This year’s Digital Millennium Copyright Act (DMCA) triennial review (PDF, legalese) contained some great news. Particularly, breaking encryption in a product in order to repair it has been deemed legal, and a previous exemption for reverse engineering 3D printer firmware to use the filament of your choice has been broadened. The infosec community got some clarification on penetration testing, and video game librarians and archivists came away with a big win on server software for online games.
Moreover, the process to renew a previous exemption has been streamlined — one used to be required to reapply from scratch every three years and now an exemption will stand unless circumstances have changed significantly. These changes, along with recent rulings by the Supreme Court are signs that some of the worst excesses of the DMCA’s anti-circumvention clause are being walked back, twenty years after being enacted. We have to applaud these developments.
However, the new right to repair clause seems to be restricted to restoring the device in question to its original specifications; if you’d like to hack a new feature into something that you own, you’re still out of luck. And while this review was generally favorable of opening up technology to enable fair use, they didn’t approve Bunnie Huang’s petition to allow decryption of the encryption method used over HDMI cables, so building your own HDMI devices that display encrypted streams is still out. And the changes to the 3D printer filament exemption is a reminder of the patchwork nature of this whole affair: it still only applies to 3D printer filament and not other devices that attempt to enforce the use of proprietary feedstock. Wait, what?
Finally, the Library of Congress only has authority to decide which acts of reverse engineering constitute defeating anti-circumvention measures. This review does not address the tools and information necessary to do so. “Manufacture and provision of — or trafficking in — products and services designed for the purposes of circumvention…” are covered elsewhere in the code. So while you are now allowed decrypt your John Deere software to fix your tractor, it’s not yet clear that designing and selling an ECU-unlocking tool, or even e-mailing someone the decryption key, is legal.
Could we hope for more? Sure! But making laws in a country as large as the US is a balancing act among many different interests, and the Library of Congress’s ruling is laudably clear about how they reached their decisions. The ruling itself is worth a read if you want to dive in, but be prepared to be overwhelmed in apparent minutiae. Or save yourself a little time and read on — we’ve got the highlights from a hacker’s perspective.
Continue reading “DMCA Review: Big Win for Right to Repair, Zero for Right to Tinker”
People love books, and if you’re anything like [tjaap]’s girlfriend, you may easily devour your eighty books and more a year. Maybe to keep better track of time during her reading sessions, her wish was to get a clock for the living room, so [tjaap] stepped up. Being a maker at heart, he decided to skip the ready-made options, and instead build one in the most fitting way imaginable: by displaying the time as literary quotes on a jailbroken Kindle.
Unlike your average word clock, [tjaap]’s literary clock displays (almost) every minute a different sentence that, in one form or another, contains the current time. Thanks to the internet, he didn’t have to compile the whole list of book quotes for each and every minute of the day by himself, but it still required some work to put it all in the form he needed. Eventually he had a script that converted each quote into an image, and a shell script on the Kindle to display them according to the time. As a bonus, the origin of the quote is displayed only optionally, turning the clock into a simple trivia quiz along the way.
It shows that themed, personalized clocks are always a great subject for a gift, just like the one made from analog meters we saw around Father’s Day.
In 1978, Tim Jenkin was a man living on borrowed time, and he knew it. A white South African in his late 20s, he had been born into the apartheid system of brutally enforced racial segregation. By his own admission, he didn’t even realize in his youth that apartheid existed — it was just a part of his world. But while traveling abroad in the early 1970s he began to see the injustice of the South African political system, and spurred on by what he learned, he became an activist in the anti-apartheid underground.
Intent on righting the wrongs he saw in his homeland, he embarked on a year of training in London. He returned to South Africa as a propaganda agent with the mission to spread anti-apartheid news and information to black South Africans. His group’s distribution method of choice was a leaflet bomb, which used a small explosive charge to disperse African National Congress propaganda in public places. Given that the ANC was a banned organization, and that they were setting off explosives in a public place, even though they only had a few grams of gunpowder, it was inevitable that Jenkin would be caught. He and cohort Steven Lee were arrested, tried and convicted; Jenkin was sentenced to 12 years in prison, while Lee got eight.
Continue reading “Hacking When it Counts: Prison Locksmithing”
[SethBling] has released a Super Mario World jailbreak that allows players to install a hex editor, then write, install and run their own game mods. What’s more is this all works on unmodified cartridges and SNES hardware. No hardware hacks required.
[Seth] is quick to say he didn’t do all this alone. This mod came to be thanks to help from [Cooper Harasyn] who discovered a save file corruption glitch, [MrCheese] who optimized the hex editor, and [p4plus2] who wrote some awesome mods.
While no soldering and programming of parts are required, installing this mod still requires quite a bit of hardware. Beyond the SNES and cartridge, you’ll need two multitaps, three controllers, and clamps to hold down buttons on the controllers. Even then the procedure will take about an hour of delicate on-screen gymnastics. Once the jailbreak is installed though, it is kept in savegame C, so you only have to do it once.
What does a hex editor allow you to do? Anything you want. Mario’s powerup state can be edited, one memory location can be modified to complete a level anytime you would like. It’s not just modifying memory locations though – you can write code that runs, such as [p4plus2’s] sweet telekinesis mod that allows Mario to grab and move around any enemy on the screen.
It’s always awesome to see old video game hardware being hacked on by a new generation of hackers. We’ve seen similar work done on Super Mario Brothers 3, and an original GameBoy used to pilot a drone, just to name a couple.
Continue reading “Super Mario World Jailbreak Requires no External Hardware”
[Geekmaster] wrote in to tell us about a new hack for the Amazon Kindle. It’s a jailbreak. A Universal jailbreak for almost every eInk Kindle eReader eOut eThere.
This jailbreak is a pure software jailbreak for the Kindle Paperwhite 2, the Kindle Paperwhite 3, Kindle Touch, Kindle Voyage, and Kindle Oasis. If you’re keeping track, that’s any 6th, 7th, or 8th generation device, running any firmware version. Already the jailbreak has been tested by over one thousand people, after the cloud served up half a Terabyte of jailbreak image downloads. That’s extraordinarily popular for a device that hasn’t seen much action of late.
Several years ago, [Geekmaster] made a name for himself – and for [NiLuJe], [KNC1], and other developers over at the Mobileread forums – for jailbreaking the Kindle Paperwhite. This jailbreak was, and is extremely simple; just upload a file to the root directory, restart, and the Kindle is jailbroken. The latest development extends this to nearly all Kindle models, while still being as easy to deploy as the original hack from four years ago.
If you’re looking for something to do with a neat jailbroken device with an eInk screen, they make a great serial console, thermostat, and wallpaper.
On September 21, “Premium” 0day startup Zerodium put out a call for a chain of exploits, starting with a browser, that enables the phone to be remotely jailbroken and arbitrary applications to be installed with root / administrator permissions. In short, a complete remote takeover of the phone. And they offered $1 million. A little over a month later, it looks like they’ve got their first claim. The hack has yet to be verified and the payout is actually made.
But we have little doubt that the hack, if it’s actually been done, is worth the money. The NSA alone has a $25 million annual budget for buying 0days and usually spends that money on much smaller bits and bobs. This hack, if it works, is huge. And the NSA isn’t the only agency that’s interested in spying on folks with iPhones.
Indeed, by bringing something like this out into the open, Zerodium is creating a bidding war among (presumably) adversarial parties. We’re not sure about the ethics of all this (OK, it’s downright shady) but it’s not currently illegal and by pitting various spy agencies (presumably) against each other, they’re almost sure to get their $1 million back with some cream on top.
We’ve seen a lot of bug bounty programs out there. Tossing “firmname bug bounty” into a search engine of your choice will probably come up with a hit for most
firmnames. A notable exception in Silicon Valley? Apple. They let you do their debugging work for free. How long this will last is anyone’s guess, but if this Zerodium deal ends up being for real, it looks like they’re severely underpaying.
And if you’re working on your own iPhone remote exploits, don’t be discouraged. Zerodium still claims to have money for two more $1 million payouts. (And with that your humble author shrugs his shoulders and turns the soldering iron back on.)
The Amazon Fire TV is Amazon’s answer to all of the other streaming media devices on the market today. Amazon is reportedly selling these devices at cost, making very little off of the hardware sales. Instead, they are relying on the fact that most users will rent or purchase digital content on these boxes, and they can make more money in the long run this way. In fact, the device does not allow users to download content directly from the Google Play store, or even play media via USB disk. This makes it more likely that you will purchase content though Amazon’s own channels.
We’re hackers. We like to make things do what they were never intended to do. We like to add functionality. We want to customize, upgrade, and break our devices. It’s fun for us. It’s no surprise that hackers have been jail breaking these devices to see what else they are capable of. A side effect of these hacks is that content can be downloaded directly from Google Play. USB playback can also be enabled. This makes the device more useful to the consumer, but obviously is not in line with Amazon’s business strategy.
Amazon’s response to these hacks was to release a firmware update that will brick the device if it discovers that it has been rooted. It also will not allow a hacker to downgrade the firmware to an older version, since this would of course remove the root detection features.
This probably doesn’t come as a surprise to most of us. We’ve seen this type of thing for years with mobile phones. The iPhone has been locked to the Apple Store since the first generation, but the first iPhone was jailbroken just days after its initial release. Then there was the PlayStation 3 “downgrade” fiasco that resulted in hacks to restore the functionality. It seems that hackers and corporations are forever destined to disagree on who actually owns the hardware and what ownership really means. We’re locked in an epic game of cat and mouse, but usually the hackers seem to triumph in the end.