup confirmed that the IP was used by the account 'Cocky' - a member which had attended the get-together. The event registrations contained the name of our theif, and his mobile number. The next day, Cocky (AKA K. P.) received a short phone call:

Paul: Hi, this is Paul from MoDaCo.
Cocky: Er, Hi.
Paul: You have something of mine, and I want it back.

Not surprisingly, Paul could hear the faint sound of the guy crapping himself at the other end of the line. The phone was returned, via special delivery, the following day. Moral of the story - even if you're enough of a cunt to steal from a charity raffle, don't be fucktarded enough to steal a phone from a community of phone experts."
  • Stumble This
  • Fav This With Technorati
  • Add To Del.icio.us
  • Digg This
  • Add To Facebook
  • Add To Yahoo

0 observations: