Slashdot Mirror
Distributed TiVo Code Cracking
Twostep writes "With the newest version of the TiVo software (Version 3.2), TiVo has once again changed the secret password to enter "backdoor" mode, which lets advanced users enable hidden features. Unlike last time, people were not able to quickly find the new code, so a distributed computing project was started to find the backdoor codes. You can read about it Here, grab the Linux or Windows clients and pitch in some CPU time for a good cause."
Really, when the hell will these people (the companies) learn that this will do NOTHING.
In TiVo's case, would just removing the backdoor altogether work instead of just putting a new, totally hackable and insecure password on there?
Either way, I'm taking bets on how long it will take for the password to be cracked.
If some vendor decides, rightly or wrongly, that giving hardware away is a sensible business model, that doesn't in any way entitle them to any control over what you do with it once you take it home. Think of the stupid CueCat bar code wands from Radio Shack. The "legitimate" application intended for those things is long dead, but people continue to do useful things with the wands using software based on reverse engineering them.
Why are people still buying these devices if they don't offer the features they want or expect out of the box?
- This is a serious question, mod as such.
You can if you don't disturb anyone, and its your own property.
Try to think of an example where
a) You own something
b) But you aren't allowed to do something with it, even in your own property, and it doesn't affect anyone else.
A different, and possibly more interesting question is this: Why does the builder of the bike chain it to a bike rack *after* you have bought it and not give you the combination to the new lock? The scary thing is that according to the laws passed recently in the United States (by congressmen who likely did not understand the ramifications of what they were voting on), it is not only illegal to unlock your bike, but the original builders of the bike are allowed to lock it down any way they want after you have purchaced it, and it is illegal for you to even discuss the lock with other people or try to unlock it by yourself so you can use the bike. It is generally illegal (not always, but often) to take apart the bike to turn it into a tandem bike. And if you discuss bike locks in general including starting up a website or discussing them via email it's not only illegal, but you might be a political activist, one of the threats to the United States according to the intelligence community:
Political activism on the Internet has generated a wide range of activity, from using e-mail and web sites to organize, to web page defacements and denial-of-service attacks.
Life in these United States scares me of late. People have just about convinced themselves that they don't need to have physical power (the right to bear arms), and society is now casting organized groups in a bad light. First the right to bear arms, now the right to assemble.
And you, a presumably intelligent person, cannot understand that you should have the right to crack into your own private property? Or that there is anything wrong with the fact that you have to do so?
Ah, well...
--
Evan
"$30 for the One True Ring. $10 each additional ring!" -- JRR "Bob" Tolkien
Wrong. I *can* do whatever I want to a 2003 ford mustang. I can remove the muffler, modify the camshaft... hell I can strap a rocket on the back if it pleases me. Obviously the manufacturer won't honor my warranty once I cross certain lines, and obviously because of laws for the common good, I won't be able to legally drive it on public highways after a certain point as well. But at any stage in whatever process, Ford will be more than happy to supply me all the technical data and help I need when it comes to how their car is designed and built - although some of the more advanced manuals come at a reasonable cost.
If TiVo were the same, then they should allow me to turn the box into a linux unreal tournament machine or an X.10 controller or whatever the hell else I want to do with it, and provide specs and documentation as neccesary to boot. They would of course void my warranty and/or tech support when I open the case or make invasive software changes - and at some point down the mod path they may no longer allow me to subscribe to their services, and may even disclaim to me that it's no longer legal for me to hook my TiVo up to a cable/satellite network (however dubious that may be) - but they wouldn't stop me from doing whatever I wanted with the hardware in my own home.
11*43+456^2
let me ask you this.
You are all talking about how cracking this seems "wrong" and whatnot...
Has Tivo complained? No?
Shut up.
This is (sort of) possible. What you say can't be done literally on a Series2. TiVo has started checking hashes on everything in the Series2 units, so it's very difficult to hack the code on the TiVo. The kernel is signed with TiVo's private key, which the TiVo firmware checks on each bootup. Inside of the kernel is an initrd ramdisk, which contains to hashes to all the files on the TiVo's ext2 filesystem. (There's another filesystem called MFS that contains all of the TiVo video files and other critical data which isn't checked, but there's no executable code in there unfortunately.) Since the ramdisk is inside of the kernel, if you attempt to modify the ramdisk you ruin the signing, which means the firmware won't boot it. So until somebody hacks either the firmware, the private keys that the kernel is signed with, or manages to find a collision with the SHA-1 hashes, hacking the executable is out of the question. This also means all other fun forms of TiVo hacking are right out, such as TiVoWeb, yac/elseed (caller ID programs), e-mail notification systems and whatnot. (This is why I traded a friend a brand-new Series2 for a Series1 which he wasn't going to hack.)
:)
Now, what you can do is modify the backdoor code hash itself, which is stored on the MFS file system. However, there's one big problem with that: You have to crack the case and pull out the hard drive, which has one of those lovely "Warranty Void if Removed/Damaged" stickers. True, many people are going to crack them open anyway to add a second drive, but there's also lots of people who won't. The backdoor codes can be entered without voiding the warranty; it's just a charachter code you enter on a certain screen. Voiding your warranty just to get into a few extra features via the backdoors code isn't something many people are willing to do.
And as for Freevo: Yeah, it might get somewhere sometime, but then again, it might not. Until it's as reliable, stable, and easy-to-use as my TiVo, I'm not planning on using it. I realize other people might have different tastes and prefer something majorly hackable, but I'm not one of them.
My English teacher once told me that two positives don't make a negative. Two words for her: Yeah, right.
"You cannot buy a 2003 ford mustang, remove the muffler, and drive around at 3am generating 100db of sound. Yes, it's your hardware, but rules exist to further a public good--a (relatively) pollution and noise free environment."
Yes you can... removing your muffler is totally legal. You are are only breaking the law when you drive it on public roads. You can take it to a race track and drive it all you want.
If someone converts a Tivo into a hacking device AND uses it to break into computer networks, that would be illegal. You could also break the law by hitting someone over the head with your Tivo, no modifcations required.
Cracking and modding your Tivo is, and should remain, totally legal.
AdFuel
You cannot buy a 2003 ford mustang, remove the muffler, and drive around at 3am generating 100db of sound. Yes, it's your hardware, but rules exist to further a public good--a (relatively) pollution and noise free environment.
First of all, you CAN remove your muffler and drive around at 3AM. You can do anything you want to that car. You just can not drive it on public roads legally after the fact. If you do this in your own property or a place like a track and no one complains about the noise it is 100% perfectly legal. Have you been to a race track on a test and tune night? By the way, removing the muffler does not increase your emissions levels, removing the catylatic convertors does, and yes, you can buy off road pipes (meaning no convertors) from thousands of companies for just about any vehicle.
Modifying a TIVO in no way shape or form bothers my neighbors or is a nuisance to the general public.
the alternative is a world where prices are higher / options are fewer because companies would have to hedge against unauthorized uses.
So when your business has a model that can not make money, the governmant should change the law against the public good (to use your own words) to help you make money? Are you on someones lobbying payroll? Did you ever think that maybe if a company made these hidden options available or added more options that maybe they could sell more units? The consumer would have MORE choices.
the alternative is a world where prices are higher / options are fewer because companies would have to hedge against unauthorized uses.
No, the alternate is where companies compete on the quality and usefulness of thier products. Not trying to squeeze every last penny from a product that is not really exactly what someone may want because a government handout let them keep making it for a profit on it.
Bad boys rape our young girls but Violet gives willingly.
The effort is for fun, really. We've (subuni, anyway) already found ways to take the drive out of your tivo, throw it in your PC, and change the code to a known hash. This is more to say "Hey, cool, we did it."
So take a pill folks. Simmah down!
The reason why is that you can't *use* your bike if it's locked. You are perfectly capable of *using* a locked Tivo for its intended purposes.
A better analogy might be if the bicycle manufacturer *locked* the wheels to the bike. You'd still be able to ride the bicycle (aka use the tivo for its intended purpose), but you couldn't steal wheels from other bicycles and you wouldn't be able to change a tire unless you went to a *bicycle-company* certified mechanic who had the key (they do actually sell skewers for bike wheels with locks/keys). This might be akin stealing content from other Tivos or opening up and fixing/modding the Tivo.
I'm sure there are better analogies, but I just didn't think that yours applied very well. I do agree with your points, however.
Freevo doesn't do recording, at least not yet.
You cannot drive it around in public places without its muffler, but if you owned a huge estate with its own network of roads, and it was large enough that the sound wouldn't reach your neighbors, you are not only allowed to drive without the muffler, but also without license plates, driver's license, insurance, registration, or serial numbers!
This is an argument frequently put forth by the anti-gun lobby: you have to license cars and drivers, why not guns and gun owners? The difference is that in the former case you are licensing the right to use the vehicle in a public road you share with others, whose safety depends on your ability to use it correctly, whereas the latter would be required even for ownership in your private home.
I think an analogy exists with consumer electronic hardware as well. As long as you are not entering or affecting a public space or other persons, shouldn't your hardware be yours to do with as you wish?
If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?