Thursday, August 28, 2008

Hacking the AT&T Tilt aka HTC Kaiser

Finally! Haha. For my friends that have waited patiently for this post; better late than never, eh? ;)

If you own an AT&T Tilt (aka HTC Kaiser), and you’re dissatisfied with the default ROM, and have somehow managed to find this hole in the wall before the other myriad tutorials out there, you’re in the right place. You’ll have to get the software discussed here yourself, unless you know me, then I’ll burn them for you. Where applicable, I’m listing the exact filenames of CABs so you can search Google or for them, else, I’ll provide a link.

Read ALL of this before you do ANYTHING! If you can’t afford to destroy your phone then gtfo, because it could happen. And don’t forget to backup your contacts to SIM and any other important data.

This isn’t a complete guide; I’ll show you the basics, and then tell you what I did for my device. If you want something different, go for it. I’ll provide links to my primary resources, but you should plan on doing at least 10-20 hours of research during the course of customizing your phone. That said, you can do practically anything you want. If you like the work of the developers and artists creating this stuff for us, then donate a little something.

On wit da show. You need:
  • 1 x AT&T Tilt aka HTC Kaiser
  • 1 x Data plan from AT&T strongly recommended, but at least use wifi at home.
  • 1 x PC with ActiveSync 4.5 installed
  • 1 x USB cable for Tilt to PC connection
  • 1 x Broadband Internet connection strongly recommended
  • 2 x RedBull – you will be up late heh
Your number one resource for basic needs, as well as some incredibly creative extracts, compilations, and software is xda-developers. Thanks to pof, unlocking the Tilt is a breeze.

The beginning
First, go to xda-developers and read about the extreme noob success story, then read about SPL (second program loader). Next, figure out what ROM (just read everything with ROM in the title here if you don’t want to use the one I’m using) you want to put on your phone. I use the latest HTC/AT&T update found here. Finally you’re ready to flash HardSPL, which will allow you to put any ROM on your phone that you like. Before the update that just came out I was using the default HTC Kaiser ROM version 1.56.405.5, which was nice, but well over a year old.

BEFORE you install the ROM, be advised that your default ROM, and the new HTC ROM, will install a bunch of bloatware on the phone – game trials and crap like that – like a Dell computer has on it. You can stop this process without harming the phone; settings, connections, and everything you need will be there.

After your ROM is installed, you will go through the AT&T setup process – aligning your screen, tips, etc. Right after you finish the tips, you’ll drop onto the WM6.1 desktop – IMMEDIATELY soft reset your phone using your stylus in the hole at the bottom. If you see a message that says “Automatically customizing your device in 3 seconds”, you waited too long, so quickly hit the soft reset, follow the setup again and this time do the soft reset before you see the message. Voila! No bloatware.

Main loop
Now the fun part begins – customization! I’m tired, and have already spent too much time on this damn thing, so this is not going to be highly detailed or drawn out. You’re better off if you have to actually do some work anyway ;) Your device is unlocked; we’re starting from where I began upgrading my phone today. Substitute your own stuff where you don’t want what I’m using.
  1. Download and install ROM version 3.57.502.2 WWE
  2. Avoid bloatware – soft reset before “automatic” customization
  3. Install SPB Mobile Shell, one of the few applications I’ve bought outright. A steal at 29.95.
  4. Install Jbed – better Java – filename: – reboot.
  5. Install miniOpera – uber browser!
  6. Install GoogleMaps – My Location, directions to airport codes, and much, much more.
  7. Install HTC Home Customizer – tweak your HTC Home – filename: HHCv10Final.CAB
  8. Install SV2 – photo album – filename:
  9. Install kevtris – yet another tetris game – filename: Kevtris.CAB
  10. Install Comm Manager – I dislike the AT&T one, this is HTC’s – filename: – cancel reboot.
  11. Install SPB Elf Calculator skin – better calc skin – filename:
  12. Install Wizard dialer – better dialer skin – filename: – reboot.
  13. Install RDP client – remote desktop – filename: WM6
  14. Install XpressMail – included in the bloatware we nuked, add it back with a direct download – reboot.
  15. Install TomTom – I purchased Navigator and US/Canada maps for less than $100.
  16. Install Realms – what the game Asteroids was supposed to be like – this is 10x better!
  17. Install AdvancedConfigurationTool – access to some tweaks you may want.
  18. Install KaiserTweak – run this .exe from your phone and select all settings that are “advised”.
  19. Install MyMobiler – remote command and screen capture tool.
Final touches
Well, my work here is done. It’s up to you to read about the software you install (RTFM), and figure out how to tweak your phone to your liking. There's tons of themes, splash screens, backgrounds, ringtones, etc. out there ~ have fun. Remember kids, I am simply a conduit of information; I do not and will not provide support for this stuff. Do not email me with support questions, or crying because you bricked your phone. It will fall on deaf ears; you have been warned.

Got mo pics?!

Kaiser CustomRUU – flashing without formatting the device, good for splash screens, radios, etc.
Kaiser software
New HardSPLs.. I haven’t bothered with these and I’m fine so far.
Excellent blog post showing the difference between the stock, bloated Tilt configuration, and the default HTC version. This is related to the ‘pre-3second reset’ described in the tutorial.
TrackMe – A CellID/GPS tracking system. No idea if this is cool yet, but it’s what I just started playing with as I was doing research for this post.
Guide: MSFT Voice Command
Customize your splash screen(s)!
One of many good tutorials out there. I’m listing it because it happens to be how I found out about nuking the bloatware, which lead to where we are today.

Using this information to alter your device will void your warranty, and doing things improperly, out of sequence, or just plain fucking up could turn it into a very expensive paper weight. I am neither responsible for what you do with this information, nor provide “support” for this stuff. Go read the resources if you need support.

Special thanks to all the cats over at xda-developers and the other folks contributing free and open source software to the community! You guys rock!

Hacking the AT&T Tilt aka HTC Kaiser (pics)

Here's some supporting screen shots for the Tilt hacking article I'm about to publish. Blogger made it easier to insert pics, but it's far from perfect.

Google Maps ~ Dialer Skin ~ Comm Manager

SPB Mobile Shell ~ miniOpera ~ KaiserTweak

Tuesday, August 26, 2008

Hillary Clinton: Party Unity My Ass (PUMA)

I've never written a political post here, and promise not to make it a habit, but after reading a truly enlightening article by someone at CNN that "get's it", and the subsequent comments from many of the idiots he's talking about, I can't help myself.

First, I am neither Democrat, nor Republican. Hell, I'm not even a registered Independent or Libertarian - I support who I think (hope) will get the job done right. There was a time (think 2K) that I thought McCain was that guy, but ever since he lost to Bush, he's kissed his ass so hard that if Bush stopped suddenly we'd have to surgically remove the poor chap.

Now, have a look at the article, I'll wait.............

The bottom line:
  • Yes, Bill Clinton was an amazing President. Nobody is denying that, and what you people sense as "disrespect" toward a great man that seemingly deserves nothing but god-status, is good people with common sense that believe Bill should get on board and "Unite the clans!"
  • Yes, the Bush Administration erased virtually everything he accomplished, and then some, in the last 8 years of pure hell.
  • Yes, this country elected Bush..twice.
  • Hillary LOST.
  • Obama WON.
  • Could it be the same idiots crying about Hillary's loss that allowed Bush to win twice in the first place? Methinks it could be.
Now, to you PUMAs specifically: You're Democrats. Your ideals, views, and beliefs have FUCK ALL to do with the Republicans or John McCain't. Are you truly willing to put a man in the Whitehouse that will appoint conservative judges who will overturn Roe v. Wade, further degrade our environment with fresh oil drilling, bow to special interests like Big Oil and Pharmaceutical, provide tax cuts for the rich, etc, etc., and generally continue the failed Bush-politics of the last eight years, just because you're a bunch of fucking crybabies that can't deal with the fact that your precious Hillary didn't get the nomination?!

YOU ARE PATHETIC. When Michelle Obama spoke about a time when she wasn't very proud to be an American, I imagine it was a moment just like this, and I'll be damned if I can't relate. Grow the hell up and start acting like you give a shit where this country is headed, because this childish bs won't get us anything but FOUR MORE YEARS OF BUSH.

Look at John McCain's record. Look at his policies and proposals. Obama may not be Hillary, but he's a helluva lot closer to what you're looking for in a president than McSame.

To the Clinton's: Get off your high-horses and realize this country and its future is way bigger than you, your egos, and your do-anything-to-get-into-office shenanigans. In the immortal words of Wallace, "UNITE THE CLANS!"

Go Obama / Biden 2008!

UPDATE: Well blow me down! Bravo Hillary Clinton! The speech at the convention last night was exactly what was needed. The question now is, too little too late?

For an update on Bill's shenanigans, search Google for info on "Candidate X". /sigh

Friday, August 15, 2008

PCI Knowledgebase: Learning from Web Application Security Mistakes

On August 13th, I produced a webinar with the PCI Knowledgebase's founder, David Taylor. We talked about the web application security-specific requirements of the PCI DSS, common misconceptions with these requirements, practical advice on how to comply with them, lower your overall risk, and how to improve application security in your organization to the point that you won't fear any regulation, standard, or law.

After registering (free) on the site, you can download Learning from Web Application Security Mistakes here.

Lifecycle Security - You missed GREAT talks

This was the first run for Lifecycle Security in Las Vegas, and attendance was honestly very poor. That's too bad, because we had some incredible talks (not tooting my horn, I mean the others ;).

Considering the traction and popularity that Defcon's seeing, it's a bad idea to have Lifecycle after BlackHat, and we communicated that feedback to the organizers. This conference is too important for people to miss it, so I'd be surprised to see it after BH next year.

So, I did the Application Security in the Real World talk here, and that and the other talks will be posted for download soon. I'll edit this post, and add the location when that happens.

HP Software Universe

Hey folks! I've been slacking big time, but we're going to get caught up today. Incoming blog spam!

As some know, I presented a couple of talks at HP Software Universe, at the incredible Palazzo Resort-Hotel-Casino. The conference was considered a huge success, even though attendance on the Application Security side of the house wasn't nearly as strong as we hoped for. Thankfully, this was noticed by the organizers, and they've promised much better coverage for the European Universe, assuming it happens.

A perfect end to a great conference - Stephen Marley headlined the HP party, after a great opening by Blake Lewis. We have the legendary Jerry Peña to thank for the awesome picture of Stephen (we're sworn to secrecy on the story leading to Jerry's legendary status, but maybe I'll let it slip if you buy me a beer ;), since none of mine are presentable.

Unfortunately, the video of the talks is only available to attendees, but everyone can see the slides. Links to both of my talks can be found below.

Converted the links to Tiny because they're ridiculously long - Application Security in the Real World. And, the PCI University talk.

Application Security in the Real World and PCI University; You have questions, I have answers.