Domain: forumer.com
Stories and comments across the archive that link to forumer.com.
Comments · 16
-
Re:Business plan waiting to FAIL
It's worse than that... the MBAs must have paid the engineers peanuts and lit a blowtorch under their asses to ship it, because the "security" on these was laughable (the one thing they had going for them was a Funny Plug(tm) that wouldn't fit a standard USB cable); it took several revisions before the software security measures presented so much as a speed bump. How do I hack thee? Let me recount thy ways...
1) The camcorders used a 128 BYTE(!) challenge/response system to unlock the device over USB. But the first-gen units used the SAME keypair for every device! So extract the key from one, unlock them all.
2) The key could be extracted by desoldering and reading the Flash chip, or... just asking the device nicely! The challenge key and expected response were stored consecutively in memory; you would request the challenge key in 4-byte(?) chunks, and after the 32nd chunk, respond with 32 chunks of response key. But if you instead just kept requesting chunks after the 32nd, it would GIVE you the response key.
3) Eventually they fixed this. But there was still a backdoor / "default" key, leading to the very popular "battery drop" method of unlocking cams. The response key and other housekeeping data were stored in an NVRAM area (actually IIRC just a file called nvram.dat) - if the camera ever failed to boot, it assumed it was a crash due to corrupted NVRAM and replaced it with a known default copy. Letting the batteries drop out about a second after hitting the power switch would replace the response key with a "key" consisting of the imager manufacturer's name spelled backward and then forward.
Eventually (being IIRC a couple *years*) they fixed all of these. You could still do it by shorting pins on the Flash or erasing part of it via external hardware, but the easy point-and-click software hacks were shored up. There was still debate as to whether the keys were algorithmically related to one another or one-time-pad random. Until...
4) Somebody discovered PD left details (possibly code) of the keygen algorithm on their anonymous FTP server! It was pulled before I got a chance to see it
;-) but it was enough information that somebody wrote a tool to bruteforce a master key of some sort, which took a few computers about a week or 2. With the master key found, hackers just updated the GUI software to generate proper response keys, prompting PD to release the "please grant us a Mulligan" letter linked by the GP. -
Re:The list, for those who don't care about pictur
He removed the source completely from the download page now, I think you might still be able to ask him for it. But like they said in the forums, for the most part it was a single developer who made the source available.
http://www.getpaint.net/download.html#src
http://paintdotnet.forumer.com/viewtopic.php?f=12&t=30838&p=274324
-
Possibly confused by a mod?
There is a mod called Knights of the White Stallion that expands the faction with the same name in the original oblivion. Perhaps in some point of time (i.e. at GameStop) someone mistook it for an official expansion? Seems weird for a retail store, but it could have happened anywhere in the chain.
-
Re:Compare this to a Pure Digital cameraFunny you should mention Pure Digital.
When you're in the business of building $30 one-time-use camcorders, and you mistakenly leave your FTP site open with your client-side software on it, and some hacker figures out the cipher and the key length, and some other hacker takes that information and performs a clean-room reverse-engineering and writes a little distributed application that results in a third group of enterprising hackers brute-forcing the key within two days, and when you're gracious enough to post a polite request instead of a cease-and-desist, and the people who cracked your hardware are ethical enough to take down the offending code to help keep you in business... things work out pretty nicely. Even if there are a few mirrors of the missing piece of the puzzle floating around on the 'net.
When you're in the business of deciding whether the R-sociopaths or the D-sociopaths gets to govern a trillion-dollar economy, and the source code to the machines that control access to all that money, all that power, and all those guns happens to leak.... probably not so good.
-
Console wars are bad
This why we are working to create an open standard for game console compatability: http://ogcs.forumer.com/
-
The official word: not a rail shooter
Prince NineOne1 is Ubisoft's ambassador to the IGN Revolution boards, comfirmed by editors Matt and Craig. He answered the question himself: "OK - maybe I will comment on 1 thing because it so absurd for a next-gen game. This game is not a rail shooter - that would be 100% NES and not Next-Gen. -P911" (A "rail shooter" means a shooting game that is "on rails"--like Duck Hunt, Time Crisis, or any other light-gun game--rather than allowing for full movement as in Quake or Halo.) http://gameonpause.7.forumer.com/viewtopic.php?p=
6 45#645 Zonk, please make this rebuttal at least part of the story; our friend at PointlessWasteofTime jumped the gun, so to speak. -
Re:LameThat's exactly what it is -- USB with a funky cable.
I've been out of the "scene" for a while since I hacked my two, so I just went and looked at the bulletin boards that discuss these things, and I'm sad to report that apparently Pure Digital has finally started making a version of these things that can't be hacked using any of the existing methods. Here is a thread where the guys who figured the hack out are saying that the latest rev may finally be unhackable.
If you can get your hands on older ones, (Rev 3.62 or earlier), then you're in business, but the party may be over for owners of the new 3.70 ones
. -
I don't know...
Something tells me they've just got free advertisement...
-
Food Torture! please help it be a net phenom!
-
Go and find the worst food in your house and post
Go and find the worst food in your house and post pictures of yourself eating it here! http://foodtorture.6.forumer.com/index.php
-
Re:No linux source for CVS hack?
Check out this thread -- Corscaria has a command-line program that uses libusb, so it's compatible with mac, linux, and windows.
I developed the unlocking code & did it on the mac. The Mac's user-land usb code is much easier to use than Window's (mainly because I don't need to create & install a specialized driver).
earlier slashdot sub -
Re:How do you use the USB?
This includes a link to the cable making instructions:
http://camerahacks.10.forumer.com/viewtopic.php?t= 536 -
more info & the PV2 still camera with LCD
As pointed out yesterday on engadget, these cameras have been out a few months -- it's just that the press release came out recently. Yep, it's from the same company that made the hacked still camera.
The community working on hacking this new camcorder is located at:http://camerahacks.10.forumer.com/viewforum.php ?f=13
These cameras seem to have an external program memory, so it might not be too hard to hack. The forum above also has dissection pictures.
BTW, last summer PureDigital came out with a still camera called the PV2. Unlike the one that was previously mentioned on slashdot, this new one has an LCD post-view screen and it's based on a completely different chipset. It has also been hacked. I figured out the authentication mechanism on this and most of the communications. Others got the camera to work with standard drivers and are figuring out the proprietary raw format. I wrote a disassembler and have published commentary on the built-in firmware, but you'll need a camera & firmware file to make sense of it. The firmware is protected by a checksum, but that was easy to find and correct.
main pv2 forums
PV2 FAQ from the forum - a great starting place
my FAQ's
unofficial devkit for writing your own programs. -
more info & the PV2 still camera with LCD
As pointed out yesterday on engadget, these cameras have been out a few months -- it's just that the press release came out recently. Yep, it's from the same company that made the hacked still camera.
The community working on hacking this new camcorder is located at:http://camerahacks.10.forumer.com/viewforum.php ?f=13
These cameras seem to have an external program memory, so it might not be too hard to hack. The forum above also has dissection pictures.
BTW, last summer PureDigital came out with a still camera called the PV2. Unlike the one that was previously mentioned on slashdot, this new one has an LCD post-view screen and it's based on a completely different chipset. It has also been hacked. I figured out the authentication mechanism on this and most of the communications. Others got the camera to work with standard drivers and are figuring out the proprietary raw format. I wrote a disassembler and have published commentary on the built-in firmware, but you'll need a camera & firmware file to make sense of it. The firmware is protected by a checksum, but that was easy to find and correct.
main pv2 forums
PV2 FAQ from the forum - a great starting place
my FAQ's
unofficial devkit for writing your own programs. -
more info & the PV2 still camera with LCD
As pointed out yesterday on engadget, these cameras have been out a few months -- it's just that the press release came out recently. Yep, it's from the same company that made the hacked still camera.
The community working on hacking this new camcorder is located at:http://camerahacks.10.forumer.com/viewforum.php ?f=13
These cameras seem to have an external program memory, so it might not be too hard to hack. The forum above also has dissection pictures.
BTW, last summer PureDigital came out with a still camera called the PV2. Unlike the one that was previously mentioned on slashdot, this new one has an LCD post-view screen and it's based on a completely different chipset. It has also been hacked. I figured out the authentication mechanism on this and most of the communications. Others got the camera to work with standard drivers and are figuring out the proprietary raw format. I wrote a disassembler and have published commentary on the built-in firmware, but you'll need a camera & firmware file to make sense of it. The firmware is protected by a checksum, but that was easy to find and correct.
main pv2 forums
PV2 FAQ from the forum - a great starting place
my FAQ's
unofficial devkit for writing your own programs. -
Re:N -
Too bad there is a sound pb on Linux, that freeze the whole thing for a short time quite often. It's unplayable like that.
There is some workaround in their forum, but it still need to be fixed. http://metanet.2.forumer.com/index.php?showtopic=4 86&st=0