The Lazy Genius

Security News & Brain Dumps from Xavier Ashe, a Bit9 Client Partner

Archive for February, 2007

Open Source Wii Mod Chip

Posted by Xavier Ashe on February 21, 2007

Wiip is a hardware
mod for the Wii system that allows you to boot backup discs. This mod works
by utilizing a cheap and simple microcontroller that communicates with the
serial port of the Wii's hybrid DVD drive and overrides certain parts of the
media's data stream. Allowing you to do all sorts of wonderful things (like
boot backup discs).

 

The
most important part of this project, is that it is open source! In
addition to releasing the Wiip chip, on this page you will soon be able
to download the PCB schematics, Wiip firmware and documentation! We
hope by creating this project, other users will make modifications to
our code for newer updates in the future (if needed).

 

The current
features of Wiip are:

  • Actually
    upgradeable! Device is bundled with an easy to use programming cable.

  • 20 MHz AVR
    microcontroller with 2KB of EEPROM (SMD type)

  • Customizable
    (via open source code)

  • Boots Wii games
    (DVD+R / DVD-R media)

  • Boots GC games
    and homebrew

  • AudioFix
    (naturally)

  • On board DIP
    switch (enable/disable mod, enable/disable stealth)

  • Works on DMS /
    D2A chipsets (sorry, we haven't worked on D2B yet)

The Wiip is going to
be available for a mere $20 retail (and that includes shipping!) and will appear shortly in our
online shop. Or the schematics,
code, and software will be available so you can make one for less than $10!
How is that for freedom?

From TCNISO.

Posted in Security | Leave a Comment »

The ultimate guide to hacking a CoinStar machine

Posted by Xavier Ashe on February 21, 2007

Background

Recently, CoinStar started a campaign where they won't charge you any fee if you turn your coins into iTunes gift cards, Amazon gift cards, or Virgin mobile cards. The machine doesn't actually give you any cards, but rather PINs which can be typed in on the sponsor's site and redeemed for their value. This works because the CoinStar machine has the power of the internets.

How to do it

This is really quite simple. Follow the directions as usual, but when it asks how you would like your money, make sure to pick the iTunes gift card. After it counts all of your change, the machine will ask you how much of your money you want as a gift card and how much you want as cash. Go ahead and set it all to gift card. Now, before proceeding, you need to find a way to unplug the phone jack from the back of the machine. I'm lucky because the wall phone jack for my local CoinStar is at about shoulder height right next to the machine.

Now the poor machine is in quite a pickle. It already has all of your change, and it can't give that back to you. It can't give you an iTunes card either. It could give you cash, but it's not going to lay that 9% fee on because you obviously didn't agree to that when you put your change in the machine. What can it do? Give you cash for FREE. After a few minutes of trying, it will simply give up and just give you a slip which can be redeemed for cash at the store customer service counter.

From AnitYawn.com.

Posted in Security | Leave a Comment »

Blu-Ray AND HD-DVD broken – processing keys extracted

Posted by Xavier Ashe on February 13, 2007

Arnezami, a hacker on the Doom9 forum, has published a crack for
extracting the “processing key” from a high-def DVD player. This key
can be used to gain access to every single Blu-Ray and HD-DVD disc.

Previously, another Doom9 user called Muslix64 had
broken both Blu-Ray and HD-DVD by extracting the “volume keys” for each
disc, a cumbersome process. This break builds on Muslix64's work but
extends it — now you can break all AACS-locked discs.

AACS took years to develop, and it has been broken in weeks. The developers spent billions, the hackers spent pennies.

For DRM to work, it has to be airtight. There can't be
a single mistake. It's like a balloon that pops with the first prick.
That means that every single product from every single vendor has to
perfectly hide their keys, perfectly implement their code. There can't
be a single way to get into the guts of the code to retrieve the
cleartext or the keys while it's playing back. All attackers need is a single mistake that they can use to compromise the system.

There is no future in which bits will get harder to
copy. Instead of spending billions on technologies that attack paying
customers, the studios should be confronting that reality and figuring
out how to make a living in a world where copying will get easier and
easier. They're like blacksmiths meeting to figure out how to protect
the horseshoe racket by sabotaging railroads.

The railroad is coming. The tracks have been laid
right through the studio gates. It's time to get out of the horseshoe
business.

From Boing Boing.  Or you can go read the article on Doom9.org.

Posted in Security | Leave a Comment »

DocuColor Tracking Dot Decoding Guide

Posted by Xavier Ashe on February 5, 2007

This guide is part of the Machine
Identification Code Technology project
. It explains how to read the date, time,
and printer serial number from forensic tracking codes in a Xerox DocuColor color laser
printout. This information is the result of research by
Robert Lee, Seth Schoen, Patrick Murphy, Joel Alwen, and Andrew “bunnie” Huang. We
acknowledge the assistance of EFF supporters who have contributed sample printouts to give us
material to study. We are still looking for help in this research; we are asking
the public to submit test
sheets
or join
the printers mailing list
to participate in our reverse engineering efforts.

The DocuColor series prints a rectangular grid of 15 by 8 miniscule yellow dots on
every color page. The same grid is printed repeatedly over the entire page, but the
repetitions of the grid are offset slightly from one another so that each grid is
separated from the others. The grid is printed parallel to the edges of the page,
and the offset of the grid from the edges of the page seems to vary.
These dots encode up to 14 7-bit bytes of tracking information, plus row and
column parity for error correction. Typically, about four of these bytes were unused
(depending on printer model), giving 10 bytes of useful data. Below, we explain how
to extract serial number, date, and time from these dots. Following the explanation,
we implement the decoding process in an interactive computer
program
.

Read the full article from EFF.

Posted in Main Page | Leave a Comment »

Dark_Alex Releases v3.10 Open Edition Release A for PSP

Posted by Xavier Ashe on February 4, 2007

And Dark_Alex is back with a beautiful custom firmware hack, this time
the newly released v3.10 is supported :). As if that wasn't enough,
he's even thrown in some cool features for developers as well as
allowing the 4th level of brightness to be selected without an AC
adaptor. Check it all out at his official release thread. Be sure to spread the word and digg this!

From MaxConsole.

Posted in PSP Hacks | Leave a Comment »

 
%d bloggers like this: