bushing - Slashdot User

Submission + - Apple Blocks Open Source Syncing (Again)

Submitted by

marcansoft

on Monday April 12, 2010 @02:20PM

marcansoft writes: "Since 2007, Apple has been locking their users into iTunes, which isn't available under Linux, by adding secret hashes to their iPod/iPhone databases. After this hash was reverse engineered, Apple developed a new one and tried and failed to use legal threats to stifle the reverse engineering effort. Last year, the hash was finally cracked and as of today iPhone and iPod Touch users can sync music using open source tools exclusively. This is about to change, though, as Apple have once again changed their hash algorithm for the iPad and will likely use this new version for their upcoming 4.0 iPhone OS release.

If you want to keep your ability to sync music using open source, you should not update. As part of their lock-in strategy, Apple are preventing newer devices from being downgraded by requiring any firmware updates to "phone home" for approval. The iPad already includes a version of the 3.2 OS with the new hash, and does not work out of the box."

Comment Re:Par for the course? (Score 2, Informative) 510

by bushing on Wednesday April 07, 2010 @04:40PM (#31766792) Attached to: Sony Update Bricks Playstations

No, there are two words to explain that: Other OS. Check out this table (slightly outdated, it's a year old or so) by console hacker Michael Steil (or watch him talk about it on any of his talks). Every console post-PS2 was hacked for homebrew, and then those hacks were abused for piracy. The PS3 comes with homebrew, therefore there is little motivation to crack the native system. Pro-piracy people are rarely good hackers, and need homebrew to piggyback on.

This is just plain BS. Piracy on modern consoles (at least in the case of the Xbox 360 and Wii) involve bypassing the DVD drive's built in security check. This really has nothing to do with homebrew and you can, in fact, run homebrew on either system without modifying the DVD drive to accept pirated discs. So your statement that pro-piracy people are a) rarely good hackers and b) are piggybacking on homebrew is complete crap.

Get your facts straight before commenting on something you obviously know nothing about.

You might want to weigh your own confidence against the authority of the person making claims you disagree with before launching into an attack.

I don't really understand your objection to a), and I think Marcan's claims about b) are justified but deserve a bit of clarification. It's not so simple; as Michael Steil discusses, the efforts (piracy vs homebrew) often leverage each others' work. The only reason you can "run homebrew [on the Wii] without modifying the DVD drive to accept pirated discs" is that ... we were able to bootstrap our efforts by using modified disc images, which requires modifying the DVD drive to accept burned discs. The first unsigned code execution we demonstrated used a patched Lego Star Wars disc with code injected into it. Later, we used the same technique to inject debugging code into a copy of Zelda, and then used that to facilitate making a save-game exploit that ultimately did not require hardware modification.

It might have been possible to reach that end goal in some different way, but it would have been much more difficult.

Comment Re:False assumption? (Score 2, Informative) 143

by bushing on Saturday February 06, 2010 @08:42PM (#31049282) Attached to: Game Devs Migrating Toward iPhone, Away From Wii

Just watch out if your computer dies and you have no way to start iTunes and click "Deactivate". 5 dead computers later and all your purchases are history.

... except for the part where you can fire up iTunes on your new computer, sign into your account without activating, and click "Deauthorize All Computers" and then activate your new computer(s).

Comment You're talking to a straw man. (Score 1) 965

by bushing on Monday February 01, 2010 @03:01AM (#30978096) Attached to: Apple's Trend Away From Tinkering

The people who create the jailbreaking tools (or find the exploits, at least) do it for the challenge of it.

The people who use them are generally people who thought the "locked-down" out-of-the-box experience was worth the money they paid, and who find it fun to push it a bit further with a jailbreak.

"The jailbreaker who despises the restrictions imposed by the manufacturer" is a straw man. I'm sure you can find a counterexample (or at least, someone trying to be contrary) if you try hard enough, but in general, "jailbreakers" come in all of these categories but one:

Those who find exploits and hacks for fun of it
Those who want "a little bit more" out of a device they otherwise already enjoy
Those who want to install pirated apps
Those who hate Apple yet still spend their hard-earned money on a device, only to apply a hack that will only work for sum indeterminate amount of time

Comment Re:Bogus survey? (Score 1) 214

by bushing on Friday December 18, 2009 @07:37PM (#30494880) Attached to: iPhone Has 46% of Japanese Smartphone Market

As with the AdMob survey numbers based on web browsing hits this survey is suspicious.

Looking through my web server logs the only smartphone browser hits I get are from iPhone clients...

"Mozilla/5.0 (iPhone; U; CPU like Mac OS X; en) AppleWebKit/420+ (KHTML, like Gecko) Version/3.0 Mobile/1A543a Safari/419.3"

Amazon runs their EC2 cloud computing cluster off iPhones? Something really fishy is going on here.

Yeah, 1A543a is a really really old version of the software (over 2 years old -- it's what the first iPhone launched with). If that's representative of what most of the transactions look like, they're probably bogus.

Nintendo Upset Over Nokia Game Emulation Video 189

Posted by Soulskill on Tuesday December 01, 2009 @02:45AM from the super-mario-takedown dept.

An anonymous reader writes "Nintendo is investigating potential copyright infringement by Nokia during some video demos of their N900 phone, which can be seen emulating Nintendo games. Nintendo spokesman Robert Saunders says: 'We take rigorous steps to protect our IP and our legal team will examine this to determine if any infringement has taken place.' In the video, Nokia says, 'Most publishers allow individual title usage, provided that the user is in possession of the original title.'"

Comment Re:Encryption Keys?? (is Apple blowing smoke?) (Score 1) 640

by bushing on Sunday November 15, 2009 @09:16AM (#30105146) Attached to: Psystar Crushed In Court

Googling for these mysterious keys turned up nothing.

Is Apple lying to the court?

You're just looking in the wrong places. There are two 128-bit constants stored in the System Management Controller chip (alongside fan speeds and temperature info) in the keys "OSK0" and "OSK1"; the first time someone accidentally dumped these seems to have been in this forum post. The scheme is documented a bit further in a couple of artictles: "TPM DRM" In Mac OS X: A Myth That Won't Die and Darwin/x86: Mac OS X Binary Protection. I'll leave it to you to manually decode the keys into ASCII, but will point out that they are normally retrieved from the hardware by a kext called "Dont Steal Mac OS X.kext". The reason your "special bootloader" works on vanilla hardware is that it replaces that kext with a version that contains the keys hardcoded into it; it will never install on any machine without replacing or patching that kext, EFI or not. (All of the bootloaders that can use unmodified installation media patch or inject this kext before passing control to the loaded XNU kernel.)

If you've gotten to the point where you're patching that kext, there's not much else that can be done to stop you, which is why they gave the kext its name and included the following plain-text string in the binary:

Your karma check for today:
There once was was a user that whined
his existing OS was so blind,
he'd do better to pirate
an OS that ran great
but found his hardware declined.
Please don't steal Mac OS!
Really, that's way uncool.
(C) Apple Computer, Inc.

Comment Re:A little unfair... (Score 5, Informative) 123

by bushing on Thursday October 22, 2009 @11:08PM (#29842533) Attached to: HTC Finally Releases Hero Source Code

A major complication is the fact that today's PDA phones are basically cellular winmodems. [...] In contrast, the humble i300 was literally a cell phone radio bolted to a PalmOS PDA, connected by LITERALLY a serial port.

[...]As I understand it, a phone running Android (or Windows Mobile, for that matter) is kind of like a PC running Linux under VMware under Windows (or vice-versa).

This is not true, at least not in the case of the iPhone (which has an Infineon baseband processor connected to a Samsung "Applications Processor" by "LITERALLY a serial port") or the Palm Pre (Qualcomm baseband, TI OMAP AP).

Qualcomm's product info page for the MSM7201 processor used in the HTC Hero says that it includes "Integrated ARM11 applications processor and ARM9 modem, QDSP4000 and QDSP5000 high-performance digital signal processors (DSP)". It would seem likely that the ARM9 core (in combination with one or both of the DSPs) does all of the modem work; I see no reason to suspect that the ARM11 ever "steals cycles from cpu #1".

Submission + - Nintendo (risks) bricking Wii's in attempt to bloc (hackmii.com)

Submitted by

Trevelyan

on Thursday October 01, 2009 @04:32AM

Trevelyan writes: "Nintendo have just released a new update to all Wii's: System Menu 4.2. It appears the sole purpose of this update is to remove all "unauthorised" installed software and attempt to close any bug that might be used to reinstall them. This includes updating the boot loader. However Nintendo's update code is not as robust as that of the Bootmii installer, thus if the update does not go smoothly your wii will be bricked (regardless of if you have unauthorised software or not). Team tweezers have already released an updated installer to give you a version of the Homebrew Channel that will survive Nintendo's update, however your bootloader can not be protected."

Submission + - Wii Update 4.2 tries (and fails) to block homebrew (hackmii.com) 3

Submitted by

marcansoft

on Wednesday September 30, 2009 @06:46PM

marcansoft writes: "On September 28, Nintendo released a Wii update, titled 4.2. This update was targeted squarely at homebrew, performing sweeping changes throughout the system. It hardly achieved that goal, though, because just two days later a new version of the HackMii installer was released that brings full homebrew capabilities back to all Wii consoles, including unmodified consoles running 4.2.

However, as part of their attempt to annoy homebrew users, Nintendo updated the lowest level updateable component of the Wii software stack: boot2 (part of the system bootloader chain). Homebrew users have been using BootMii to patch boot2 in order to gain low level system access and recovery functions (running Linux natively, fixing bricks, etc). The update hasn't hindered this, as users can simply reinstall BootMii after updating (it is compatible with the update). But there's a much bigger problem: Nintendo's boot2 update code is buggy. Boot2 had never been updated in retail consoles until now. During BootMii's development, its authors noticed that Nintendo's code had critical bugs and could sometimes permanently brick a console by writing incorrect or unchecked data to flash memory, so they decided to write their own, much safer flashing code. Now, Nintendo has pushed a boot2 update to all Wii users, and the results are what was expected: users are reporting bricks after installing 4.2 on unmodified consoles. Nintendo is currently attempting to censor posts and remove references to homebrew.

It is worth noting that the new boot2 does not attempt to block anything or offer any additional protection or functionality. Its sole purpose is to simply replace current versions which may or may not have been modified with BootMii. Another interesting tidbit is that Nintendo is not believed to have any method to repair this kind of brick at a factory, short of replacing the entire motherboard."

Comment Re:I smell double standards (Score 2, Informative) 124

by bushing on Tuesday September 29, 2009 @02:29PM (#29583633) Attached to: Gameboy Color Boot ROM Dumped After 10 Years

There's no well-defined line of what software is expressive (and eligible for copyright) and what software is merely functional. I would argue that this software is merely functional -- there's not all that much code, and there are only a few ways you can write code that performs the same function. It's largely mechanical.

On the other hand, the Nintendo logo is actually contained in the ROM, as part of the protection mechanism. This was probably done as a "copyright/trademark trick" -- the logo is certainly expressive (and eligible for copyright), so in order to make a clone cartridge, you would have to copy this logo.

Unfortunately for Nintendo, Sega tried this trick in court and lost a couple of years later. That court case actually established the precedent I'm alluding to above... a few choice quotes from the decision:

In some circumstances, even the exact set of commands used by the programmer is deemed functional rather than creative for purposes of copyright. "[W]hen specific instructions, even though previously copyrighted, are the only and essential means of accomplishing a given task, their later use by another will not amount to infringement."

[...]

Sega's trademark security system (TMSS) initialization code not only enables video game programs to operate on the Genesis III console, but also prompts a screen display of the SEGA trademark and message. As a result, Accolade's inclusion of the TMSS initialization code in its video game programs has an effect ultimately beneficial neither to Sega nor to Accolade. A Genesis III owner who purchases a video game made by Accolade sees Sega's trademark associated with Accolade's product each time he inserts the game cartridge into the console. Sega claims that Accolade's inclusion of the TMSS initialization code in its games constitutes trademark infringement and false designation of origin in violation of [...] the Lanham Trademark Act. Accolade counterclaims that Sega's use of the TMSS to prompt a screen display of its trademark constitutes false designation of origin under Lanham Act section 43(a), 15 U.S.C. Section 1125(a). Because the TMSS has the effect of regulating access to the Genesis III console, and because there is no indication in the record of any public or industry awareness of any feasible alternate method of gaining access to the Genesis III, we hold that Sega is primarily responsible for any resultant confusion. Thus, it has not demonstrated a likelihood of success on the merits of its Lanham Act claims.

This legal issue was later revisited in a slightly different form (with mixed results) in Lexmark V. Static Control Components -- however, in that case, there was a lot more code involved than the boot ROM we're talking about here, so much more room for claims of expressive code.

Comment Vcc/clock glitching (Score 1) 124

by bushing on Tuesday September 29, 2009 @01:58PM (#29583233) Attached to: Gameboy Color Boot ROM Dumped After 10 Years

This is also an interesting development because Costis achieved the same goal as the decapping of the original GameBoy CPU, but with vastly cheaper equipment (< $100) and probably in less time (< 1 week).

Glitching is a neat technology; it's most famously used by "card unloopers" for smartcard hacking, and is also used by modern Wii modchips. Travis Goodspeed gave a neat presentation at DefCon 2009 about glitching, and has released some open-source hardware which will eventually support glitching target microcontrollers. Given the right software, that board alone would probably have been enough to perform this hack.

Gameboy Color Boot ROM Dumped After 10 Years 124

Posted by Soulskill on Tuesday September 29, 2009 @03:47AM from the what's-a-decade-among-friends dept.

An anonymous reader writes "Costis was able to dump the elusive boot ROM from the Gameboy Color by using various voltage and clock glitching tricks. The boot ROM is what initializes the Gameboy hardware, displays the 'GAMEBOY' logo and animation, and makes the trademarked 'cling!' sound effect. Even decapping the CPU had failed previously, but now the boot image and specifics on how it was dumped (along with many photos) are available for download."

Submission + - Gameboy Color Boot ROM Dumped After 10 Years (fpgb.org)

Submitted by Anonymous Coward on Monday September 28, 2009 @07:04AM

An anonymous reader writes: Costis was able to dump the elusive boot ROM from the Gameboy Color by using various voltage and clock glitching tricks. The boot ROM is what initializes the Gameboy hardware, displays the "GAMEBOY" logo and animation, and makes the trademarked "cling!" sound effect. Even decapping the CPU had failed previously, but now the boot image and specifics on how it was dumped (along with many photos) are available for download at http://www.fpgb.org/

Comment Re:Audit the current system first? (Score 1) 463

by bushing on Friday September 18, 2009 @04:18AM (#29463691) Attached to: ASCAP Says Apple Should Pay For 30-sec. Song Samples

Apple keeps 29 cents per song, which may be why they're a bit miffed.

Even at that, they shouldn't be. After subtracting out costs, Apple's estimated profit per song is more like 10 cents.

Slashdot Top Deals