Beating DRM to Extend the Life of an Anti-Aging Therapy Light Mask

It’s becoming more common to see DRM cropping up in an increasing number of hardware products nowadays. Quite often, its used to prevent the use of unauthorized consumables and some may argue that it helps prevent counterfeiting and help shore up revenues. But it’s a totally different matter when DRM is used to severely limit the operational life of a product. When [travis] wrote in about the run time limitation on an “Illumimask” light therapy device, we first had to look up what that device was. Apparently, these are anti-acne or anti-aging light therapy masks that use red and blue LEDs to kill skin bacteria, stimulate skin cells and reduce blemishes. While these claims most likely may not hold water, the device itself is cheap enough not to hurt you at $30 a pop.

The trouble is, it is limited to 30 daily uses of 15 minutes each, totaling just 7 1/2 hours, effectively lasting you a month. At the end of which, you just discard the device and get a new one. That seems like a ridiculous waste of a perfectly fine, functional device whose LED’s can last at least 30,000 to 40,000 hours. [travis]’s wife [Bebefuzz] was obviously pissed at this situation. So she did a simple hack to bypass the microcontroller that imposed the goofy restrictions. In [travis]’s own words “Not a crazy-technical hack…. but a very functional one to bypass a manufacturer’s ‘WTF'”. It involved soldering a slide switch across the circuit terminals that the micro-controller uses to monitor the LED current (likely). Unfortunately, this also breaks the 15 minute timer measurement, so she now has to manually switch off the device at the end of the 15 minute therapy cycle.

To check out more DRM hacks, check out these we covered earlier, from Coffee Makers to 3D printer filaments to Cat Litter boxes and even furniture.

Cracking Litter Box DRM

DRM on a specific brand of cat litter box has been cracked. In other news, DRM on cat litter boxes exists.

[Jorge] moved into a new apartment with a feline companion and wanted one of those fancy, auto-cleaning litter boxes. Apparently only one such device exists, the CatGenie. This ‘Rolls Royce of cat litter boxes’ uses little pieces of plastic granules as ‘functional medium’ that are scooped up, cleaned, and returned to use. These granules are washed with a cartridge full of fresh-smelling cleaning solution that comes in a container with an RFID tag. Yep, DRM’ed cat boxes. Welcome to the future.

After cruising around the Internet, [Jorge] found a CatGenie community that has released open source firmware for a litter box and something called a CartridgeGenius, a drop-in replacement for the cartridge tag reader in the litter box. It simulates both the RFID tag and its reader, allowing any robotic litter box owner to select between 120 cycle cartridges, 60 cycle cartridges, a maintenance cartridge, and set the fill level of those cartridges.

Previously, [Jorge] was spending about $350 a year on the solution to clean these plastic granules, so in a few months this CartridgeGenius has already paid for itself.

DRM Protection Removed for… Coffee?

Keurig, the manufacturer of a single-serve coffee brewing system, has a very wide following amongst coffee drinkers. Their K-cup (pre-packaged coffee grounds with a coffee filter, all in a plastic container) is an interesting concept and makes brewing a single cup of coffee much more efficient over making a whole pot. Their newer line of coffee makers, the Keurig 2.0, has some interesting (and annoying) security features though, which [Kate Gray] has found an interesting and simple way around.

The DRM security in these coffee makers is intended to keep third-party “cups” from being used in the Keurig. It can recognize an authentic Keurig cup, and can stop the operation of the coffee pot if a knockoff is placed in the machine. We can only assume that this is because Keurig makes a heap of cash by selling its canisters of coffee. One simple solution was already covered a few days ago by taping an authentic lid to the machine. This one doesn’t require any authentic pods but just removes one wire from a wiring harness inside of the case.

There are other ways around the security on these devices, but when [Kate Gray] actually investigated, she found the security decidedly lacking. With something this simple, one can only speculate how much Keurig has really invested in making sure users don’t use third-party cups of coffee in their machines, but it also brings up the classic question of who really owns hardware if we can’t use it in the way we want, rather than the way the manufacturer wants.

You can read more about the project on its Reddit page. Thanks to [MyOwnDemon] for the tip!

Dead Simple Hack Allows for “Rebel” Keurig K-Cups

If you haven’t actually used a Keurig coffee machine, then you’ve probably at least seen one. They are supposed to make brewing coffee simple. You just take one of the Keurig “k-cups” and place it into the machine. The machine will punch a hole in the foil top and run the water through the k-cup. Your flavored beverage of choice comes out the other side. It’s a simple idea, run by a more complex machine. A machine that is complicated enough to have a security vulnerability.

Unfortunately newer versions of these machines have a sort of DRM, or lockout chip. In order to prevent unofficial k-cups from being manufactured and sold, the Keurig machines have a way to detect which cups are legitimate and which are counterfeit. It appears as though the machine identifies the lid specifically as being genuine.

It turns out this “lockout” technology is very simple to defeat. All one needs to do is cut the lid off of a legitimate Keurig k-cup and place it on top of your counterfeit cup. The system will read the real lid and allow you to brew to your heart’s content. A more convenient solution involves cutting off just the small portion of the lid that contains the Keurig logo. This then gets taped directly to the Keurig machine itself. This way you can still easily replace the cups without having to fuss with the extra lid every time.

It’s a simple hack, but it’s interesting to see that even coffee machines are being sold with limiting technology these days. This is the kind of stuff we would have joked about five or ten years ago. Yet here we are, with a coffee machine security vulnerability. Check out the video demonstration below. Continue reading “Dead Simple Hack Allows for “Rebel” Keurig K-Cups”

Unbricking a BluRay Drive

All BluRay player, devices, and drives contain a key that unlocks the encryption and DRM present on BluRay discs. Since 2007, the consortium responsible for this DRM scheme has been pushing updates and revocation lists on individual BluRay releases. Putting one of these discs in your drive will brick the device, and this is the situation [stephen] found himself in when he tried to watch Machete Kills. Not wanting to update his software, he searched for a better solution to unbrick his drive.

Every time [stephen] played or ripped a disc, the software he was using passed a key to the drive. This key was compared to the revocation list present on the drive. When a match was found, the drive bricked itself. Figuring the revocation list must be stored on a chip in the device, [stephen] broke out the screwdriver and started looking around inside the drive.

There aren’t many chips inside a modern BluRay drive, but [stephen] did manage to find a few Flash chips. These Flash chips can be dumped to a computer using a BusPirate, and comparing the dump to a publicly available ‘Host Revocation List Record’, [stephen] was able to find the location on the Flash chip that contained the revocation list.

The next task was to replace the revocation list currently on the drive with an earlier one that wouldn’t brick his drive. [stephen]’s MakeMKV install made this very easy, as it keeps a record of all the revocation lists it runs across. Updating the Flash in the drive with this old list unbricked the drive.

This is only a temporary fix, as [stephen] still can’t put a new disc in the drive. A permanent fix would involve write protecting the Flash and preventing the drive from ever updating the revocation list again. This would be a very complex firmware hack, and [stephen] doesn’t even know what architecture the controller uses. Still, the drive works, saved from terrible DRM.

Resetting DRM On 3D Printer Filament

The Da Vinci 3D printer is, without a doubt, the future of printing plastic objects at home. It’s small, looks good on a desk, is fairly cheap, and most importantly for printer manufacturers, uses chipped filament cartridges that can’t be refilled.

[Oliver] over at Voltivo was trying to test their new printer filament with a Da Vinci and ran head-on into this problem of chipped filament. Digging around inside the filament cartridge, he found a measly 300 grams of filament and a small PCB with a Microchip 11LC010 EEPROM. This one kilobyte EEPROM contains all the data about what’s in the filament cartridge, including the length of filament remaining.

After dumping the EEPROM with an Arduino and looking at the hex file, [Oliver] discovered the amount of filament remaining was held in a single two-byte value. Resetting this value to 0xFFFF restores the filament counter to its virgin state, allowing him to refill the filament. A good thing, too; the cartridge filament is about twice as expensive as what we would normally buy.

 

Stripping Kindle DRM with Lego

DRM

Consider a book sitting on a shelf. You can lend it out to a friend, you don’t need a special device to read it, and if you are so inclined, you can photocopy it. This isn’t true with Kindle eBooks that place severe restrictions on what you can do with a book via DRM. Although it is possible to strip eBook DRM with a few programs on your computer, [Peter] came up with a fool-proof way that’s an amateur engineering marvel. He’s turning Kindle eBooks into plain text using Lego.

[Peter] is using a few bits of a Lego NTX system to press the, ‘next page’ button on his Kindle, then smash the space bar on his Mac to take a picture. These pictures are then sent to a cloud-based text recognition service. After a few hours of listening to plastic gears grinding, [Peter] has a copy of his eBook in plain text format sitting in his computer.

As impractical as it looks, using a robot, camera, and OCR is actually a really, really good way to turn eBooks plagued with DRM into a text file. Even if Amazon updates their DRM to make the current software cracking methods break, [Peter] will always have his Lego robot ready to scan a few hundred pages of text at a time.

Continue reading “Stripping Kindle DRM with Lego”