There are two important things here. First of all, this is a private high school. The First Amendment does not apply to private organizations, and even more so to religious private organizations *. Nor should it have to. If there is a problem with free speech, they can go to some other, possibly public school.
Even if the student is not going to a Catholic school by choice, the First Amendment does not apply. Although the government cannot restrict the free speech of a minor, the parent can. Parents are all-powerful with regards to their children, with the exception of a few things like abortion.
All in all, if I were running the school, I'd be far more worried about the clergy molesting the children than some outsider reading a web site.
*: Religious organizations, or more accurately non-profit organizations in general, really do have more freedom with their views. You can't fire someone from a normal job for saying "there is no heaven" (or another inoffensive but heretical statement). But you can certainly do that to your clergy. Freedom of speech and freedom of association both work this way.
Watermarks are generally useless when considering the N+1 algorithm. If you suspect a watermark, get a second person to leak it. Do a binary comparison between the two. Wherever they differ, change those bytes to a value that is neither one nor the other. Get a third leaker. If any new locations show up, repeat and get a fourth leaker. Otherwise, you're done.
"N+1" refers to how you are defeating a cross-tagging system against N people by having N+1 collaborate. For simple per-person tagging, N=1, so you need 2 people to collaborate to remove the tag. The third person is only there to prove that there are no more tags.
There are two ways you can try to defeat this. One is to make N quite large, for example by putting tags that identify pairs of viewers, triples of viewers, etc. that would catch people collaborating.
The other way is to make the tag part of the encoding process, such that (almost) the whole disk changes for each viewer. The problem with this is that MPEG2 encoding takes many hours, and would have to be done for each viewer individually. Also, it would need to be sophisticated, as it would have to survive recompression. The pirates would be able to spot this, however, and do a frame-by-frame (+/- a few frames to thwart frame addition/deletion) comparison and randomize or average anything that changes.
Personally, if I were a recipient of such screeners *and* I wanted to pirate them, I would give the disk to someone and stage a break-in of my house.
Obviously, this is not forgery with an intent to fool, but like posting unaltered dollar bill photographs on a website, it's at least uncool and asking for trouble.
Of course, you can't even do that today, with Photoshop forced to block images of dollar bills...
How can DRM possibly be open source? It is by nature security through obscurity. If the algorithm is public, it is trivial to crack it. DRM is client-side "security".
REAL modem drivers would use ATS2=255, which disables the +++ string. Then, to hang up, you drop the Terminal Ready (TR) bit of the serial port. This way, there is no string that can hang up the modem.
Video games' copy protection systems install device drivers like crazy to try to prevent CD-ROM emulators and such. Others install drivers to prevent cheating. When they do this, they often mess up the system involved and leave the system vulnerable to attack.
For example, a few months ago, the nProtect anti-cheat system, which installs device drivers, had a buffer overflow in it that allowed local privilege escalation.
Trademark law has a fundamental difference from copyright law. Trademark law is based primarily on fraud prevention. Nobody has the right to claim that their product was made by someone else. I don't like the way many things in trademark law are going, but at least it isn't fundamentally wrong.
In the United States, the standard for allowing unauthorized entry by authorities is "imminent threat". Leaking gas is definitely an imminent threat, and most certainly the fire department can enter your house to fix it.
This is a bit of inaccurate hand-waving, but the algorithm is closer to O(p^3). It takes p modular squares to do a Lucas-Lehmer test. A modular square in a bad implementation would take O(p^2) time, so it's O(p) * O(p^2) = O(p^3).
In reality, it's a bit less than O(p^3), because squaring modulo a Mersenne number can be done significantly faster than O(p^2), in fact approaching the theoretical speed limit O(p log2 p).
The reason the tests take so long is simply the size of the numbers. An optimal Lucas Lehmer test would take time O(p^2 log2 p). Since we use processors that do 32 bits at a time, p=25964951/32=811405. O(p^2 log2 p) > 12924002851764 operations. On a 3 GHz processor capable of 1 32x32 multiply per clock (unrealistic), that's 4308 seconds as an optimal minimum. Add realism and you can easily see how it takes a month.
The same thing happens in Windows. Try turning off Justify mode.
Melissa
Re:Info on what exactly SHA-1 is ...
on
SHA-1 Broken
·
· Score: 2, Insightful
That's not quite correct. One-way hashers and block ciphers are really the same thing, just used in different modes of operation. See SHACAL on Wikipedia.
I made my own, independent PSO server that also supports GameCube PSO. My server isn't public, though.
You can log onto the server using either this Code Breaker code or by setting your DNS server as someone mentioned earlier.
There is one problem, however. When Sega shuts down auth01.dricas.com, which they surely will, it will be impossible for American v2 and Japanese players to get on these servers without a Code Breaker. This is because the game connects to this particular server using HTTPS, and verifies the key as matching "auth01.dricas.com" and being signed by VeriSign.
All hardware for the entire history of computing runs entirely imperative code. Imperative is clearly going to be the most popular because it related directly to what computers are capable of doing.
SQL is really a hybrid of declarative and imperative. While it's true that you almost never say *how* to access the data in a database, you say *what* to do to the database imperatively.
YACC isn't truly declarative, either. In order to use it successfully you need to understand the imperative internals of the parsing process.
I know a certain 2048 bit number that needs factoring. It's too bad that quantum computers won't be around in time for the Xbox.
Are digital signature schemes possible with so-called "quantum encryption?" I just don't see how you could turn perfect intrusion detection into a digital signature scheme.
I think that Sonas is making a critical mistake here. Quantum computers are not far off. We'll probably see them in universities in 40 years. Once quantum computers exist, chess is over. Nothing can beat a quantum chess player, not even itself, for the simple reason that it's mathematically impossible. The question of which is a better chess player will become irrelevant.
Sometimes, I get people emailing me saying that my program has a security bug due to its use of strcpy, and that strcpy is unsafe. They don't bother to notice that my code is safe (in a setuid program) and yet faster than strncpy:
int main(int argc, char **argv)
{
char buffer[256];
if (!argv[1])
return 1;
argv[1][sizeof(buffer) - 1] = 0;
strcpy(buffer, argv[1]);
}
I hate having to deal with this in my program. I can't imagine what code reviews would be like from my bosses... >_
Myria 3
The reality is that this is not exploiting a bug - it's exploiting a back door. In the Dreamcast PSO Version 2, Sega added a packet command named RcvProgramPatch. (The game had debug symbols.) This packet was added to make cheating more difficult and fix bugs. Basically, the server can send assembly code to the client to execute. But back doors work both ways. The GC version and Xbox version have the same packet, and this is the result.
Sonic Team did encrypt the packets, as most online games do. In fact, it is with a custom algorithm that is different from the already-cracked Dreamcast encryption. This system should have been secure: Gamecube disks are basically unreadable, and you need to read the disk in order to break the encryption!
However, Sonic Team made a fatal mistake. They used the same encryption in the Xbox version. Those disks are readable. Hackers found out, and used the Xbox encryption algorithm to break the Gamecube encryption.
It's believed that the GC ISO copies were made using this PSO exploit, as well as the N64 ROM of Zelda Master Quest, which in fact was dumped off the Zelda bonus disk using PSO.
I'm really wondering what Nintendo and Microsoft will do about this... Microsoft, for one, has told developers that anyone who puts a back door into a game will lose their developer's license >_<
I'm a cheater-coder like the article mentions, and a very advanced one at that. Most cheater-coders are just newbie programmers learning Visual Basic for the first time. Only a few, like me, are experts. We're reverse engineers - the same kind of person as crackers, but not involved in piracy. We learn the intricate details of how games work at the assembly level and make cheats based on this. We can be very dangerous, sometimes able to crash players' computers, but we're usually not like that! Many of us, like me, take our cheating experience and use it productively to make our own unauthorized game servers (remember bnetd?).
I really think that the policy of banning cheaters forever is counterproductive. Cheaters are paying customers, and are obsessed with the game they're cheating in. Rather than ban them, what should be done is to make their cheating impossible. If they get caught cheating, reset their stats or some other appropriate punishment - don't ban them! And most importantly, *fix the game*.
Yes, that will work ^-^. Note that if you do this, you also will need to do the modulo operation on the multiplication result you're about to discard. Otherwise, the lack of a modulo operation would become a noticeable time difference.
The exploit behind this is actually not that complicated, if you know RSA. In RSA, you have these formulas:
C=M^e mod n (encryption/signature verification)
M=C^d mod n (decryption/signing)
When OpenSSL wants to sign a message C, it needs to produce the signature M using the "M=C^d mod n" formula above. Calculating this is simple in idea: calculate C to the d'th power modulo n. However, d is a very big number; on average, it is n/2. There is no way you can calculate C^d mod n by multiplying C with itself many times.
The answer to this is to use a "repeated squaring" algorithm. Let's say that d=17, and you want to calculate C^d. Multiplying C 17 times works, but is very slow. It is possible to calculate C^17 using the following formula:
C^17 = C * C^16
C^17 = C * (((C^2)^2)^2)^2
Now, there are only 5 multiplies: 4 squares and one multiply with C. There is a pattern to when you square and when you multiply. The number 17 is 10001 in binary. The binary digits tell you when to square and when to multiply.
You start with the number 1, and go through the bits in 10001 from left to right. For each bit, either 0 or 1, you square. But if a bit is a 1, you also multiply. This means that the first step (a 1 bit), you square, then multiply by C. Since you started out with 1, you get C here. For the next 3 bits, all 0's, you square, getting C^8 as your result. The last bit is a 1. You square, getting C^16, then multiply by C again, since it's a 1 bit. This gets you C^17.
The problem here is that "1" bits require a different amount of work than "0" bits. When you have a "1" bit, you have to perform an additional multiply than for a "0" bit. If you can somehow time each multiplication/square step, you can determine whether the bit of "d" was a 0 or 1. If you can do this 2048 times, you can calculate all the bits of the private key, which is "d". That is what this attack does, minus all the complicated details.
This RSA hole can only possibly be exploited when the attacker has physical access to the device (as in a smart card attack), or the owner of the private key automatically signs/decrypts messages sent from a client (as in OpenSSL). Manual encryption systems, such as those used for email, can't be exploited this way realistically.
Slashdot Mirror
There are two important things here. First of all, this is a private high school. The First Amendment does not apply to private organizations, and even more so to religious private organizations *. Nor should it have to. If there is a problem with free speech, they can go to some other, possibly public school.
Even if the student is not going to a Catholic school by choice, the First Amendment does not apply. Although the government cannot restrict the free speech of a minor, the parent can. Parents are all-powerful with regards to their children, with the exception of a few things like abortion.
All in all, if I were running the school, I'd be far more worried about the clergy molesting the children than some outsider reading a web site.
*: Religious organizations, or more accurately non-profit organizations in general, really do have more freedom with their views. You can't fire someone from a normal job for saying "there is no heaven" (or another inoffensive but heretical statement). But you can certainly do that to your clergy. Freedom of speech and freedom of association both work this way.
Melissa
Watermarks are generally useless when considering the N+1 algorithm. If you suspect a watermark, get a second person to leak it. Do a binary comparison between the two. Wherever they differ, change those bytes to a value that is neither one nor the other. Get a third leaker. If any new locations show up, repeat and get a fourth leaker. Otherwise, you're done.
"N+1" refers to how you are defeating a cross-tagging system against N people by having N+1 collaborate. For simple per-person tagging, N=1, so you need 2 people to collaborate to remove the tag. The third person is only there to prove that there are no more tags.
There are two ways you can try to defeat this. One is to make N quite large, for example by putting tags that identify pairs of viewers, triples of viewers, etc. that would catch people collaborating.
The other way is to make the tag part of the encoding process, such that (almost) the whole disk changes for each viewer. The problem with this is that MPEG2 encoding takes many hours, and would have to be done for each viewer individually. Also, it would need to be sophisticated, as it would have to survive recompression. The pirates would be able to spot this, however, and do a frame-by-frame (+/- a few frames to thwart frame addition/deletion) comparison and randomize or average anything that changes.
Personally, if I were a recipient of such screeners *and* I wanted to pirate them, I would give the disk to someone and stage a break-in of my house.
Melissa
Of course, you can't even do that today, with Photoshop forced to block images of dollar bills...
Melissa
This is just the nail in HD-DVD's coffin. The studios are now going to flock straight to Blu-Ray with this announcement. Sucks but true.
Melissa
How can DRM possibly be open source? It is by nature security through obscurity. If the algorithm is public, it is trivial to crack it. DRM is client-side "security".
Melissa
Okay, but what about the DVD-R ISO? I'd much rather burn this thing to a single DVD-R than burn it to 5 CD-Rs.
Melissa
REAL modem drivers would use ATS2=255, which disables the +++ string. Then, to hang up, you drop the Terminal Ready (TR) bit of the serial port. This way, there is no string that can hang up the modem.
Melissa
Video games' copy protection systems install device drivers like crazy to try to prevent CD-ROM emulators and such. Others install drivers to prevent cheating. When they do this, they often mess up the system involved and leave the system vulnerable to attack.
For example, a few months ago, the nProtect anti-cheat system, which installs device drivers, had a buffer overflow in it that allowed local privilege escalation.
Melissa
Trademark law has a fundamental difference from copyright law. Trademark law is based primarily on fraud prevention. Nobody has the right to claim that their product was made by someone else. I don't like the way many things in trademark law are going, but at least it isn't fundamentally wrong.
Myria
In the United States, the standard for allowing unauthorized entry by authorities is "imminent threat". Leaking gas is definitely an imminent threat, and most certainly the fire department can enter your house to fix it.
Melissa
This is a bit of inaccurate hand-waving, but the algorithm is closer to O(p^3). It takes p modular squares to do a Lucas-Lehmer test. A modular square in a bad implementation would take O(p^2) time, so it's O(p) * O(p^2) = O(p^3).
In reality, it's a bit less than O(p^3), because squaring modulo a Mersenne number can be done significantly faster than O(p^2), in fact approaching the theoretical speed limit O(p log2 p).
The reason the tests take so long is simply the size of the numbers. An optimal Lucas Lehmer test would take time O(p^2 log2 p). Since we use processors that do 32 bits at a time, p=25964951/32=811405. O(p^2 log2 p) > 12924002851764 operations. On a 3 GHz processor capable of 1 32x32 multiply per clock (unrealistic), that's 4308 seconds as an optimal minimum. Add realism and you can easily see how it takes a month.
calc.exe formula: 811405y2*(811405n/2n)
Melissa
The same thing happens in Windows. Try turning off Justify mode.
Melissa
That's not quite correct. One-way hashers and block ciphers are really the same thing, just used in different modes of operation. See SHACAL on Wikipedia.
Melissa
Phantasy Star Online Blue Burst uses nProtect, and the first thing I did was net stop it.
C:\>net stop npptnt2
The NPPTNT2 service was stopped successfully.
Melissa
Passport does have a lot of users, but only for Microsoft stuff. MSN, Hotmail, and Xbox Live, all very popular, use Passport.
(Xbox Live's case is a little more complicated, but it does use Passport at its core.)
Melissa
I made my own, independent PSO server that also supports GameCube PSO. My server isn't public, though.
You can log onto the server using either this Code Breaker code or by setting your DNS server as someone mentioned earlier.
There is one problem, however. When Sega shuts down auth01.dricas.com, which they surely will, it will be impossible for American v2 and Japanese players to get on these servers without a Code Breaker. This is because the game connects to this particular server using HTTPS, and verifies the key as matching "auth01.dricas.com" and being signed by VeriSign.
Melissa 3
All hardware for the entire history of computing runs entirely imperative code. Imperative is clearly going to be the most popular because it related directly to what computers are capable of doing.
SQL is really a hybrid of declarative and imperative. While it's true that you almost never say *how* to access the data in a database, you say *what* to do to the database imperatively.
YACC isn't truly declarative, either. In order to use it successfully you need to understand the imperative internals of the parsing process.
Melissa <3
I know a certain 2048 bit number that needs factoring. It's too bad that quantum computers won't be around in time for the Xbox.
Are digital signature schemes possible with so-called "quantum encryption?" I just don't see how you could turn perfect intrusion detection into a digital signature scheme.
Melissa <3I think that Sonas is making a critical mistake here. Quantum computers are not far off. We'll probably see them in universities in 40 years. Once quantum computers exist, chess is over. Nothing can beat a quantum chess player, not even itself, for the simple reason that it's mathematically impossible. The question of which is a better chess player will become irrelevant.
Melissa <3
Sometimes, I get people emailing me saying that my program has a security bug due to its use of strcpy, and that strcpy is unsafe. They don't bother to notice that my code is safe (in a setuid program) and yet faster than strncpy: int main(int argc, char **argv) { char buffer[256]; if (!argv[1]) return 1; argv[1][sizeof(buffer) - 1] = 0; strcpy(buffer, argv[1]); } I hate having to deal with this in my program. I can't imagine what code reviews would be like from my bosses... >_ Myria 3
The reality is that this is not exploiting a bug - it's exploiting a back door. In the Dreamcast PSO Version 2, Sega added a packet command named RcvProgramPatch. (The game had debug symbols.) This packet was added to make cheating more difficult and fix bugs. Basically, the server can send assembly code to the client to execute. But back doors work both ways. The GC version and Xbox version have the same packet, and this is the result.
Sonic Team did encrypt the packets, as most online games do. In fact, it is with a custom algorithm that is different from the already-cracked Dreamcast encryption. This system should have been secure: Gamecube disks are basically unreadable, and you need to read the disk in order to break the encryption!
However, Sonic Team made a fatal mistake. They used the same encryption in the Xbox version. Those disks are readable. Hackers found out, and used the Xbox encryption algorithm to break the Gamecube encryption.
It's believed that the GC ISO copies were made using this PSO exploit, as well as the N64 ROM of Zelda Master Quest, which in fact was dumped off the Zelda bonus disk using PSO.
I'm really wondering what Nintendo and Microsoft will do about this... Microsoft, for one, has told developers that anyone who puts a back door into a game will lose their developer's license >_<
Melissa ^-^It's because the solutions are not necessarily on a vertex, unlike LP. A greedy approach won't necessarily work.
It's the same reason that 0-1 Knapsack is NP-complete yet fractional Knapsack is P and very easy.
Melissa ^-^
I'm a cheater-coder like the article mentions, and a very advanced one at that. Most cheater-coders are just newbie programmers learning Visual Basic for the first time. Only a few, like me, are experts. We're reverse engineers - the same kind of person as crackers, but not involved in piracy. We learn the intricate details of how games work at the assembly level and make cheats based on this. We can be very dangerous, sometimes able to crash players' computers, but we're usually not like that! Many of us, like me, take our cheating experience and use it productively to make our own unauthorized game servers (remember bnetd?).
I really think that the policy of banning cheaters forever is counterproductive. Cheaters are paying customers, and are obsessed with the game they're cheating in. Rather than ban them, what should be done is to make their cheating impossible. If they get caught cheating, reset their stats or some other appropriate punishment - don't ban them! And most importantly, *fix the game*.
Melissa <3
Yes, that will work ^-^. Note that if you do this, you also will need to do the modulo operation on the multiplication result you're about to discard. Otherwise, the lack of a modulo operation would become a noticeable time difference.
Myria ^-^ *hugs*
The exploit behind this is actually not that complicated, if you know RSA. In RSA, you have these formulas:
C=M^e mod n (encryption/signature verification)
M=C^d mod n (decryption/signing)
When OpenSSL wants to sign a message C, it needs to produce the signature M using the "M=C^d mod n" formula above. Calculating this is simple in idea: calculate C to the d'th power modulo n. However, d is a very big number; on average, it is n/2. There is no way you can calculate C^d mod n by multiplying C with itself many times.
The answer to this is to use a "repeated squaring" algorithm. Let's say that d=17, and you want to calculate C^d. Multiplying C 17 times works, but is very slow. It is possible to calculate C^17 using the following formula:
C^17 = C * C^16
C^17 = C * (((C^2)^2)^2)^2
Now, there are only 5 multiplies: 4 squares and one multiply with C. There is a pattern to when you square and when you multiply. The number 17 is 10001 in binary. The binary digits tell you when to square and when to multiply.
You start with the number 1, and go through the bits in 10001 from left to right. For each bit, either 0 or 1, you square. But if a bit is a 1, you also multiply. This means that the first step (a 1 bit), you square, then multiply by C. Since you started out with 1, you get C here. For the next 3 bits, all 0's, you square, getting C^8 as your result. The last bit is a 1. You square, getting C^16, then multiply by C again, since it's a 1 bit. This gets you C^17.
The problem here is that "1" bits require a different amount of work than "0" bits. When you have a "1" bit, you have to perform an additional multiply than for a "0" bit. If you can somehow time each multiplication/square step, you can determine whether the bit of "d" was a 0 or 1. If you can do this 2048 times, you can calculate all the bits of the private key, which is "d". That is what this attack does, minus all the complicated details.
This RSA hole can only possibly be exploited when the attacker has physical access to the device (as in a smart card attack), or the owner of the private key automatically signs/decrypts messages sent from a client (as in OpenSSL). Manual encryption systems, such as those used for email, can't be exploited this way realistically.
Myria ^-^ *hugs*