Slashdot Mirror

← Back to Stories (view on slashdot.org)

Distributed TiVo Code Cracking

Posted by michael on from the wait-for-the-video dept.

Twostep writes "With the newest version of the TiVo software (Version 3.2), TiVo has once again changed the secret password to enter "backdoor" mode, which lets advanced users enable hidden features. Unlike last time, people were not able to quickly find the new code, so a distributed computing project was started to find the backdoor codes. You can read about it Here, grab the Linux or Windows clients and pitch in some CPU time for a good cause."

4 of 258 comments (clear)

  1. Works fine on Mac OS X by benh57 · · Score: 5, Informative

    Compiles fine on Mac OS X. Just add:
    typedef int socklen_t;
    to the top of SSocket.h
    and change:
    -lcrypt
    to
    -lcrypto
    in the Makefile.

    -Ben

  2. Technical info by Otto · · Score: 5, Informative

    First off, if you really want backdoors enabled, that thread on tivocommunity.com details how to do it by changing the hash yourself. You can change the hash it's checking on the disk and voila, no problem.

    So this search is basically pointless, but again, it's only for the hell of it.

    How it works:
    1. Tivo changed the backdoor code in 3.0 to be an SHA1 hash. So when you input the backdoor code, it hashes it, compares the hashes, and enables backdoors if it matches.

    2. The hash for 3.0 was reasonably simple to crack. It was short (6 characters) and so was found quickly. 3.2 is longer (everything up to and including 8 characters has been searched already). That's really all there is to it and why it's now a distributed client.

    3. The slashdotting I now expect will probably take the server down. I really wish this hadn't been posted. In any case, too late now.

    For more info about Tivo backdoors, see here.

    For more info about the 3.0 hash crack (the easy one), see here.

    --
    - Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
  3. Re:Because you're entitled to use your own hardwar by Fnkmaster · · Score: 5, Informative
    Sorry dude, you are 100 miles off target. You aren't allowed to remove that muffler because it affect the PUBLIC GOOD, not because it adversely affects Ford's bottom line. There is massive gap between laws regarding use of your possessions in a manner contrary to the manufacturer's bottom line, and laws regarding use of your possessions to infringe on other individual's rights to life, liberty and the pursuit of happiness (and no, a corporation itself or a business model do not have rights).


    A better example might be buying a 2003 Ford Mustang, ripping off the exhaust and installing an aftermarket exhaust system for 2003 Ford Mustangs. If Ford says "but we sell our Mustangs at a loss, the EULA says you will buy parts and maintenance from Ford" you would tell them to go fuck themselves. Likewise when a hardware or software maker tells me what I can do with a product I legally purchased.

  4. Not really needed, just for fun by Antity · · Score: 5, Informative

    From a post (from "Otto", discussion forum, 10-31-2002 08:14 PM):

    As has been stated already, this search is essentially for fun. If you want to get the backdoors on your S2 unit, it's already been stated how to do it. Load up the drive in a computer and change that code to the other one. Voila. This power search is just out of boredoom's sake, and to see if we can do it. I'll be cool to find it, but it's not actually going to give us access to anything new, okay?

    So, people: Relax. And: If you want to join Just For Fun[tm] (like I do), do it.

    --
    42. Easy. What is 32 + 8 + 2?