Hacking and the Robin Hood complex

Once upon a time, before the coming of micropayments and 99 cent apps, I used to hack whatever software I needed (usually from Microsoft) by hunting down cracks on the net. I was not a real hacker, in the sense that I don’t know the first thing about coding. But I knew enough to hunt down cracks, and get the software working on my computers and phones. Ethical Issues I knew it was stealing but I would try to justify it to myself by saying that at those sky high prices (in Indian money), the software creators would have more than recovered their cost in countries where piracy rules were stricter. Microsoft for instance, was minting money, so it was hard to feel particularly guilty about cracking Windows or Word. Besides, hacking software had a fun side to it. They presented a mental challenge as every time the software creator removed a loophole, the crackers would stay one step ahead with complicated fixes. Cracking an app could be quite an frustrating exercise but that ‘A-ha’ moment made it worth the trouble. There was a negative side, too. The sites where cracks are uploaded used to be teeming with viruses and porn and phishing scammers. There was always a risk of compromising my PC. Besides, hacked software were often buggy and tended to crash, and I used to have to waste quite a bit of time fixing it. Looking back, I think money wasn’t the only reason people hacked software. Many hackers have a Robin Hood complex. For instance, in order to squeeze out competing browsers, Microsoft, the software colossus of that era, bundled Internet Explorer into its Windows OS. This led to the collapse of Netscape Navigator, which once had held 72% of the browser market. Microsoft was fined by the government for its monopolistic tactics, and came off as a villain. So it was sort of acceptable to rip off Microsoft’s software and share it with those poor souls who couldn’t afford it. All the same, I still felt guilty about hacking apps. I was already writing, and I knew I wouldn’t like it if someone stole what I was writing. But in those days, I was a broke student or just starting off, and it was either hacked software or nothing. But I was always looking for a way out. So when Apple launched the App Store, and app prices started becoming reasonable, I packed away my hacker hat, and got on the straight and narrow path, and have been on it ever since. Besides, once you get used to legal apps, it’s hard to go back as I prefer to spend my time ‘using apps’ rather than ‘fixing apps.’ Anyway, I made my peace with Microsoft by becoming a beta tester for Windows 10, for which they rewarded me with a free version of the OS. Somewhere along the line, I switched to Macs where most of the essential apps come free. Apple makes most of its money via its expensive hardware, and I guess the 30% cut on apps in the App Store. On the cellphone front, I did try jailbreaking an old iPhone just for thrills but quickly tired of the crashes, and restored the phone. I didn’t bother to root my Android, as by then I had enough of fiddling with software, and was more interested in devices that just worked, so I could do my work. It did indeed look like my hacking days were finally over. But life took an unexpected turn with the arrival of a new corporate bully. A New Villain in Town In India, cellular network providers have replaced software giants as the new villains of the corporate world. Led by market leader Airtel, they formed an informal cartel to keep prices artificially high while providing minimum service. A 30-day, 1 GB of LTE data pack cost around ₹300 ($5). Phone calls and text messages were extra, and travelling in another state in India would add roaming costs. So the total monthly expense on cellphones for an ordinary user could easily touch ₹1500 for that piddly 1 GB of data. Not that they were content with milking the market. At one point, Airtel even tried to make customers pay twice for the data sold to them, by levying a fee for WhatsApp voice calls. Airtel claimed to be losing income from voice calls by customers making WhatsApp calls. The absurdity of Airtel’s claim was exposed when Jio, a new cellular network provider, launched a 3-month free trial offer with 4GB of data per day, along with unlimited free voice calls and messages, and no roaming fees. The voice calls were via data, like WhatsApp calls. Jio extended the trial offer for another three months, before announcing their launch in April with a 1 GB/day, data pack at 4G speed, free calls and messages, and no roaming fees for just ₹10 a day, which is less than $5/month. Even though, Jio’s data speed is not yet consistently 4G and there’s some throttling, it still is among the best data schemes offered anywhere in the world. The effect on the other cartel members was amusing. After dithering for a while, they cut costs to customers and increased data to match Jio’s offer. Nothing like a bit of competition to make life better for customers. But by then, customers had started flocking to Jio. This is when things got dicey. The cartel members didn’t want to lose customers and started cutting Jio calls (call drops) that passed through their networks. The Indian government interfered, levied massive fines on them, and that got sorted out. But customers who wished to port their existing numbers to Jio still found many obstacles in their path. I was one of these customers as Aircel, my network provider, rejected my porting requests saying my bill wasn’t paid. That wasn’t true as I had paid an excess on my last bill. Besides, I have a ₹1500 deposit with them. Theoretically, I can apply again but there is a technical problem. Finding Loopholes The Indian government insists all SIM cards should be tied to an identity to keep track of terrorists and the like. So Jio issues SIM cards based on a bar code generated on a customer’s 4G phone using a Jio app. The code is linked to the customer via his Aadhaar card, India’s national ID. The problem is Jio’s policy is ‘One bar code for one phone.’ The code is also tied to the phone’s IMEI number. Once a porting request is rejected, that bar code goes into limbo, and you need a new phone to generate another bar code. That means if you don’t have a second phone or access to a second phone, you are stuck. Who will buy a phone just to generate a bar code? The cartel members know about this loophole, and were rejecting porting requests by falsely claiming bills are unpaid. Basically they are playing fast and loose, and hoping to get away with it. And I was one of their victims whose porting process had gone into limbo. The Paradox of the Ethical Hacker If network providers like Aircel bend the rules, I think I’m justified in bending the rules myself, to get around their devious schemes. So what did I need to do? I had to hack the Jio app to generate a working bar code. Using that, I could put in a fresh application to port my number to the Jio network. Generating a bar code on a non-existent or stolen IMEI didn’t seem right to me. What if some poor chap bought that phone with the IMEI I used, and found that the code had already been redeemed. He would be stuck. That upset my sense of fairplay. It wasn’t right that an innocent person should pay the consequences of my battle with the corporate bullies. Back to the drawing board, or rather the internet, and it wasn’t long before I spotted a loophole that would keep me borderline legal. My Android phone has a dual SIM slot, which means it has two IMEI numbers. The Jio app uses only the IMEI of the first SIM slot to generate the bar code. What if I could trick the app to use the second IMEI number of my phone. That way, I wasn’t stealing anyone’s IMEI number. All systems good to go. Making imaginary bills disappear But first, I needed to make sure that Aircel could not reject my porting request again. What I needed to do was convert my postpaid SIM to a prepaid SIM as the claim of unpaid bills would not work with prepaid SIMs. Fortunately, I had foreseen this situation and already applied to Aircel four months earlier. They had taken my request, and casually said it will take three months to implement as there are long queues for conversion. I gritted my teeth, and said fine. Now four months later, I went back to Aircel and demanded to know why the conversion to prepaid had not happened. The customer care agent said it would be done that day. It wasn’t. So I went back the next day on my way back home, and continued doing this for three days. With such relentless pressure, Aircel had no option but to convert my SIM to prepaid. Accordingly, my phone went offline. I called up the service centre, and they said it would take three days for the conversion to take effect, and the phone to come back online. Today is Day 2. So far, so good. Cracking the Code My next step was to trick the Jio app to generate a bar code on a 4G phone. I checked on the net, and found that if I rooted my Android, I could change its IMEI. Since I had no clue on how to root an Android, I took the help of a 12 year old on YouTube to get it done. The rooting worked flawlessly, but the Android app that was supposed to change the IMEI number was buggy. I tried to download an alternative app but it began installing apps from random sites, which caused my phone to frantically pop up virus warnings. I didn’t want the headache of dealing with viruses and data theft, and didn’t know enough about Androids to sort out the viruses. Time to press pause and go back to the drawing board. Round 2. A bit more research on the net gave a second option. A mobile phone emulator that I could run on a PC. Worth a shot. There was just one catch. I had been using a Mac for the last few years, and was out of touch with Windows computers. But there was no option as the Mac version of the app was missing key functions. So I downloaded the app, and installed it on my kid’s PC. It was the first time I had run an emulator for a cellphone. So the whole thing looked a bit unfamiliar. But after a little fiddling around, I began to get the hang of it. The thing was basically meant for gamers to play mobile games on a PC. But as usual, hackers had figured out how to do other stuff with it. In my case, I could access settings of the emulated phone and change its IMEI number to the one I desired, then run the Jio app on the emulated phone to generate the bar code. At this point, I ran into a fresh obstacle. The latest version of the Jio app would not be fooled by the emulated phone. So I needed an earlier version. After a bit of hunting on the net, I found the previous app, and installed it on the emulated phone. On running the app, it generated the bar code. The prey I had been stalking for so long was finally in my hands. Almost. The Amateur shows his hand At this point, my amateur status became evident. I just couldn’t figure how to get the bar code out of the computer. The internet didn’t bother to explain, as it assumed that any decent hacker would know such basic stuff. After a bit of exploring, I found the emulator app provided a screen capture function. Bingo, I took a screen capture of the bar code screen, and the app informed me that it was saved to the gallery. But now I ran into a fresh problem. I just couldn’t find the screen capture as it wasn’t in the gallery, or anywhere on the PC. I was completely mystified and spent the next half an hour breaking my head, before my tube light finally came on. The screen capture must have been saved in the emulator phone’s gallery. Sure enough, it was in there. My relief was palpable as I right clicked on the screenshot, selected ‘copy’ and pasted it into my USB pen drive. I was done with the PC. From the USB, I sent it by WhatsApp to my phone, a device I was now more comfortable with than a PC. Now all I had to do was patiently wait for my Aircel postpaid SIM to complete its conversion into a prepaid SIM, after which I could re-apply for the porting process at Jio, while keeping my fingers crossed about the hack. Testing the Crack As luck would have it, the next day a friend called with the similar porting issue. He also wanted to port his existing number to Jio, but only had one 4G phon. And he had already used that to generate a Jio bar code. He did have a second phone but it was a 3G phone and wouldn’t generate the bar code. Here was my chance to test the hack, as well as help a friend trying to escape from the rapacious clutches of Vodaphone, another of the cartel members. Since the 3G phone was my friend’s own phone, I didn’t have to worry about stealing any one else’s phone’s IMEI to generate the Jio bar code. So I asked my friend to send me the IMEI number of the 3G phone. I then proceeded to run the hack again. Second time around, it was much easier, and a few minutes later, I messaged him the bar code. He visited the Jio dealer the next day, applied for porting, and gave the dealer the bar code. A few minutes later, I got a message, a ‘thumbs up’ emoticon.