Distributed TiVo Code Cracking

Twostep writes "With the newest version of the TiVo software (Version 3.2), TiVo has once again changed the secret password to enter "backdoor" mode, which lets advanced users enable hidden features. Unlike last time, people were not able to quickly find the new code, so a distributed computing project was started to find the backdoor codes. You can read about it Here, grab the Linux or Windows clients and pitch in some CPU time for a good cause."

Idiots

[__aafkqj3628]

Really, when the hell will these people (the companies) learn that this will do NOTHING.

In TiVo's case, would just removing the backdoor altogether work instead of just putting a new, totally hackable and insecure password on there?

Either way, I'm taking bets on how long it will take for the password to be cracked.

Re:Idiots

[warmcat]

This isn't true, unfortunately. When the implementations of strong hash checking are done properly (everything in one chip, ROM a la Xbox), they WILL succeed in locking everyone else out without very expensive hacks.

Personally I think new law is needed to render this illegal, unless it is under the control of the user.

If you think that sounds extreme, consider that the persistent state for all copyrighted works is that they are in the public domain. It is a temporary aberration of a few years that the works are allowed to be held privately. After that they are meant to be available for everyone. As it is these encrypted fortresses inside consumer products will never yield up their secrets.

Re:Idiots

[z)bandito(_X]

This isn't true, unfortunately. When the implementations of strong hash checking are done properly (everything in one chip, ROM a la Xbox), they WILL succeed in locking everyone else out without very expensive hacks.

Personally I think new law is needed to render this illegal, unless it is under the control of the user.


while i concur that the notion of a company removing or limiting features after the purchase of a product is disagreeable, you are incorrect in citing the xbox as a 'hack-proof' design. The gamecube actually has the design you are referring to, where the bios and many/most/all security measures are contained in a single, integral chip such as the CPU, or the graphics chip as is the case with the gamecube iirc.. the gamecube media also contributes to the difficult of hacking the unit to run anything other than nintendo authorized games.

the xbox has been modded to the point where you can not only run games from different territories, you can actually run ftp clients on it and download games and movies onto an upgraded 120gb HDD and play them directly from disc. in the current hardware, the bios chip is seperate from other (more expensive and customized) hardware. the common media and seperate security measures (unencrypted signals travel an accessable path at one point) contribute to the xbox having been hacked.

that said, i believe your proposed legislation would be difficult to implement for at least two reasons; one being that you likely purchase a license to the software rather than the software itself. I guess you could still try and legislate acceptable license terms, but even then the definition of a 'good' or 'bad' feature being added to or removed from a product may be a matter of perspective.

and visit my website goddammit!!@!

Re:Idiots

[subuni]

In TiVo's case, would just removing the backdoor altogether work instead of just putting a new, totally hackable and insecure password on there?

I don't work for TiVo, so I don't know their intentions. But I can speculate. You can do some nasty damage to your TiVo through use of some of the back doors (Node Navigator being the most famous method). So, you get Joe Blow who accidently does this to his TiVo, screws it up, and calls support -- Their costs have now increased.

It's too difficult to remove the backdoors. They're quite useful inhouse during dev/test cycles (a QA tester notices a bug, they can easily view the log files, etc). Two branches of the software, one inhouse with the backdoors, and one w/o them for the public is a lot to deal with. What if you applied a patch to one branch, forgot about the other. Now QA has to test both branches, to make sure they're the same. QA people whine, a lot (rightfully so sometimes). They won't like that.

So, whats the best option? While doing inhouse testing, use a nice simple code (1234). Right before you're ready to GM it, change it the something "impossible" (i.e. uses characters that can't be entered through the TiVo). The code-base is the same, so QA can get away with just running a quick set of happy-path tests. And, this now reduces Joe Blow's chance of killing his TiVo (since he can't enable backdoors), it lowers support costs, and everybody (inside TiVo) is happy. A "win" situation for TiVo.

Of course, a "hacker" can go in and change the code to something that isn't "impossible", but if they screw up their TiVo and call support, support doesn't have to help them this time. They voided their warranty when they opened the case, to pull the drive, to change the backdoor code. Another "win" siutation for TiVo.

Whether or not this is the case, I don't know... But, it sounds very likely to me.

Re:Idiots

[Martin+Blank]

It's too difficult to remove the backdoors. They're quite useful inhouse during dev/test cycles (a QA tester notices a bug, they can easily view the log files, etc). Two branches of the software, one inhouse with the backdoors, and one w/o them for the public is a lot to deal with. What if you applied a patch to one branch, forgot about the other. Now QA has to test both branches, to make sure they're the same. QA people whine, a lot (rightfully so sometimes). They won't like that.

Not intending flamebait, but isn't this exactly what we're usually complaining about companies doing? This is one of the highest examples of insecure design. It's not that difficult to remove the backdoor code from the public release, if you code it right to begin with. I know it's just a TiVo, but at some point, a lot of these things that we refer to as "just a" will be network connected, and it's best to start early on best practices, especially since the TiVo is networkable.

Yes, people like to get into their TiVos (and other gadgets) and tinker with them. A friend who has a TiVo does it all the time, and when I see word of a new hack on Slashdot, I usually let him know. That being said, he's perfectly well aware that what he's doing can seriously screw him if he breaks something. If TiVo really wanted to lock people out, they'd disable the backdoors to begin with, and if they really needed to see the logs on a defective unit, they could load it up on a custom system that can pull the logs from the drives after putting them in a read-only configuration. It wouldn't stop everyone from getting in, but it would stop all but the most determined.

Re:Idiots

[mindstrm]

Because Tivo doesn't really care. They are doing this, probably, so that they can safely say that joe average doesn't have these features.

Do you think they are so stupid as to think that the community won't crack this? of course they know it will.. the point is that they be seen as shipping a product with these features disabled.

If it's too easy, and already public knowledge, they will change it, otherwise they could be seen as supporting those features, and could end up in court. Forcing peopel to go through this kind of crap makes it so it's easy for them to point out that it's unsupported, not part of their main product, etc.

Re:Idiots

[warpSpeed]

This isn't true, unfortunately. When the implementations of strong hash checking are done properly (everything in one chip, ROM a la Xbox), they WILL succeed in locking everyone else out without very expensive hacks.

It is true! It only takes ONE successful hack, then it is out of the bottle, until they release the next upgrade. With pooled resources, ala distributed CPU power, the problem will be solved eventualy. These companies are not going to put in real expensive CPUs to do heavy duty crypto when they are selling a comodity product. The cost per unit is too great. There will always be more powerful CPUs then the ones in these appliances.

Re:Idiots

[jpt.d]

I think the persistent state for all copyrighted works made after Micky Mouse will continue to be copyrighted...

Disney: "You can have Micky Mouse, when you pry it from my cold dead fingers"

Re:Idiots

[warmcat]

The RSA Crypto done on the Xbox XBE for example uses a 2048 bit key. It does not take an inordinate amount of time because they do a fast SHA-1 hash of the XBE contents, and then RSA-encrypt just the hash.

This is unbroken because anyone who knows enough to have a go at it can do the 2^2048 math and realize they are doomed, even with a planetful of Space Year 2100 supercomputers.

The fact is that strong crypto is going to lock out anyone other than the keyholder from being able to contribute to whatever platform is being locked up. The ONLY way through it will be implementation problems.

Searching for aliens? Curing disease?

TV! Now there's a cause I can get behind.

Is it updated via modem? if so, tap your own line!

[aaron_pet]

Is it updated via modem? if so, why not tap your own line!

i don't have a TiVo... nor... well yes I have a modem but it is currently being used as a paperweight...

But couldn't we get one of these software modems to just listen in on the other trafic?

I suspect that some Satelite TV companies do their stuff over the satelite... and some do it over the modem... either way, If I buy something... it's mine... No bugger is going to get away with deactivating it on me...

hmmm.... is this redundant?

[user311]

good cause?

How is this a good cause? I am asking out of sheer curiosity, not against the statement. If there is a legitimate reason to cracking it, then can someone point me to some literature about this subject, or just explain to me why TiVo deserves to be cracked in this manner???

I'm just confused, sounds like this is cracking, and last time I checked thats a pretty illegitimate thing to do, even advocate.

Re:hmmm.... is this redundant?

[JabberWokky]

Yes, this is cracking - it's getting the password to a machine that you have bought and paid for and is your private property. In other words, to move it to a metaphor for the physical world, people are trying to unlock their own bike locks.

A different, and possibly more interesting question is this: Why does the builder of the bike chain it to a bike rack *after* you have bought it and not give you the combination to the new lock? The scary thing is that according to the laws passed recently in the United States (by congressmen who likely did not understand the ramifications of what they were voting on), it is not only illegal to unlock your bike, but the original builders of the bike are allowed to lock it down any way they want after you have purchaced it, and it is illegal for you to even discuss the lock with other people or try to unlock it by yourself so you can use the bike. It is generally illegal (not always, but often) to take apart the bike to turn it into a tandem bike. And if you discuss bike locks in general including starting up a website or discussing them via email it's not only illegal, but you might be a political activist, one of the threats to the United States according to the intelligence community:

Political activism on the Internet has generated a wide range of activity, from using e-mail and web sites to organize, to web page defacements and denial-of-service attacks.

Life in these United States scares me of late. People have just about convinced themselves that they don't need to have physical power (the right to bear arms), and society is now casting organized groups in a bad light. First the right to bear arms, now the right to assemble.

And you, a presumably intelligent person, cannot understand that you should have the right to crack into your own private property? Or that there is anything wrong with the fact that you have to do so?

Ah, well...

--
Evan

Re:hmmm.... is this redundant?

[b_pretender]

JabberWokky, your analogy is poor. Although I agree that they should be legally allowed to access the backdoor, I don't like your analogy.

The reason why is that you can't *use* your bike if it's locked. You are perfectly capable of *using* a locked Tivo for its intended purposes.

A better analogy might be if the bicycle manufacturer *locked* the wheels to the bike. You'd still be able to ride the bicycle (aka use the tivo for its intended purpose), but you couldn't steal wheels from other bicycles and you wouldn't be able to change a tire unless you went to a *bicycle-company* certified mechanic who had the key (they do actually sell skewers for bike wheels with locks/keys). This might be akin stealing content from other Tivos or opening up and fixing/modding the Tivo.

I'm sure there are better analogies, but I just didn't think that yours applied very well. I do agree with your points, however.

Re:hmmm.... is this redundant?

[BluBrick]

Dude, it is live. It's just that the link takes you back to last week. You'll have to wait until next week to get this week's content from timewarp.org

Explain to me again why this is a good cause?

[mumblestheclown]

• corporations are evil?
• individuals or companies that attempt any sort of security should be shown that all their base, does indeed, belong to us?
• business models that involve selling a piece of hardware below cost to make money on additional software or services are the work of satan?
• because hackers can do something means that they should do it. laws and conventions do not apply to them because it is unlikely that they will get caught.
• if there's one thing the world needs, it's more TV.
• information deserves to be free. other people's information, that is.

Why figure out the password?

[phr2]

Why not just hack the code directly, to make it not bother with the password?

And when are we going to stop giving a damn about consumer gizmos running embedded linux, as long as the actual interesting functions are in some closed application running in the box? The interesting gadgets are the ones that are fully hackable, so the application code comes with source and is easy to customize. Freevo might be a start at a hackable PVR.

Re:Why figure out the password?

[rufo]

This is (sort of) possible. What you say can't be done literally on a Series2. TiVo has started checking hashes on everything in the Series2 units, so it's very difficult to hack the code on the TiVo. The kernel is signed with TiVo's private key, which the TiVo firmware checks on each bootup. Inside of the kernel is an initrd ramdisk, which contains to hashes to all the files on the TiVo's ext2 filesystem. (There's another filesystem called MFS that contains all of the TiVo video files and other critical data which isn't checked, but there's no executable code in there unfortunately.) Since the ramdisk is inside of the kernel, if you attempt to modify the ramdisk you ruin the signing, which means the firmware won't boot it. So until somebody hacks either the firmware, the private keys that the kernel is signed with, or manages to find a collision with the SHA-1 hashes, hacking the executable is out of the question. This also means all other fun forms of TiVo hacking are right out, such as TiVoWeb, yac/elseed (caller ID programs), e-mail notification systems and whatnot. (This is why I traded a friend a brand-new Series2 for a Series1 which he wasn't going to hack.)

Now, what you can do is modify the backdoor code hash itself, which is stored on the MFS file system. However, there's one big problem with that: You have to crack the case and pull out the hard drive, which has one of those lovely "Warranty Void if Removed/Damaged" stickers. True, many people are going to crack them open anyway to add a second drive, but there's also lots of people who won't. The backdoor codes can be entered without voiding the warranty; it's just a charachter code you enter on a certain screen. Voiding your warranty just to get into a few extra features via the backdoors code isn't something many people are willing to do.

And as for Freevo: Yeah, it might get somewhere sometime, but then again, it might not. Until it's as reliable, stable, and easy-to-use as my TiVo, I'm not planning on using it. I realize other people might have different tastes and prefer something majorly hackable, but I'm not one of them. :)

Because you're entitled to use your own hardware

[phr2]

You paid for it, it's yours, and you should be allowed to do whatever you want with it.

If some vendor decides, rightly or wrongly, that giving hardware away is a sensible business model, that doesn't in any way entitle them to any control over what you do with it once you take it home. Think of the stupid CueCat bar code wands from Radio Shack. The "legitimate" application intended for those things is long dead, but people continue to do useful things with the wands using software based on reverse engineering them.

No Offense

[jchawk]

Why are people still buying these devices if they don't offer the features they want or expect out of the box?

- This is a serious question, mod as such.

Re:No Offense

cause there simply is no alternative. 90% of all consumers are totally in the dark about anything that involves technology. So business run flashy ads and salespeople move the product. It simply is not economically sound for these companies to appease this small percentage of technologically literate consumers. So in the end it is the people who really will use the device to its fullest extent that get the shaft.

Re:No Offense

[wsloand]

Why are people still buying these devices if they don't offer the features they want or expect out of the box?

For the same reason that people buy cars then modify them. For the same reason that people update the software on their computers. For the same reason that people get accessories for or modify anything that they own.

Re:No Offense

[jafac]

And therin lies the rub.

90% of what people bitch about here on slashdot is the direct result of 90% of all consumers being totally in the dark about anything that involves technology. (Man, that would make a great .sig if it weren't for the wimpy length limit).

There are a few potential solutions to this problem:

1. Education - all children should be taught critical thinking, the scientific method, electronics and computers right next to reading, writing, and 'rithmatic. (yeah, like that's ever going to happen in this world - most people in the world are functionally illiterate, because their governments don't fund public education, etc. - in the US, we're lucky if some districts cram creationism down our throats - and between security checks for guns and bombs, drug dealers, gangs, football, etc - Education, will never ever happen).

2. Technocracy - Establish a ruling class of technologically savvy people (who rightfully deserve it!) to lead the unwashed masses into a glorious enlightened future. (this will occur moments after the current monied establishment all keels over from a deadly virus spread by contact with $100 bills - ya, right).

3. This is reality, society has reached a stable equilibrium with the ultra-rich running things, and making sure the ultra-stupid stay that way so that they can be kept as cheap, willing slaves and captive consumers of crippled goods.

Sorry to be such a downer, man.

Re:Because you're entitled to use your own hardwar

[mumblestheclown]

False.

You cannot buy a 2003 ford mustang, remove the muffler, and drive around at 3am generating 100db of sound. Yes, it's your hardware, but rules exist to further a public good--a (relatively) pollution and noise free environment.

Similarly, laws exist that say that you cannot circumvent pretction mechanisms such as that on the tivo.

Why? because, again, there is a public good involved, but this one is subtler. It's the public good of a business climate where companies make products and services using a variety of business models and people buy them and use them in a manner consistent with widely-held notions of fairness.

the alternative is a world where prices are higher / options are fewer because companies would have to hedge against unauthorized uses.

of course, for some businesses, it turns out to be beneficial that there is a user commuity that likes to hack around. but it's up for the company to decide whether that is, indeed, the case as far as it is concerned.

From the forum...

[Jeffv323]

Yikes!
Is there any way to contact /. and ask them NOT to run that post? I suspect that as soon as the post hits the front page, both tivocommunity.com and all of the pages associated with TivoCrack will be brought down by the load.

Too late! Now go watch your servers burst into flames...

FreeBSD port?

[BitHive]

I'm sure someone out there can whip up a FreeBSD port without too much trouble...or at least some precompiled Linux binaries that I could run on my FreeBSD boxes...

Re:Because you're entitled to use your own hardwar

[DNS-and-BIND]

God-damn independent people...doing whatever they want to with their own property. This must be stopped!

Re:Because you're entitled to use your own hardwar

[JohnFluxx]

You can if you don't disturb anyone, and its your own property.

Try to think of an example where

a) You own something
b) But you aren't allowed to do something with it, even in your own property, and it doesn't affect anyone else.

Works fine on Mac OS X

[benh57]

Compiles fine on Mac OS X. Just add:
typedef int socklen_t;
to the top of SSocket.h
and change:
-lcrypt
to
-lcrypto
in the Makefile.

-Ben

Technical info

[Otto]

First off, if you really want backdoors enabled, that thread on tivocommunity.com details how to do it by changing the hash yourself. You can change the hash it's checking on the disk and voila, no problem.

So this search is basically pointless, but again, it's only for the hell of it.

How it works:
1. Tivo changed the backdoor code in 3.0 to be an SHA1 hash. So when you input the backdoor code, it hashes it, compares the hashes, and enables backdoors if it matches.

2. The hash for 3.0 was reasonably simple to crack. It was short (6 characters) and so was found quickly. 3.2 is longer (everything up to and including 8 characters has been searched already). That's really all there is to it and why it's now a distributed client.

3. The slashdotting I now expect will probably take the server down. I really wish this hadn't been posted. In any case, too late now.

For more info about Tivo backdoors, see here.

For more info about the 3.0 hash crack (the easy one), see here.

Re:Technical info

[autocracy]

OK, this is almost certainly a really dumb question - but why can't we just put our own hash into the system?

busines for IBM

[abhikhurana]

Now I know why IBM wants CPU time to be a metered utility... all the TIVO consumers have to do is buy some CPU time on IBM supercomputers, and voila :-)
I can now see why IBM's business will succeed.

Re:Because you're entitled to use your own hardwar

[TarpaKungs]

Good argument, mumblestheclown. But I disagree concerning the freedom to employ unstable business models.

I agree, it wouldn't be very nice to set fire to my Tivo and throw it through your window. Conversely if I rip the silencer off my motor, it would be perfectly OK to drive it around on private land (with permission) 20 miles from the nearest inhabitant (in the UK at least).

One reason I may want to mod the box is this: consider that maybe I want to use and pay for the Tivo service but I also want to add some random feature. That would be in the same league as installing an amp in my car or whatever. I do not expect to have to ask the manufacturer's permission to disassemble my dashboard.

The other reason I may want to crack the unit is that it's my box - I paid for it, I own it, it's on my property.

I take on board your argument supporting varying business models - but I hold that the business model is flawed. Sell the box at a profit and discount the service. In a way Tivo's business model is basically parallel to the "loss-leader" trick employed by supermarkets. They offer something at an attractive discount (actually with a negative profit margin) in the hope that I will buy other products. However, it is perfectly reasonable for me to isolate all the loss leaders and buy them and nothing else, thus making a loss for the company. That's the risk they took. On average it works out well for them (or they'd stop doing it).

I'm sorry - if Tivo want to guarantee that I will buy their service, they shouldn't sell the box on it's own. Or they shouldn't at least sell it at a loss. I can buy a phone without a phone line or rent a phone line without a phone. It would be silly, but I can do it and it doesn't cause the telco or the phone makers any problems.

I generally subscribe to the view "What I own I can take the lid off and poke around" as a starting point. I am very much against any business model which is so flimsy that it needs laws like the DMCA to support it.

All of which is why I've added 2 machines at home to the cracking pool :-)

Sod the DMCA and everything like it in Europe!

Best, Timbo

Re:Because you're entitled to use your own hardwar

[photon317]

Wrong. I *can* do whatever I want to a 2003 ford mustang. I can remove the muffler, modify the camshaft... hell I can strap a rocket on the back if it pleases me. Obviously the manufacturer won't honor my warranty once I cross certain lines, and obviously because of laws for the common good, I won't be able to legally drive it on public highways after a certain point as well. But at any stage in whatever process, Ford will be more than happy to supply me all the technical data and help I need when it comes to how their car is designed and built - although some of the more advanced manuals come at a reasonable cost.

If TiVo were the same, then they should allow me to turn the box into a linux unreal tournament machine or an X.10 controller or whatever the hell else I want to do with it, and provide specs and documentation as neccesary to boot. They would of course void my warranty and/or tech support when I open the case or make invasive software changes - and at some point down the mod path they may no longer allow me to subscribe to their services, and may even disclaim to me that it's no longer legal for me to hook my TiVo up to a cable/satellite network (however dubious that may be) - but they wouldn't stop me from doing whatever I wanted with the hardware in my own home.

Re:Because you're entitled to use your own hardwar

[Fnkmaster]

Sorry dude, you are 100 miles off target. You aren't allowed to remove that muffler because it affect the PUBLIC GOOD, not because it adversely affects Ford's bottom line. There is massive gap between laws regarding use of your possessions in a manner contrary to the manufacturer's bottom line, and laws regarding use of your possessions to infringe on other individual's rights to life, liberty and the pursuit of happiness (and no, a corporation itself or a business model do not have rights).

A better example might be buying a 2003 Ford Mustang, ripping off the exhaust and installing an aftermarket exhaust system for 2003 Ford Mustangs. If Ford says "but we sell our Mustangs at a loss, the EULA says you will buy parts and maintenance from Ford" you would tell them to go fuck themselves. Likewise when a hardware or software maker tells me what I can do with a product I legally purchased.

Re:Because you're entitled to use your own hardwar

[Zeinfeld]

Why? because, again, there is a public good involved, but this one is subtler. It's the public good of a business climate where companies make products and services using a variety of business models and people buy them and use them in a manner consistent with widely-held notions of fairness.

I find it amazing that Tivo appologists fall for this type of tactic. The only reason they do is that they have not woken up to the fact that Tivo is not the only maker of PVRs.

I do not expect Tivo to survive. The clueless business model only works if there is no competition. There is plenty of competition in the space and that is only going to increase. Nobody succeeds with a razor and blades business model (the Tivo subscription) when there is a cheaper option flat fee.

Every one of the clueless 'I just want 0.01% of every transaction on the net' payment schemes failled miserably.

But every time we have a Tivo story the Tivo heads rush in to explain why everyone should pay twice the going rate for the technology. It is as pathetic as the Apple appologists, 'Macs are fastest, speed is what matters, buy a Mac, oops they are no longer fastest, well it isn't just CPU power that matters, its benchmarks, no its the pretty case'. Apple's price gouging and constant interface changing games to make old peripherals obsolete should be criticised as much as if not more than Microsoft's tactics. But they get away with it.

I don't want the video to decide what to record, I do that. I want a recorder with a removable disk so that the thing is not always full. There is an interesting port on the back of my DishPlayer PVR, anyone know what it does?

Re:Because you're entitled to use your own hardwar

[Fnkmaster]

It would be appropriate to note that this "crack" doesn't allow you to obtain free service, and that this has never been about free service. It's just about the ability to modify your Tivo, install cool things like TivoNet cards and so forth. Tivo keeps making this more difficult with every release. And each time it wears away a bit of community goodwill, which is sad because its this thriving community on which Tivo has built a business.

All you Tivo apologists...

[mindstrm]

let me ask you this.

You are all talking about how cracking this seems "wrong" and whatnot...

Has Tivo complained? No?

Shut up.

Re:Because you're entitled to use your own hardwar

[romco]

"You cannot buy a 2003 ford mustang, remove the muffler, and drive around at 3am generating 100db of sound. Yes, it's your hardware, but rules exist to further a public good--a (relatively) pollution and noise free environment."

Yes you can... removing your muffler is totally legal. You are are only breaking the law when you drive it on public roads. You can take it to a race track and drive it all you want.

If someone converts a Tivo into a hacking device AND uses it to break into computer networks, that would be illegal. You could also break the law by hitting someone over the head with your Tivo, no modifcations required.

Cracking and modding your Tivo is, and should remain, totally legal.

Not really needed, just for fun

[Antity]

From a post (from "Otto", discussion forum, 10-31-2002 08:14 PM):

As has been stated already, this search is essentially for fun. If you want to get the backdoors on your S2 unit, it's already been stated how to do it. Load up the drive in a computer and change that code to the other one. Voila. This power search is just out of boredoom's sake, and to see if we can do it. I'll be cool to find it, but it's not actually going to give us access to anything new, okay?

So, people: Relax. And: If you want to join Just For Fun[tm] (like I do), do it.

Password cracked... over 30 characters long!

[(H)elix1]

"!seineew era sreenigne VTetamitlU"

Re:Stupid question

[anonymous+cupboard]

When you don't run a games, your PC's GPU is doing very little. Simple 2d window management as with Win or X does not require much from the processor.

Running a distributed client on a GPU is an interesting idea, as it is esentially a very fast processor Optimised for 3d-math but with some general capabilities. OTOH, it would be difficult because it is hard to work directly on the GPU as the driver translates the instructions and GPUs very a lot (NVidia, Radeon, etc., and then the individual models). Also, the GPU would tend to run hotter as it would have to do more work (hard-gamers tend to ensure that their graphics card has additional cooling).

Re:Because you're entitled to use your own hardwar

[nolife]

You cannot buy a 2003 ford mustang, remove the muffler, and drive around at 3am generating 100db of sound. Yes, it's your hardware, but rules exist to further a public good--a (relatively) pollution and noise free environment.

First of all, you CAN remove your muffler and drive around at 3AM. You can do anything you want to that car. You just can not drive it on public roads legally after the fact. If you do this in your own property or a place like a track and no one complains about the noise it is 100% perfectly legal. Have you been to a race track on a test and tune night? By the way, removing the muffler does not increase your emissions levels, removing the catylatic convertors does, and yes, you can buy off road pipes (meaning no convertors) from thousands of companies for just about any vehicle.
Modifying a TIVO in no way shape or form bothers my neighbors or is a nuisance to the general public.

the alternative is a world where prices are higher / options are fewer because companies would have to hedge against unauthorized uses.

So when your business has a model that can not make money, the governmant should change the law against the public good (to use your own words) to help you make money? Are you on someones lobbying payroll? Did you ever think that maybe if a company made these hidden options available or added more options that maybe they could sell more units? The consumer would have MORE choices.

the alternative is a world where prices are higher / options are fewer because companies would have to hedge against unauthorized uses.

No, the alternate is where companies compete on the quality and usefulness of thier products. Not trying to squeeze every last penny from a product that is not really exactly what someone may want because a government handout let them keep making it for a profit on it.

Pointless but fun

[p3d0]

They say repeatedly this is just for fun. They have already found that, if you are willing to put the TiVo disk in your PC, you can patch the binary to use the old backdoor password. If you want to enable backdoors, that's how you do it.

They have already tried most of the 9-character space to no avail, and every additional character makes the search take 37 times longer. And, as was said numerous times, when they find it, TiVo will just change it again and tack on a couple more characters.

Plus, there is no verification of results, so surely someone will cheat a la SETI@Home just to inflate his score by returning a bunch of bogus results, and the results will be invalid. Worse yet, a truly malicious person could return bad results for a whole lot of valid usernames, and it may be impossible to separate the good results from the bad. (I don't know if the server tracks IP addresses, but those can be spoofed too.)

So, this is kind of futile, but it looks like they're having fun. :-)

Re:Ad-skips

[merlyn]

The code to enable 30-second skips is "select" "play" "select" "3" "0" "select", and does not require the "master back door enable" code referenced by this thread. The "master back door enable" code opens up about two dozen other codes. See the Tivo backdoor page for details.

Re:Because you're entitled to use your own hardwar

[Dr.+Evil]

Think of stuff like drugs, suicide, fictional pornography, and you'll have lots of laws which can get you arrested for doing things in the privacy of your own home. On the other hand, I like to think that the actions are only criminal if you get caught which means, by definition that you are no longer affecting only yourself.

However... I have a theory about this. As an armchair political theorist, I will make the broad statement that capitalism is anti-democratic. In the eyes of government, the will of the corporation has long outweighed the will of the people.

International government power is found in economic well-being and competativeness. Corporations provide that power and are thus more important than citizens.

So if a corporation says "we can be more competative if you support digital-etcetera laws", the government is compelled to assist them. Why? Because if your country slips in the capitalist system, you loose international power.

From this perspective, the Microsoft case was one where the government was torn between defending the internal free market, and defending a great international economic power. From the microscopic perspective... hurting the corporation could do more damage to domestic jobs than could be recovered by a healthy domestic marketplace. A battle between the tangible and immediate (jobs) and the abstract (healthy internal economy).

So do you use government might to empower Disney, Warner Bros and other domestic corporations? or do you risk loosing those corporations in the interest of personal freedom. That is, do you preserve your healthy and powerful global industry at the cost of individual liberties?

What could the people gain by the government supporting individual liberties?

truly open source TiVo alternatives

[xerofud]

This is why I sent back the Tivo I ordered (it was Series 2 which to my knowledge has never been successfully hacked ... yet). I don't want to be constantly locked out of my machine when some corporation decides to tighten the screws again by a forced software upgrade. In some sense, TiVo is worse than Microsoft, even though they nominally "support" open source by using Linux. With Windows, I choose when to install the Service Pack update ... at least thus far :)

Instead I bought a Pentium IV 2.4, Asus P4PE, 512 333 MB DDR, Leadtek A250 GF4 Ti4200 (which has a Conexant HDTV-capable video out ... don't buy a card with the lower quality VIVO Phillips chip) and a ATI TV-Wonder capture card. Grabbed two old 10Gig drives from another machine and I had something that cost me nothing more than the Series 2 TiVo.

What software will I run? Well, right now I'm leaning heavily toward MythTV. With this I will eventually be able to surf the web, check email, play games, as well as schedule programs and skip through commercials in TV broadcasts. A few bucks and an afternoon of tinkering will also hopefully allow me to control the channel switching on the digital cable box from the computer's infra-red port.

There is also Freevo, which I may consider looking at if I don't like MythTV, although the activity on the mailing lists indicate that this system is already quite functional for many users.

Hope this is useful to anyone out there still sitting on the fence. I reached my decision after several hours of research on the web. I hope I don't regret it!

Re:Out of curiosity, why not disassemble the code?

[TarpaKungs]

Hi John,

Having been running the cracker client all day, it appears two things are limited:

The character set involved is just: ABCDEFGHIJKLMNOPQRSTUVWXYZ 0123456789

I presume that limited by what you can enter via the Tivo remote (I don't actually have a Tivo).

The experts seem to be pretty sure they are dealing with a SHA1 hash. I'll shut up now as I'm not a crypto expert. The one thing I will say is the character set is *very* limited and favours a brute force attack.

It could be doomed if Tivo used a long string like 20 characters because every extra character requires 37 times as much effort to permute all combinations as was previously required.

It's taking and estimated 3 days to cover the len=9 passwords. So 100-odd days will be needed for the len=10 case.[1][2]

But there will be a limit to the length of the string - the Tivo engineers have to type the bl**dy thing in so I find it hard to believe it's as long as it is.

You might also think that patching the code is viable - I believe you can do that. However I did see some mutterings on a webgroup that Series 2 Tivos are key-signing parts of the system to prevent tampering (so the next job for someone will be hacking the firmware :-)

Best, Timbo

Note: [1] - Assuming no short cuts are used in the scan. Seems pretty linear looking at the logs on my machine.

Note: [2] - Of course, the computing pool is growing steadily.

Re:Because you're entitled to use your own hardwar

[BitterOak]

You cannot buy a 2003 ford mustang, remove the muffler, and drive around at 3am generating 100db of sound.

You cannot drive it around in public places without its muffler, but if you owned a huge estate with its own network of roads, and it was large enough that the sound wouldn't reach your neighbors, you are not only allowed to drive without the muffler, but also without license plates, driver's license, insurance, registration, or serial numbers!

This is an argument frequently put forth by the anti-gun lobby: you have to license cars and drivers, why not guns and gun owners? The difference is that in the former case you are licensing the right to use the vehicle in a public road you share with others, whose safety depends on your ability to use it correctly, whereas the latter would be required even for ownership in your private home.

I think an analogy exists with consumer electronic hardware as well. As long as you are not entering or affecting a public space or other persons, shouldn't your hardware be yours to do with as you wish?

not anymore

[Kevinv]

that was for an 8 character password. the stats are now for an 9 character password.

48% complete