Slashdot Mirror

← Back to Stories (view on slashdot.org)

Distributed TiVo Code Cracking

Posted by michael on from the wait-for-the-video dept.

Twostep writes "With the newest version of the TiVo software (Version 3.2), TiVo has once again changed the secret password to enter "backdoor" mode, which lets advanced users enable hidden features. Unlike last time, people were not able to quickly find the new code, so a distributed computing project was started to find the backdoor codes. You can read about it Here, grab the Linux or Windows clients and pitch in some CPU time for a good cause."

10 of 258 comments (clear)

  1. Blind at 5am by LinuxGeek · · Score: 2, Informative

    The Win32 executable is in the archive, ignore previous post....

    --

    Kindness is the language which the deaf can hear and the blind can see. - Mark Twain
  2. Works fine on Mac OS X by benh57 · · Score: 5, Informative

    Compiles fine on Mac OS X. Just add:
    typedef int socklen_t;
    to the top of SSocket.h
    and change:
    -lcrypt
    to
    -lcrypto
    in the Makefile.

    -Ben

  3. Technical info by Otto · · Score: 5, Informative

    First off, if you really want backdoors enabled, that thread on tivocommunity.com details how to do it by changing the hash yourself. You can change the hash it's checking on the disk and voila, no problem.

    So this search is basically pointless, but again, it's only for the hell of it.

    How it works:
    1. Tivo changed the backdoor code in 3.0 to be an SHA1 hash. So when you input the backdoor code, it hashes it, compares the hashes, and enables backdoors if it matches.

    2. The hash for 3.0 was reasonably simple to crack. It was short (6 characters) and so was found quickly. 3.2 is longer (everything up to and including 8 characters has been searched already). That's really all there is to it and why it's now a distributed client.

    3. The slashdotting I now expect will probably take the server down. I really wish this hadn't been posted. In any case, too late now.

    For more info about Tivo backdoors, see here.

    For more info about the 3.0 hash crack (the easy one), see here.

    --
    - Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
  4. Re:Because you're entitled to use your own hardwar by Fnkmaster · · Score: 5, Informative
    Sorry dude, you are 100 miles off target. You aren't allowed to remove that muffler because it affect the PUBLIC GOOD, not because it adversely affects Ford's bottom line. There is massive gap between laws regarding use of your possessions in a manner contrary to the manufacturer's bottom line, and laws regarding use of your possessions to infringe on other individual's rights to life, liberty and the pursuit of happiness (and no, a corporation itself or a business model do not have rights).


    A better example might be buying a 2003 Ford Mustang, ripping off the exhaust and installing an aftermarket exhaust system for 2003 Ford Mustangs. If Ford says "but we sell our Mustangs at a loss, the EULA says you will buy parts and maintenance from Ford" you would tell them to go fuck themselves. Likewise when a hardware or software maker tells me what I can do with a product I legally purchased.

  5. Re:Is it updated via modem? by MikeLaw · · Score: 2, Informative

    The effort doesn't relate to the stuff that is downloaded from the modem. It is an attempt to decrypt a password whose encrypted form is known which is used to activate "backdoor" features. Therefore, there is no way to attack it from the tty stream -- it is never used there.

  6. Not really needed, just for fun by Antity · · Score: 5, Informative

    From a post (from "Otto", discussion forum, 10-31-2002 08:14 PM):

    As has been stated already, this search is essentially for fun. If you want to get the backdoors on your S2 unit, it's already been stated how to do it. Load up the drive in a computer and change that code to the other one. Voila. This power search is just out of boredoom's sake, and to see if we can do it. I'll be cool to find it, but it's not actually going to give us access to anything new, okay?

    So, people: Relax. And: If you want to join Just For Fun[tm] (like I do), do it.

    --
    42. Easy. What is 32 + 8 + 2?
  7. Re:Is it updated via modem? if so, tap your own li by Kazymyr · · Score: 2, Informative

    Yes the updates come by modem (or more recently encoded in some "paid programming" shows on Discovery channel that the TiVo automatically tunes to and records), but that doesn't change anything. The software updates come in "slices" which are encrypted themselves. The TiVo has a hardware crypto chip that is used to decrypt those.

    --
    I hadn't known there were so many idiots in the world until I started using the Internet -Stanislaw Lem
  8. Because by Psykechan · · Score: 2, Informative

    The TiVoCommunity Underground is unofficially approved by TiVo (in fact some posters are employees) and they don't want any problems with networks like Turner's or the MPAA.

    I mean, TiVo has supported hardware network card hacks with newer versions of their software. Contrast this to other hardware manufacturers and you'll see why we respect TiVo's wishes and don't discuss certain topics.

  9. Re:Idiots by warmcat · · Score: 3, Informative

    The RSA Crypto done on the Xbox XBE for example uses a 2048 bit key. It does not take an inordinate amount of time because they do a fast SHA-1 hash of the XBE contents, and then RSA-encrypt just the hash.

    This is unbroken because anyone who knows enough to have a go at it can do the 2^2048 math and realize they are doomed, even with a planetful of Space Year 2100 supercomputers.

    The fact is that strong crypto is going to lock out anyone other than the keyholder from being able to contribute to whatever platform is being locked up. The ONLY way through it will be implementation problems.

  10. not anymore by Kevinv · · Score: 3, Informative

    that was for an 8 character password. the stats are now for an 9 character password.

    48% complete