Hacking the Samsung “Vice” SCH-R561

So, a few months back, I got my first cell phone, the Samsung “Vice” SCH-R561. Overall I am very happy with this phone cept for one thing… The complete lock-down of the features. First, is the GPS, you can only use it if you download their software (Which they want $6 a month for!) and second, it naggs you if you REALLY want your apps to run every time! You can of course hit “4″ when ever it asks you (so it will not ask you again) but programs like Opera and Gmail will not be able to save passwords or save bookmarks. So after a little Googling, and some 1337 skills, I hacked my way in and unlocked this phone! Here is how I did it:

I AM NOT RESPONSIBLE FOR BRICKING YOUR PHONE! IF YOU JUST WANT RING TONES USE THE RUMKIN UPLOADER, THIS GUIDE WILL NOT HELP! WHEN EDITING THE FLASH OF YOUR PHONE THERE IS ALWAYS A RISK OF KILLING IT! YOU HAVE BEEN WARNED! THIS HACK WILL ALLOW YOUR PHONE TO RUN UNASSIGNED CODE AND CAN BE A HUGE SECURITY HOLE IF YOU ARE NOT CAREFUL! I AM DONE YELLING NOW!

You need to have a 32 bit OS for this to work! If you do not, then your messed! The Drivers are only 32 Bit. I did this with Windows XP in virtual box via USB pass-through :)

The first step is to READ ALL OF MY YELLING ABOVE then download the tool and driver below:

- The Driver to access the Serial interface - Right here!

- BitPM – Offical Site

Installing the drivers and setting up your phone:

What can I say? Download the drivers and run the setup! (These drivers are hosted on my site because Samsung is lame and pulled them!)

Next plug in your phone WITHOUT picking the “Connect to computer” If you do that it will not work! Next open device manager and figure out what COM port the phone is on. Make sure you take note of which port it is!

Using BitPIM

Now, before you even think of running this program UNPLUG YOUR PHONE! If this program attempts to auto-detect your phone, it will clear the memory in it! That means all your downloads/contacts/texts/EVERYTHING will be deleted!

Now, once you have that done, start the program up, the first thing it will ask you is what kind of phone you have, it is “other CDMA” chose the correct COM port via picking browse. NOW you can plug your phone back in! Click refresh until your phone apears under avalible ports. Select it (Should have a COM port to the right of it) and make sure that “detect my phone on start-up” is DISABLED! (This will prevent future killing!)

Hit OK, then hit the receive button. (The one with the arrow pointing from the phone to nothing!) Now, under the “view” menu, pick view filesystem. A little icon labled “filesystem” should appear on the left. Click it and now you are on to the fun stuff!

This allows you to view all the files on your phone, messing with these files will kill your phone! There is only one file that we are intersted in, it is located in /brew/shared/policy. Click the little + next to the / to start browsing.

There is a little text file in there called policy.txt. Right click it and save it some where safe. Before contuing, I STRONGLY recommend that you save it again to a diffrent directory for backup. If you mess up your phone, you need this back up to restore it to it’s stock state! Now, open up the first copy and modify it like so:

BEFORE:

The bottem of the text file will look like this:

domain: untrusted
oneshot(oneshot): Application_Self_Start
oneshot(oneshot): Device_Connectivity_Bluetooth
oneshot(oneshot): Message_Delivery

…and so on.

Copy the text (From your own file people! Some phones MAYBE DIFFERENT depending on firmware!) from under “domain: Gold-Trust” and paste it under “domain: untrusted” for MY phone it looked like this:

domain: untrusted
oneshot(oneshot): Application_Self_Start
oneshot(oneshot): Device_Connectivity_Bluetooth
oneshot(oneshot): Message_Delivery
oneshot(oneshot): Message_Reception … and so on

To this:

domain: untrusted
allow:            Application_Self_Start
allow:            Device_Connectivity_Bluetooth
allow:            Device_Connectivity_Comm
allow:            Location
allow:            Message_Delivery
allow:            Message_Reception
allow:            Multimedia_Access
allow:            Net_Access
allow:            Personal_Data_Read_Access
allow:            Personal_Data_Write_Access
allow:            Satsa
allow:            Sprint_Extensions

Save that file and send it back to your phone. Close BitPIM and then unplug and restart your phone. It is now hacked!

Now, even though your phone is hacked, it maybe hard for you to find apps for it (Since most sites, like google, think your phone is still a cripple.) The best method I found was to use the runkim uploader here to upload the jar files, then run them from your phone.

My top Apps List:

Opera Mini -> Very very fast web browser verses the stock, but you can’t download stuff with it….

meboy -> Gameboy Emulator, a little hard to control, but pretty playable none the less.

mgmaps -> This allows you to use the GPS in the phone to find your self on a map. It does take about 5 minutes to get a reading, and it does not update very quickly.

gmail -> I like to check my gmail and even though google says it wont work, it does and it works very well! You will have to download it to your computer first, then use the rumkin

Google Maps -> GPS does not work, but the rest does!

MidpSSH -> Need to login to a server via ssh or telnet? This will help you in a bind!

VNC2Go -> Yes, you can run a VNC client on your phone… It works, but it is a little slow to use. (As in 10-20 sec delays…)

Super Mario Bros Running on my Cell Phone!

Happy Hacking!

You can leave a response, or trackback from your own site.

Leave a Reply


8 + = fifteen