Last week we published a post about how it was discovered through trial and error that Tektronix application modules are designed with laughable security. We’ll get to that part of it in a minute. We received a DMCA Takedown Notice from Tektronix (which you can read after the break) demanding that we remove the post. We have altered the original post, but we believe our coverage of this story is valid and we don’t agree that the post should be completely removed.
First off, Tektronix sells the modules to unlock the features already present on the Oscilloscope in questions. We’re operating on the moral assumption that using these features without paying their asking price is wrong. If you want the features they’ve developed you should pay for them.
The real story here is that Tektronix designed a woefully weak system for unlocking these modules. Learn from this. If you’re ever designing a hardware key, don’t do it like this!
An EEPROM, a connector, and a plain text string of characters which is already published publicly on their website is all that is necessary to unlock these “crippled” features. Let’s just say that again: apparently every hardware key is the same and just uses a plain-text string found on their website which is not encrypted or obfuscated. If you were selling these keys for $2.99 perhaps this would be adequate, but Tek values these modules at $500 apiece.
If you were designing this system wouldn’t it be worth using an encryption key pair based on the serial number or some other piece of unique information? How do you think this should have been done? Leave your comment below.
Continue reading “Hardware “Security” and a DMCA Takedown Notice”
So you’ve been rooting devices eh? If you get caught you’re headed for the big house, the lockup, the pen, the joint, they’ll send you up the river, you better be careful! Seriously though, if you buy a device and circumvent the security features should that in itself be breaking the law? We’re not talking about stealing intellectual property, like playing copied games on a chipped system (yeah, that’s stealing). We mean unlocking a device so that you can use it for what you wish. Be it your own prototyping, or running open-source applications. Unfortunately if the current Digital Millennium Copyright Act exemptions expire it will be a crime.
Thankfully, [Bunnie] is doing something about this. You may remember him as the guy that found most of the ridiculous security holes in the original Xbox, or the brain behind the Chumby. Now’s he’s got an online petition where your voice can be heard. Speak up and let the US politicians know why unlocking a device isn’t a crime.
A landmark in home 3d printing was set when [Dr. Ulrich Schwanitz] sent a DMCA takedown notice to Thingiverse.com on users [artur83] and [chylld’s] takes on his Penrose triangle model. ([chylld’s] take is pictured above) While the takedown itself is highly debatable, we do think it’s cool that home 3d printing has come far enough to begin infringing on the copyrights of objects themselves. Right now media pirating has the front stage, but it’s not hard to look a little further into the crazy sci-fi universe that is our future and see a battle being fought over the rights to physical objects.
[via Thingiverse Blog]
The regulars at the United T1 forums keep them coming, this time hacking the Texas Instruments Nspire graphing calculator. We enjoy seeing the exploits that unlock the backend of these types of devices. The difference this time is that the hacking continues even though Texas Instruments has shown that it intends to protect the security of their devices using the DMCA. The Nspire thread linked above discusses the DMCA concerns just a bit but it seems obvious to us that running your own code falls under the umbrella of the act. The exploit package hasn’t yet been posted, but if you want it make sure you check back regularly before the take-down order comes in from TI.
Texas Instruments has issued a DMCA notice to United TI, a group of enthusiasts. They had been cracking the keys that sign the operating system binaries in an attempt to gain access and possibly expand on the features. This seems, at least a little counter productive to us. Texas Instruments doesn’t sell the operating system separately do they? These people were buying their product and expanding on it. There is no difference in their income, except possibly a gain as people flock to the one they can modify. Maybe they are charging more for an expanded feature set that is crippled in the OS.
YouTomb is a research project designed by the MIT Free Culture group to track video take downs on YouTube. To succeed, the team needed to track every single video on YouTube… which is close to impossible. Instead, they built several “explorer” scripts to track what videos were interesting. One explorer tracks all of YouTube’s lists: recommended, featured, most active, and more. Another explorer picks up every video submitted to YouTube, and a third crawls Technorati.
The explorers just find the videos; a separate group of scanner scripts checks the current status of videos. It checks both the new videos and ones that have been killed to see if they return. YouTomb archives every video it finds. They display the thumbnail of the video under fair use, but they’re still determining whether they can display each video in full.
Continue reading “HOPE 2008: YouTomb, A free culture hack”