Tag Archives: crack

[Security] Tarnovsky Explains Infineon TPM Hack

On the Black Hat 2010 conference in Crystal City notorious smart card hacker Christopher Tarnovsky explained how he managed to hack current Trusted Platform Modules by Infineon.

This time Tarnovsky managed to read secured data from TPM chips like RSA and DES crypto keys. His approach took six months and a lab consisting of devices for about US$ 200,000. After having found out the exacty way to compromise Infineon’s chips it took only six hours to compromise an XBox 360’s TPM chip.

On the Black Hat 2008 in Amsterdam Tarnovsky said he was offered US$ 100,000 to crack the Xbox 360’s TPM:

A Microsoft engineer is wondering: “Did you take an interest in the processor of our Xbox360 game console?” – “I was offered 100’000 dollars to break it”, says Tarnovsky. “But I replied that that wasn’t enough.”

For people generally interested in approaching smart card security check this article with a video Wired.com featuring Tarnovsky in his security lab.

[iPhone] iPhone Dev Team Release RedSn0w Unlock Solution

From the iPhone Dev Team’s Wiki:

What is it?

A cross-platform jailbreaking, unlocking, and customizing tool for iPhones and iPod touches. Customizations include boot logos, recovery logos, and “verbose” boot. It’s a standalone program that doesn’t use iTunes (no custom IPSWs are involved).

The download links are at the bottom of this page (but please read the whole page anyway!).

We’ve been offering redsn0w in various incarnations over the years (including poorlad’s Windows version of QuickPwn). The most recent release before this one was redsn0w 0.8, which targeted Apple firmware 3.0/3.0.1.

» More information and download here

[MacOS] Snow Leopard 10.6.2 Kernel Patched for Intel Atom Support

Teateam a russian speaking Mac OS developer binary patched the latest Mac OS X 10.6.2 Mach Kernel to eventually reenable support for Intel Atom CPUs. His kernel seems to be running well in 32bit and in 64bit mode. Atom CPUs are now reported as Intel Core Solo or Core Duo.

The patch seems only to consist of modifying a couple of (simply) assembler instructions to permanently set the CPU type. In the meantime Apple has released kernel sources and people are working on adding Atom CPU support in a proper manner.

Congrats Teamteam. That’s what Ilfak made IDA for ;-)

» Tea’s Blog: Kernel 10.2 for Intel Atom 330
» Apple.com: Sources for 10.6.2

[iPhone] GeoHot Announces Latest Baseband Unlock

George Hotz – by now almost any iPhone user should know that guy – hacked the latest baseband firmware 05.11.07. The unlock will be named BlackSn0w, well …

That means all carrier or SIM locked iPhones around the globe running this latest firmware can be used with different SIM cards from different carriers. Thus making holidays no roaming fee horror show.

Information about the unlock procedures will be released on BlackRa1n.com on Nov 04, 2009. Until then, enjoy GeoHot’s video proof:

Kudos fly out to GeoHot. Standing work, dude. But why the hell is there always Snow, Rain, Snow, Rain. Why no sunshine, guys?

[News] Fravia is Dead

This might not be the news for many of you. Some will already know, others will most likely not even know who Fravia was. Anyway, this news is sad. Fravia has been one of the most outstanding intellectual reverse engineering gurus since the middle of the 1990’s. He seems to be the only one who ever managed to get into direct contact to the mysterious +ORC (Old Red Cracker), who edited the main reverse engineering tutorials during that time.

Fravia anyhow passed away in May, after a long fight against cancer. He has become 56 years only. Our hearts will be with you. Rest in Peace, bro’. You won’t be forgotten.

[DVB] Premiere/Sky Nagravision or NDS Videoguard Hack?

What happened so far?

The forums and news sites are again full of coverage about a hack of the german Pay-TV channel Premiere (forthcoming name: Sky Germany). As we already stated in april, 2009 this is a hoax. There are no evidences or proofs whatsoever. Anyway you’d better read on, why we believe searching for a hack is useless.

Continue reading

[Games] EA Game “Spore” Ranks 1st on Pirate Bay

Storyline

The new game “Spore” by Electronic Arts hasn’t got much positive news since its release. In the first place potential customers would not buy it, because of its copy protection. Electronic Arts decided to combat potential piracy by applying a new version of the SecuRom copy protection.

Technical Details of the Protection

This new version requires to activate your legally purchased copy online. That’s nothing new. Many games and software applications nowadays require online activation. The point with this SecuRom protection is: it forces the players to re-validate their activation every 10 days. Thus meaning the stand alone game would not be playable for users being not connected to the internet.

The Reaction of the (potential) Customers

In the eyes of the customers this was unacceptable. Thousands of customers reviewed “Spore” with a single star on Amazon.com:

Anyway, by investigating this “Spore” issue a little bit deeper the german Golem.de (original article here, german only) found: people really like “Spore”, but they don’t like the copy protection. Within a week “Spore” has been transferred to 500,000 computers worldwide via the well known Pirate Bay Bittorrent Tracker. “Spore” currently ranks first on Pirate Bay downloads:

EA managers must feel this is real irony. Instead of protecting their investment into a very good game, potential customers are now downloading the already cracked copy without any protection from the internet for free.

Our Comment

Although we can’t tell from reality, we expect more people would have bought this game, if the protection wouldn’t have been so annoying to the masses. Anyway the “Spore” issue is one of the best case studies for the question how DRM is recognized by potential customers. In our opinion, media industry should begin to face four basic facts:

  1. DRM only deters potential customers from buying
  2. Protections only limit legal customers, thus punishing only them!
  3. Protections will always become cracked and
  4. Every digital good is available for free on the internet

Otherwise the problem of the music industry will repeat itself for the movie industry and the gaming industry aswell. Protections will never stop people from cracking and distributing digital goods on the net, but that’s not the point here. Everything here with DRM in general is about a feeling.

If customers feel like they are taken seriously as partners of the industry and consumers of their products, it’s more likely that they buy something they feel it’s worth it. People will never feel something worth buying if the limitations are so big that getting it the illegal way is much more stressless

[iPhone] 3G Cases get Cracks

More and more people are reporting that their iPhone 3G cases are cracking sooner or later. It is well visible on white devices, but we exect the black ones to be as fragile as the white ones. The only difference is: a crack can be seen much better on a white case. Anyway ehPhone.ca from Canada show how those cracked cases look like.

[iPhone] Apple’s AppStore DRM broken

You don’t trust DRM protections? You read that Microsoft and Yahoo switched off their DRM servers thus disallowing the continuous use of legally bought Music?

Then this might be the news for you. Sources that wish to stay anonymous confirmed and explained that removing of AppStore’s DRM of your legally bought applications is fairly simple for people who know what a command line is.

The technique only requires a jailbroken iPhone that got SSH installed. Once you legally bought the application you can run it on your iPhone / iPod Touch. Then you log in via SSH, determine the process ID and dump a part of the memory. Since the application needs to be decrypted in order to run on your iPhone it will be decrypted before it’s going to be executed. So in memory you have the decoded binary and you only need to dump in to a file. Using the GNU debugger here makes your life easy. After that you only need to replace the part of the encrypted binary with the memory dump and set a flag to not encrypted. People who know what ProcDump in the early Windows days did: this is exactly the same technique without the automatization.

Anyway we’re not sure if more concrete information may violate Germany’s weird intellectual property rights, we can’t go into further details here. We recommend to do a Google search. You will most likely find one or two tutorials that go in to detail step by step. Applying that technique will allow you to save your very bought apps. We don’t condone misuse or piracy.

[iPhone] iPhone 3G Proxy Unlock Available in Germany (update)

Update July 27th, 2008: In their testing program Juma found issues with some european carriers using 3G technique. In contrast to other SIM proxy manufacturers, Juma does not want to sell solutions that don’t work 100% on either GSM or 3G/UMTS networks. Customers who had already ordered got full refund on saturday and sunday. Anyway: we heard Juma is researching these issues to come up with a solution as soon as possible

It finally seems to be true. We already reported that unlock specialists from Brazil and from Vietnam independently from each other announced they can unlock the new 3G iPhones using a proxy SIM solution. But nobody (at least in Europe) got such proxy SIM into their hands.

Anyway here seems to come the real deal: a working proxy solution hit the streets of germany as of today. It is called iPhonix and is manufactured by Juma FZE – a trading company located in Dubai. As initial offer iPhonix will cost 50€ (about 80US$), instead of 59€. Sadly the product page seems to be available in german only by the moment. We already ordered a product sample, but as we don’t have it yet: we can’t confirm, but the german Magazine MacBug does (see german article here). Update: This currently does not work with any german carrier!

On the following video you can see a white iPhone 3G running with german interface. The iPhone 3G is obviously carrier locked (most likely to the german T-Mobile D1 net). After inserting the iPhonix proxy it connects to the carrier of Dubai (Etisalat) – obviously roaming. Anyway this is not the best video to convince german customers. We’d better seen checking out a T-Mobile SIM and putting in an O2 or Vodafone card that does not work and then after using the proxy… You know what I mean… And where is the making calls… Anyway see their promotion video here: