http://www.cedmagazine.com/ced/2001/0801/08a.htm#s b
If you thought/.ers rambling about the cable companies wanting to treat the internet as a service they can exert control over instead of being common carriers was paranoid hokum, just check this out. Instead of trying to pass legislastion at the federal level, they're going state to state like UCITA.
"Expands the definition of "telecommunication service" to include, but not limited to, all electronic data, video, audio, Internet access...."
"Expands the definition of "unlawful telecommunication device" to include any telecommunication device that is capable of facilitating the disruption, acquisition, receipt, transmission or decryption of a telecommunication service without the consent or knowledge of the telecommunication service provider. (Examples include any "device, technology, product, service, equipment computer software or component or part thereof" that is "primarily distributed, sold, designed, assembled, manufactured, modified, programmed, re-programmed or used for the purpose of providing unauthorized disruption of, decryption of, access to or acquisition of any telecommunication service.")"
The RIAA lost RIAA v. Diamond Multimedia. You do not RecallCorrectly, so shut up. Go to www.eff.org (no hrefs, you've already been too lazy), put in RIAA & Diamond and a treasure trove of real information will come out. Imagine that.
Diamond & others got scared of being classified under the AHRA as home recording devices so until the Archos Recorder, none have had good quality recording- only voice-in.
the correct term would be the Home recording Act of 1992
Nope. (can I say "Bzzzt! Wrong"? Please!) Check out RIAA v. Diamond Multimedia. The RIAA claimed the 1st Rio mp3 player was a recording device and should be covered by the AHRA. If that was true, making copies would be OK, but the player would have to have SCMS (which it did not).
The judge (besides saying AHRA didn't apply) extended Sony v. Universal Studios (the Betamax case) which has affirmed time-shifting as a fair use, calling space-shifting (or media-shifting) a fair use also.
As written in the code, fair use sounds much more limited. It seems to apply to educational and journalistic use (copying an excerpt from a book in order to review it), but case law has used the four tests (see Sony v. Connectix and Sega v. Accolade for instance) to extend the notion beyond that. Sony v. Connectix was decided after the DMCA went into effect, by the way.
I'll save you a mouseclick:
Sec. 107. Limitations on exclusive rights: Fair use
Notwithstanding the provisions of sections 106 and 106A, the fair use of a copyrighted work, including such use by reproduction in copies or phonorecords or by any other means specified by that section, for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright. In determining whether the use made of a work in any particular case is a fair use the factors to be considered shall include -
(1) the purpose and character of the use, including whether
such use is of a commercial nature or is for nonprofit
educational purposes;
(2) the nature of the copyrighted work;
(3) the amount and substantiality of the portion used in
relation to the copyrighted work as a whole; and
(4) the effect of the use upon the potential market for or
value of the copyrighted work. The fact that a work is unpublished shall not itself bar a finding of fair use if such finding is made upon consideration of all the above factors.
whereas the XBox is using well-known hardware, and thus will be already achieving much closer to its full potetial from the start
I agree with your reason why the xbox may not see the great leaps in performance we see as developers learn other consoles. However, I think the fact that the xbox is a console, not a pc (it's really both, but hear me out) may be more important.
PC developers never know what they're going to be running on, so have to be careful. Xbox developers know exactly what the hardware is and they get the whole dang box. I guess that most of the early xbox developers came from PC land. As they learn to push to the edge and as those used to pushing (veteran console developers) learn PC hardware, we may yet see improvements vs. first-release games.
It's an 8 bit wide, 8 megabit (1 megabyte) part in a TSOP 40 pin package.
The closeups the chips on the "we took one apart" pages always seem to leave this part out. It's being multiply-sourced: I've seen Hyundai, Intel and ST Micro in the various pictures, but the part number I could read was the Hyndai (now Hynix) HY29F080T-50 (pdf datasheet). I'm not sure about that -50. It was blurry and the standard part only comes in speeds up to 70ns (flash is slow, by the way).
The code in this part is probably what needs to be hacked/replaced with something that doesn't care about signatures on boot drives if we're to load "unauthorized" software.
You need the right equipment to get this puppy off intact (to read it in a ROM burner) and to avoid damaging the PCB, but it isn't rocket science. The trick is to heat all the pins on one side at once. A low-power microscope (when I worked in a bio lab we called 'em dissecting scopes) is a good idea too 'cause I don't think the warranty will apply if you screw it up.
There are sockets available for this part so multiple attempts at an "open" BIOS can be made without repeated soldering.
The simplest explanation for why the Xbox doesn't support CD-R is that it only has a red laser. CD's use infrared lasers. Stamped CDs and some CD-RWs and very few CD-Rs can be read by DVD drives.
Some DVD transports (I guess all DVD-ROM PC drives) have dual pickups with both lasers (and phototransistors sensitive to each wavelength). They're more expensive, though.
DVD-Rs should work if you're trying to backup or steal games. You'd probably need to make a bit-for-bit copy (if the DVD-R's firmware lets you) so your keys are preserved. It's possible that the more complicated scenario of reading the run-in groove would prevent that, though. On the gripping hand, I'd expect that DVD-R-Video of home movies would work.
Linux has been ported to every freakin piece of hardware that has come down the pike
But it hasn't been ported to every box without the cooperation of the manufacturer. Notice that no one is doing their own port to the PS2, but they're on their knees waiting for Sony to get around to it.
The i-opener was pretty easy because the manufacturer didn't take measures to keep unauthorized software off it. The only "difficult" port I can think of was NetBSD (not Linux!) to the Dreamcast.
Trade secret law only protects against misappropriation of trade secrets- getting them through theft, fraud or violating a confidentiality agreement.
Reverse engineering, has generally not been held to qualify as "improper means" because even though it might be pretty damn hard to get at them, the ideas are "generally available."
However, there's a case when a company took aerial photographs of a DuPont chemical plant under construction & it was considered improper means. If the MS-BIOS is encrypted, there may be a stronger case for improper-ness. However, I believe that the DVDs are digitally signed and the BIOS is not encrypted, though I wouldn't be surprised if they did something simple like scramble the address lines.
A shrink wrap license was (controversially) upheld in the CyberPatrol (Mattel) case. I don't think the Xbox has one of those.
Well, we used to all work for a company that went insane (so we had to quit), but gave us some good $$ anyway. A couple of us aren't "working" right now & others are working part-time or (me) annoyed & ready to quit.
We're all embedded software people, and we have access to an SMT lab & logic analyzers & scopes & a modern ROM burner, so we're equipped, but it's a matter of motivation. We've been talking about starting a company to do various projects for 6 months now & know we won't have many chances, so want to make sure it's a good project. This one isn't the greatest, but it'll bring us publicity & maybe investment.
I wish I were still in grad school. I did shit then that I think would be impossible now.
Here's a slightly better picture than the one in the article. The chip to the right and a little up from [4] appears to be an Intel Strataflash of a pretty small size -- a 32 or 40 pin TSOP, good for only 2megabytes. The fact that it might be only 8 bits wide shouldn't matter because the ROM copies itself to RAM on bootup (Flash is slooooow).
Also, this claims the ROM contains FAT32 and UDFS filesytem code. Not that it matters 'cause I plan to set the xbox's hard drive aside & put in one with a real filesystem (yes, ext3fs) anyway.
I do believe that the ROM will only boot code from a signed DVD, but I also believe that ROM is replaceable.
Oh... you're in Cambridge. It's kind of hard to collaborate over the net on a project that requires hacking the hardware, huh? We can always share ideas once we've disassembled the boot ROM though.
Where are you located? I'm in Santa Cruz & have compadres in San Jose & further up the peninsula interested in hacking the xbox. Read my earlier message for more.
Xbox runs Linux
on
XBox Released
·
· Score: 2, Informative
Did I get your attention? Good. I want to clear up a few
misconceptions and fish for more information. I'm interested in doing
a *nix port (NetBSD or Linux), I have one or two compadres who are
also skilled in the embedded arts and might have the time. Let's get
on to the issues:
LEGAL - DMCA
There have been a few comments here that seem to seriously misconstrue
what the DMCA is capable of, so let's review that then take a look at
reverse-engineering case history.
"Ella the Cat" fished for ideas on what the Microsoft team might have
done to keep unauthorized software off their box, then worried about
DMCA implications. "Chakat" suggested that circumventing MS's
only-signed-discs-may-apply code could be a DMCA violation.
I won't quote it all, but here's chapter
12 of the US Code. 1201(b) is what Dmitry's been charged under.
It only prohibits devices that circumvent methods that "effectively
protects a right of a copyright owner."
In this case, Microsoft can claim copyright on the BIOS in the Xbox.
Suppose that we remove the MS-BIOS and replace it with one that'll
boot anything (L-BIOS). We've circumvented a measure that prevented
running unauthorized games, but that authorization or lack of has no
legal weight behind it. Microsoft must enforce it themselves by
creating strong measures.
We have to be careful that L-BIOS doesn't allow booting copies
of games or we will run afoul of the DMCA.
The two cases that I think are most apropos are Sega v. Accolade and
Sony v. Connectix. Accolade tried to create Genesis-compatible games.
Connectix tried to emulate the Playstation. Both cases were about
copyrights on games that were disassembled in order to figure out how
the game machine worked. The odd thing to me is that disassembling
the code and creating a work that used the ideas contained therin was
no problem. What Sony & Sega attacked on was making a copy of the ROM
into a computer's memory to do the disassembling. The courts found
(post-DMCA in the Sony case) that the copying was fair use to gain
access to the ideas. Copyright only applies to the expression of
those ideas in the object code of the ROM.
Disassembling MS-BIOS to figure out how to talk to the memory, USB and
hard disk controllers and create L-BIOS is perfectly legal. It's
important to avoid copying MS-BIOS code directly and a clean room
would be a good idea (the disassemblers send specs to the
L-BIOS authors who never see the actual code), but it seems that
Connectix did not employ clean room techniques and got away with it.
The ROM [...] will provide the following [...] services: FAT32 file system, UDFS file system, Copy-protection support,
Certificate/signature validation
Supported media are CD, DVD, CD-RW, or DVD-R. There is no CD-R support.
Power Up- When the user turns on the console, the system software is decompressed out of read-only memory (ROM) into random access memory (RAM). Once in RAM, the system software initializes the hardware[....]
Media Detection- Upon power up [...] If it determines that the media [in the DVD drive] is a game, it loads the game into RAM, checks the signature of the game to verify that it is an authentic copy, then starts playing the game.
-
So it appears that MS-BIOS will only boot signed (presumably using
strong encryption) DVDs. There are, of course, two answers to this:
1) Replace the MS-BIOS with a more pleasant L-BIOS that'll boot
anything and perhaps boot off the hard drive instead of the DVD. Loading "real" games sounds pretty hairy and I'd rather not figure out how to do that, so you won't be able to play them anymore. I'm envisioning replacing the Flash ROM (I have access to a nice Nikon binocular microscope and a Metcal soldering iron for working on surface mount parts), but there are a couple of alternatives: a) piggy-back on a 2nd ROM containing L-BIOS except for chip-select which is hooked to a switch or b) use the JTAG port to reprogram the part in-circuit (only possible with some mfg.'s parts).
2) Figure out how to sign our own discs. This is a good excuse for me to get a DVD recorder. I'm concerned that this method is fewer steps away from a "mod chip" that plays duplicated games.
-
Well, that's what I've found out. I'm interested because it sounds like it'll be sort of hard. If we need to hook up a logic analyzer & watch MS's code do its thing I can handle that. I think getting Linux up & running, talking to keyboards & mice over USB & doing TCP/IP over the ethernet port shouldn't be too bad. Getting basic graphics (VGA emulation) up shouldn't be bad, but I make no promises that we'll be able to use the nVidia 3d. I'm thinking a server is a lot more likely than a nuevo-Indrema/TuxBox.
Worst case scenario is that the chipset itself has encryption hardware built-in and it must be unlocked by the CPU before it will enable access to RAM or peripherals. I doubt they had enough time to do something that clever.
By the way, you can reach me at morganw@yahoo.com (posting preferences not workin' for me)
The RIAA's approach to Gnutella thus far has been actively discovering copyright offenders and sending DMCA complaints to their ISP
I was a bit worried about this so I did some research. The only case of someone actually losing access was covered in an article on Salon.News.com reported about pressure on ISPs, but mentioned only one subscriber being cut off.
I checked the dslreports message boards expecting to find howls of protests by those cut off from their monopoly broadband providers. Silence....
I think the RIAA and MPAA are doing a great job at scaring people away from file sharing without actually paying many bounty hunters because the idea of a secret copyright police force is so juicy.
Similarly, there seems to be hysteria about people being denied boarding on aircraft for being dissidents. The Bangor, Maine Green Party member turns out to have been pretty uncooperative. Yes, the guard was an overbearing oaf, but she admits to provoking him in an interview . The Green's press release doesn't mention any of this.
The guy detained in Germany for having "unconventional" views and the guy denied flying for having a copy of Hayduke Lives look like the result of hysterical untrained guards, not a plot to deny everyone's civil rights. More hysteria won't help.
The guy who was harassed for taking pictures of National Guardsmen at a security checkpoint probably should have asked first (it's supposedly not illegal, but photography at customs is so he should have thought a bit), but he was another victim of a freakazoid with a chip on his shoulder.
I don't think we should have to turn into loyal plastic robots, but I'm not going to wear my Circumvention Device t-shirt through airport security. No need to get the wheels of teeny minds spinning.
There's certainly an epidemic of ineptitude (that's not new since Sept. 11), but I don't believe there's an epidemic of harrassment. Likewise of ISPs and their customers.
In every state I have lived in, you are required to have (at the age of 18), either a VALID and CURRENT driver's license, or a CURRENT state ID.
You must not have lived in California. We have a statute on the books which requires production of "valid" ID on demand by a LEO, but it was struck down because "valid" was "vague" by the Supreme Court in the Kolender v. Lawson case.
Closing society to those who don't want to give up all their rights is not acceptable simply because you've given them a choice. Comdex is not a great example, but how about not being able to fly without being cavity searched? You suffer if you refuse to participate in such a system 'cause you think that's going too far.
I've been a victim of SSN + Visa identity theft so let me clear up a few misconceptions: the thief didn't know my birthdate or mother's maiden name. Those are typically used for confirming id when checking in on an *existing* account. The thief didn't steal my accounts (except for the Visa), but created new ones using my good credit. A valid SSN plus made up everything else was sufficient. The thief used his real physical address which was a room he rented for a few months only because he rented some expensive equipment which had to be delivered (he didn't return it).
The idea that a national ID number would only be shared with "trustworthy" companies and the government and therefore safe from theft is silly. I suspect my Visa # was stolen by a clerk at a store or a keypunch operator at an ecommerce site. My SSN is known by a whole host of companies including some health insurance phone jockeys who I've gotten pissed off at. I also used to be pretty casual with an insecure cordless telephone.
Real, fallible, corruptible people handle these numbers.
Everyone looks like someone else. Just find your doppleganger, shoot him, hide the body and take his card or carve out his chip.
Biometrics will help prevent this but how long will it take to equip every checkpoint with thumbprint/face/retina scanners?
Eventually surgical techniques will catch up and it'll be possible to graft a print so it looks natural or an eyeball so it moves (it doesn't have to work 'cause the id thief is willing to sacrifice a lot more than eyesight).
If there was no consumer revolving credit system and someone proposed setting one up today without using modern security including strong cryptography, but just using issued-once, use-many 16 digit numbers, limited liability for fools who lose their cards and fraud enforcement by the taxpayers through the FBI, would you call it ineffective?
The music and movie industries are just looking for the same government perks that the banking and securities (and nuke power and military hardware and...) industries get.
The DMCA will be effective if it is vigorously enforced to the point of scaring off offenders or driving them into a small underground. Ashcroft has stated his intention to treat intellectual "property" "theft" as a cybercrime right up there with hacking banks.
A few government-sponsored corpses could be enough to stop Chinese use of peekabooty. A few people losing their broadband connection from their monopolistic provider could stop gnutella. There's been wide coverage of one shutdown and a few threats, but the "bounty hunters" don't really seem to be causing much pain. Watch out when the RIAA's version of Carnivore is installed at ISPs and WinXP starts ratting its users out.
A few hackers in the underground won't be (economically) effective at circumventing weak DRM if everyone is afraid to use their wares.
Hacking weak systems and showing the emporer has no clothes is certainly still worth it, but so is fighting the laws that prop up those systems.
I recall that when the RIAA lost their suit to keep the original Diamond mp3 portable player off the market, there was a voluntary agreement among some player mfg.s to include only voice-quality recording on the devices. It wasn't part of any settlement, law or contract but seemed to be self-regulation.
There are now high fidelity mp3 recorders. The Archos Jukebox Recorder is one that records to hard drive so you can fit entire concerts on it without having to change a DAT or MiniDisc.
I've always wondered what the beef with hi-fi analog-in mp3 recorders would be in the first place. Digital recorders have been around for a while and the only objection has been on their digital inputs. Faster-than-realtime access to the music (not possible with DAT/DCC/MiniDisc) makes swapping the music easier, but hard disc recorders (including ultraportable laptops with hi-fi audio i/o) have been around for a while, also without objection.
While I've only seen the record-feature-missing Archos Jukebox with my own eyes, Archos does make the Recorder version available on their website, seemingly without complaint or objection from the RIAA.
I've read about amateur astronomers using pen lasers (a.k.a. laser pointers- class IIIa, under 5mw) to turn off streetlights.
It occurs to me that cameras might be blindable by lasers.
Black, crinkled/corrugated-texture-inside shrouds (lens hoods) extending forward from the lens would prevent you from disabling with a low power laser while out of the field of view of the camera, but I imagine most cameras don't have great optics so far-off-axis light *will* bounce around in the lens barrel enough to hit the sensor with a good amount of light.
I just picked up one of these for a mechanics experiment so I'll try it (briefly!) with my camcorder.
The idea (well, my idea anyway. You might have others) is to use cheap and easily obtainable lasers to *temporarily* blind cameras, not expensive/powerful ones to destroy them. My laser runs off a pair of AAA cells, but a D cell pair should run it for many hours.
Pen lasers are harder to find in my area (Northern California) due to a fatal auto accident that allegedly involved one. If this works and word gets out, better stock up!
Be aware that this remote has limited memory for learned keys. For setups that are mostly "stock" that's fine, but *none* of the universals (even Sony's) seem to have built-in setups for TiVo (at least the Sony one), so you'll need to program every key by learning from the TiVo remote.
To answer another poster's question, the Sony RM-VL900 will handle a TiVo. I came up one button short so I'm missing a function, but I can't remember what it is 'cause it's been so long since I used the real remote. I still have thumbs up&down and back-up-a-few-seconds. I think I'm missing jump-to-end or jump-to-beginning.
Slashdot Mirror
http://www.cedmagazine.com/ced/2001/0801/08a.htm#s b
/.ers rambling about the cable companies wanting to treat the internet as a service they can exert control over instead of being common carriers was paranoid hokum, just check this out. Instead of trying to pass legislastion at the federal level, they're going state to state like UCITA.
If you thought
"Expands the definition of "telecommunication service" to include, but not limited to, all electronic data, video, audio, Internet access...."
"Expands the definition of "unlawful telecommunication device" to include any telecommunication device that is capable of facilitating the disruption, acquisition, receipt, transmission or decryption of a telecommunication service without the consent or knowledge of the telecommunication service provider. (Examples include any "device, technology, product, service, equipment computer software or component or part thereof" that is "primarily distributed, sold, designed, assembled, manufactured, modified, programmed, re-programmed or used for the purpose of providing unauthorized disruption of, decryption of, access to or acquisition of any telecommunication service.")"
The RIAA lost RIAA v. Diamond Multimedia. You do not RecallCorrectly, so shut up. Go to www.eff.org (no hrefs, you've already been too lazy), put in RIAA & Diamond and a treasure trove of real information will come out. Imagine that.
Diamond & others got scared of being classified under the AHRA as home recording devices so until the Archos Recorder, none have had good quality recording- only voice-in.
-M
the correct term would be the Home recording Act of 1992
Nope. (can I say "Bzzzt! Wrong"? Please!) Check out RIAA v. Diamond Multimedia. The RIAA claimed the 1st Rio mp3 player was a recording device and should be covered by the AHRA. If that was true, making copies would be OK, but the player would have to have SCMS (which it did not).
The judge (besides saying AHRA didn't apply) extended Sony v. Universal Studios (the Betamax case) which has affirmed time-shifting as a fair use, calling space-shifting (or media-shifting) a fair use also.
As written in the code, fair use sounds much more limited. It seems to apply to educational and journalistic use (copying an excerpt from a book in order to review it), but case law has used the four tests (see Sony v. Connectix and Sega v. Accolade for instance) to extend the notion beyond that. Sony v. Connectix was decided after the DMCA went into effect, by the way.
I'll save you a mouseclick:
Sec. 107. Limitations on exclusive rights: Fair use
Notwithstanding the provisions of sections 106 and 106A, the fair use of a copyrighted work, including such use by reproduction in copies or phonorecords or by any other means specified by that section, for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright. In determining whether the use made of a work in any particular case is a fair use the factors to be considered shall include -
(1) the purpose and character of the use, including whether
such use is of a commercial nature or is for nonprofit
educational purposes;
(2) the nature of the copyrighted work;
(3) the amount and substantiality of the portion used in
relation to the copyrighted work as a whole; and
(4) the effect of the use upon the potential market for or
value of the copyrighted work. The fact that a work is unpublished shall not itself bar a finding of fair use if such finding is made upon consideration of all the above factors.
whereas the XBox is using well-known hardware, and thus will be already achieving much closer to its full potetial from the start
I agree with your reason why the xbox may not see the great leaps in performance we see as developers learn other consoles. However, I think the fact that the xbox is a console, not a pc (it's really both, but hear me out) may be more important.
PC developers never know what they're going to be running on, so have to be careful. Xbox developers know exactly what the hardware is and they get the whole dang box. I guess that most of the early xbox developers came from PC land. As they learn to push to the edge and as those used to pushing (veteran console developers) learn PC hardware, we may yet see improvements vs. first-release games.
It's an 8 bit wide, 8 megabit (1 megabyte) part in a TSOP 40 pin package.
The closeups the chips on the "we took one apart" pages always seem to leave this part out. It's being multiply-sourced: I've seen Hyundai, Intel and ST Micro in the various pictures, but the part number I could read was the Hyndai (now Hynix) HY29F080T-50 (pdf datasheet). I'm not sure about that -50. It was blurry and the standard part only comes in speeds up to 70ns (flash is slow, by the way).
The code in this part is probably what needs to be hacked/replaced with something that doesn't care about signatures on boot drives if we're to load "unauthorized" software.
You need the right equipment to get this puppy off intact (to read it in a ROM burner) and to avoid damaging the PCB, but it isn't rocket science. The trick is to heat all the pins on one side at once. A low-power microscope (when I worked in a bio lab we called 'em dissecting scopes) is a good idea too 'cause I don't think the warranty will apply if you screw it up.
There are sockets available for this part so multiple attempts at an "open" BIOS can be made without repeated soldering.
The simplest explanation for why the Xbox doesn't support CD-R is that it only has a red laser. CD's use infrared lasers. Stamped CDs and some CD-RWs and very few CD-Rs can be read by DVD drives.
Some DVD transports (I guess all DVD-ROM PC drives) have dual pickups with both lasers (and phototransistors sensitive to each wavelength). They're more expensive, though.
DVD-Rs should work if you're trying to backup or steal games. You'd probably need to make a bit-for-bit copy (if the DVD-R's firmware lets you) so your keys are preserved. It's possible that the more complicated scenario of reading the run-in groove would prevent that, though. On the gripping hand, I'd expect that DVD-R-Video of home movies would work.
Linux has been ported to every freakin piece of hardware that has come down the pike
But it hasn't been ported to every box without the cooperation of the manufacturer. Notice that no one is doing their own port to the PS2, but they're on their knees waiting for Sony to get around to it.
The i-opener was pretty easy because the manufacturer didn't take measures to keep unauthorized software off it. The only "difficult" port I can think of was NetBSD (not Linux!) to the Dreamcast.
Trade secret law only protects against misappropriation of trade secrets- getting them through theft, fraud or violating a confidentiality agreement.
Reverse engineering, has generally not been held to qualify as "improper means" because even though it might be pretty damn hard to get at them, the ideas are "generally available."
However, there's a case when a company took aerial photographs of a DuPont chemical plant under construction & it was considered improper means. If the MS-BIOS is encrypted, there may be a stronger case for improper-ness. However, I believe that the DVDs are digitally signed and the BIOS is not encrypted, though I wouldn't be surprised if they did something simple like scramble the address lines.
A shrink wrap license was (controversially) upheld in the CyberPatrol (Mattel) case. I don't think the Xbox has one of those.
Well, we used to all work for a company that went insane (so we had to quit), but gave us some good $$ anyway. A couple of us aren't "working" right now & others are working part-time or (me) annoyed & ready to quit.
We're all embedded software people, and we have access to an SMT lab & logic analyzers & scopes & a modern ROM burner, so we're equipped, but it's a matter of motivation. We've been talking about starting a company to do various projects for 6 months now & know we won't have many chances, so want to make sure it's a good project. This one isn't the greatest, but it'll bring us publicity & maybe investment.
I wish I were still in grad school. I did shit then that I think would be impossible now.
Sony v. Connectix was decided after the DMCA had been passed.
Reverse engineering is still legal. Using it to create a copyright circumvention device is not.
Therefore, reverse engineering the MS-BIOS to boot linux instead of a game is OK, but to allow running dupes of games is not OK.
Making an intermediate copy of the MS-BIOS in order to reverse engineer it is fair use. That is precisely what Sony v. Connectix was about.
2) The bios is held encrypted in the nv2a
So why is there one of these on the motherboard? (possible datasheet )
Here's a slightly better picture than the one in the article. The chip to the right and a little up from [4] appears to be an Intel Strataflash of a pretty small size -- a 32 or 40 pin TSOP, good for only 2megabytes. The fact that it might be only 8 bits wide shouldn't matter because the ROM copies itself to RAM on bootup (Flash is slooooow).
Also, this claims the ROM contains FAT32 and UDFS filesytem code. Not that it matters 'cause I plan to set the xbox's hard drive aside & put in one with a real filesystem (yes, ext3fs) anyway.
I do believe that the ROM will only boot code from a signed DVD, but I also believe that ROM is replaceable.
Oh... you're in Cambridge. It's kind of hard to collaborate over the net on a project that requires hacking the hardware, huh? We can always share ideas once we've disassembled the boot ROM though.
Where are you located? I'm in Santa Cruz & have compadres in San Jose & further up the peninsula interested in hacking the xbox. Read my earlier message for more.
LEGAL - DMCA
There have been a few comments here that seem to seriously misconstrue what the DMCA is capable of, so let's review that then take a look at reverse-engineering case history.
"Ella the Cat" fished for ideas on what the Microsoft team might have done to keep unauthorized software off their box, then worried about DMCA implications. "Chakat" suggested that circumventing MS's only-signed-discs-may-apply code could be a DMCA violation.
I won't quote it all, but here's chapter 12 of the US Code. 1201(b) is what Dmitry's been charged under. It only prohibits devices that circumvent methods that "effectively protects a right of a copyright owner."
In this case, Microsoft can claim copyright on the BIOS in the Xbox. Suppose that we remove the MS-BIOS and replace it with one that'll boot anything (L-BIOS). We've circumvented a measure that prevented running unauthorized games, but that authorization or lack of has no legal weight behind it. Microsoft must enforce it themselves by creating strong measures.
We have to be careful that L-BIOS doesn't allow booting copies of games or we will run afoul of the DMCA.
LEGAL - Reverse Engineering
The Emulation FAQ AppendixB Appendix C provides a good background. Also see CASE SUMMARIES OF COMPUTER COPYRIGHT CASES and Overreaching Provisions in Software License Agreements by Michael Liberman.
The two cases that I think are most apropos are Sega v. Accolade and Sony v. Connectix. Accolade tried to create Genesis-compatible games. Connectix tried to emulate the Playstation. Both cases were about copyrights on games that were disassembled in order to figure out how the game machine worked. The odd thing to me is that disassembling the code and creating a work that used the ideas contained therin was no problem. What Sony & Sega attacked on was making a copy of the ROM into a computer's memory to do the disassembling. The courts found (post-DMCA in the Sony case) that the copying was fair use to gain access to the ideas. Copyright only applies to the expression of those ideas in the object code of the ROM.
Disassembling MS-BIOS to figure out how to talk to the memory, USB and hard disk controllers and create L-BIOS is perfectly legal. It's important to avoid copying MS-BIOS code directly and a clean room would be a good idea (the disassemblers send specs to the L-BIOS authors who never see the actual code), but it seems that Connectix did not employ clean room techniques and got away with it.
TECHNICAL
The Xbox System Software Overview says in part:
The ROM [...] will provide the following [...] services: FAT32 file system, UDFS file system, Copy-protection support, Certificate/signature validation
Supported media are CD, DVD, CD-RW, or DVD-R. There is no CD-R support.
Power Up- When the user turns on the console, the system software is decompressed out of read-only memory (ROM) into random access memory (RAM). Once in RAM, the system software initializes the hardware[....]
Media Detection- Upon power up [...] If it determines that the media [in the DVD drive] is a game, it loads the game into RAM, checks the signature of the game to verify that it is an authentic copy, then starts playing the game.
-
So it appears that MS-BIOS will only boot signed (presumably using strong encryption) DVDs. There are, of course, two answers to this:
1) Replace the MS-BIOS with a more pleasant L-BIOS that'll boot anything and perhaps boot off the hard drive instead of the DVD. Loading "real" games sounds pretty hairy and I'd rather not figure out how to do that, so you won't be able to play them anymore. I'm envisioning replacing the Flash ROM (I have access to a nice Nikon binocular microscope and a Metcal soldering iron for working on surface mount parts), but there are a couple of alternatives: a) piggy-back on a 2nd ROM containing L-BIOS except for chip-select which is hooked to a switch or b) use the JTAG port to reprogram the part in-circuit (only possible with some mfg.'s parts).
2) Figure out how to sign our own discs. This is a good excuse for me to get a DVD recorder. I'm concerned that this method is fewer steps away from a "mod chip" that plays duplicated games.
-
Well, that's what I've found out. I'm interested because it sounds like it'll be sort of hard. If we need to hook up a logic analyzer & watch MS's code do its thing I can handle that. I think getting Linux up & running, talking to keyboards & mice over USB & doing TCP/IP over the ethernet port shouldn't be too bad. Getting basic graphics (VGA emulation) up shouldn't be bad, but I make no promises that we'll be able to use the nVidia 3d. I'm thinking a server is a lot more likely than a nuevo-Indrema/TuxBox.
Worst case scenario is that the chipset itself has encryption hardware built-in and it must be unlocked by the CPU before it will enable access to RAM or peripherals. I doubt they had enough time to do something that clever.
By the way, you can reach me at morganw@yahoo.com (posting preferences not workin' for me)
I don't think Bill will be shooting a wad at Hillary anytime soon.
He will if the SSSCA is passed and Microsoft DRM is chosen as the music protection device of choice.
The RIAA's approach to Gnutella thus far has been actively discovering copyright offenders and sending DMCA complaints to their ISP
I was a bit worried about this so I did some research. The only case of someone actually losing access was covered in an article on Salon. News.com reported about pressure on ISPs, but mentioned only one subscriber being cut off.
I checked the dslreports message boards expecting to find howls of protests by those cut off from their monopoly broadband providers. Silence....
I think the RIAA and MPAA are doing a great job at scaring people away from file sharing without actually paying many bounty hunters because the idea of a secret copyright police force is so juicy.
Similarly, there seems to be hysteria about people being denied boarding on aircraft for being dissidents. The Bangor, Maine Green Party member turns out to have been pretty uncooperative. Yes, the guard was an overbearing oaf, but she admits to provoking him in an interview . The Green's press release doesn't mention any of this.
The guy detained in Germany for having "unconventional" views and the guy denied flying for having a copy of Hayduke Lives look like the result of hysterical untrained guards, not a plot to deny everyone's civil rights. More hysteria won't help.
The guy who was harassed for taking pictures of National Guardsmen at a security checkpoint probably should have asked first (it's supposedly not illegal, but photography at customs is so he should have thought a bit), but he was another victim of a freakazoid with a chip on his shoulder.
I don't think we should have to turn into loyal plastic robots, but I'm not going to wear my Circumvention Device t-shirt through airport security. No need to get the wheels of teeny minds spinning.
There's certainly an epidemic of ineptitude (that's not new since Sept. 11), but I don't believe there's an epidemic of harrassment. Likewise of ISPs and their customers.
In every state I have lived in, you are required to have (at the age of 18), either a VALID and CURRENT driver's license, or a CURRENT state ID.
You must not have lived in California. We have a statute on the books which requires production of "valid" ID on demand by a LEO, but it was struck down because "valid" was "vague" by the Supreme Court in the Kolender v. Lawson case.
There's a doctrine called "freedom of movement" with which "you papers please" requests interfere. Read this for some info/background.
Closing society to those who don't want to give up all their rights is not acceptable simply because you've given them a choice. Comdex is not a great example, but how about not being able to fly without being cavity searched? You suffer if you refuse to participate in such a system 'cause you think that's going too far.
I have a firewire port and $400 and this looks pretty interesting, but oops, waitaminute, it's Mac only.
WTF?
I've been a victim of SSN + Visa identity theft so let me clear up a few misconceptions: the thief didn't know my birthdate or mother's maiden name. Those are typically used for confirming id when checking in on an *existing* account. The thief didn't steal my accounts (except for the Visa), but created new ones using my good credit. A valid SSN plus made up everything else was sufficient. The thief used his real physical address which was a room he rented for a few months only because he rented some expensive equipment which had to be delivered (he didn't return it).
The idea that a national ID number would only be shared with "trustworthy" companies and the government and therefore safe from theft is silly. I suspect my Visa # was stolen by a clerk at a store or a keypunch operator at an ecommerce site. My SSN is known by a whole host of companies including some health insurance phone jockeys who I've gotten pissed off at. I also used to be pretty casual with an insecure cordless telephone.
Real, fallible, corruptible people handle these numbers.
Everyone looks like someone else. Just find your doppleganger, shoot him, hide the body and take his card or carve out his chip.
Biometrics will help prevent this but how long will it take to equip every checkpoint with thumbprint/face/retina scanners?
Eventually surgical techniques will catch up and it'll be possible to graft a print so it looks natural or an eyeball so it moves (it doesn't have to work 'cause the id thief is willing to sacrifice a lot more than eyesight).
It's the Olympus C-211, review here, Olympus product page here.
It takes Polaroid 500 film.
By the way, the digital->polaroid printers sort of screw up that "evidence" advantage of Polaroids don't they?
If there was no consumer revolving credit system and someone proposed setting one up today without using modern security including strong cryptography, but just using issued-once, use-many 16 digit numbers, limited liability for fools who lose their cards and fraud enforcement by the taxpayers through the FBI, would you call it ineffective?
...) industries get.
The music and movie industries are just looking for the same government perks that the banking and securities (and nuke power and military hardware and
The DMCA will be effective if it is vigorously enforced to the point of scaring off offenders or driving them into a small underground. Ashcroft has stated his intention to treat intellectual "property" "theft" as a cybercrime right up there with hacking banks.
A few government-sponsored corpses could be enough to stop Chinese use of peekabooty. A few people losing their broadband connection from their monopolistic provider could stop gnutella. There's been wide coverage of one shutdown and a few threats, but the "bounty hunters" don't really seem to be causing much pain. Watch out when the RIAA's version of Carnivore is installed at ISPs and WinXP starts ratting its users out.
A few hackers in the underground won't be (economically) effective at circumventing weak DRM if everyone is afraid to use their wares.
Hacking weak systems and showing the emporer has no clothes is certainly still worth it, but so is fighting the laws that prop up those systems.
I recall that when the RIAA lost their suit to keep the original Diamond mp3 portable player off the market, there was a voluntary agreement among some player mfg.s to include only voice-quality recording on the devices. It wasn't part of any settlement, law or contract but seemed to be self-regulation.
There are now high fidelity mp3 recorders. The Archos Jukebox Recorder is one that records to hard drive so you can fit entire concerts on it without having to change a DAT or MiniDisc.
I've always wondered what the beef with hi-fi analog-in mp3 recorders would be in the first place. Digital recorders have been around for a while and the only objection has been on their digital inputs. Faster-than-realtime access to the music (not possible with DAT/DCC/MiniDisc) makes swapping the music easier, but hard disc recorders (including ultraportable laptops with hi-fi audio i/o) have been around for a while, also without objection.
While I've only seen the record-feature-missing Archos Jukebox with my own eyes, Archos does make the Recorder version available on their website, seemingly without complaint or objection from the RIAA.
-M
I've read about amateur astronomers using pen lasers (a.k.a. laser pointers- class IIIa, under 5mw) to turn off streetlights.
It occurs to me that cameras might be blindable by lasers.
Black, crinkled/corrugated-texture-inside shrouds (lens hoods) extending forward from the lens would prevent you from disabling with a low power laser while out of the field of view of the camera, but I imagine most cameras don't have great optics so far-off-axis light *will* bounce around in the lens barrel enough to hit the sensor with a good amount of light.
I just picked up one of these for a mechanics experiment so I'll try it (briefly!) with my camcorder.
The idea (well, my idea anyway. You might have others) is to use cheap and easily obtainable lasers to *temporarily* blind cameras, not expensive/powerful ones to destroy them. My laser runs off a pair of AAA cells, but a D cell pair should run it for many hours.
Pen lasers are harder to find in my area (Northern California) due to a fatal auto accident that allegedly involved one. If this works and word gets out, better stock up!
-M
Be aware that this remote has limited memory for learned keys. For setups that are mostly "stock" that's fine, but *none* of the universals (even Sony's) seem to have built-in setups for TiVo (at least the Sony one), so you'll need to program every key by learning from the TiVo remote.
To answer another poster's question, the Sony RM-VL900 will handle a TiVo. I came up one button short so I'm missing a function, but I can't remember what it is 'cause it's been so long since I used the real remote. I still have thumbs up&down and back-up-a-few-seconds. I think I'm missing jump-to-end or jump-to-beginning.