The Edge of I-Hacked

from Wired Blogs

A group of Israeli and Belgian researchers found a vulnerability in the algorithm that is used to secure anti-theft digital key systems in numerous vehicles, including those made by such companies as Honda, Ford, General Motors, Mercedes Benz and Jaguar. With that information they were able to devise an attack to crack the code of anti-theft keys.

With just an hour of remote access to the digital key of one car made by a manufacturer, the researchers say they are able not only to crack the unique code for that specific key but can also determine the key initialization process used to code the digital keys for all of the cars made by that manufacturer. From there, it’s pretty simple for them to crack the unique code of another car made by that company.

“There is one master key from which is derived the key for each car a company makes,” says Orr Dunkelman, a researcher from the University of Leuven in Belgium who worked on the project with four colleagues.

The cipher the researchers examined, known as KeeLoq, is used to lock and unlock many vehicles that employ remote-control key-less systems and digital key systems  — key fobs and keys that are embedded with a chip that transmits a unique digital code. The devices not only lock and unlock car doors but can also mobilize or immobilize a vehicle and operate its alarm system.

The KeeLoq technology, which is licensed by Microchip Technology to car makers and other entities, has long been considered to be pretty secure. Each KeeLoq key or key fob uses a unique value, out of billions and billions of possibilities, to unlock a car.

But after proprietary information about KeeLoq was leaked to a Russian hacking web site (pdf) last year, the five researchers, from the University of Leuven as well as the Hebrew University and the Technion in Israel, began examining the system for vulnerabilities. Within three to five days Dunkelman says they developed their first basic attack, then spent months refining their technique.

The attack involves probing a digital key wirelessly by sending 65,000 challenge/response queries to it. Once the researchers collect 65,000 responses – which takes about an hour – they use software they designed to decipher that key’s unique code. The deciphering currently takes about a day using a dedicated computer. But once they’ve cracked one key, they know 36 bits of the 64 bits they need to know. Those 36 bits are identical for every car model a manufacturer makes (different car models will vary only slightly).

This doesn’t mean Dunkelman can just walk onto a parking lot and open any car that’s the same model of the one he cracked. He still needs to crack the unique key used to open the other cars. But because he already knows the 36 bits that are common to all of the keys for one model of car, it takes only a few seconds to crack those other keys. He can do this by reading the keys wirelessly — for example, while sitting next to a patron at a restaurant or standing near a car when an owner opens it and sniffing the communication between the digital key and the car. Once he has a key’s unique code, he can encode it to a chip in a remote device (which he can do in a couple of seconds in the field) and use it to open and steal the car.

Dunkelman says an ideal scenario might be for a valet attendant to sniff the keys of cars in his charge to obtain the 36 bits for several different makes and models.

“If you go to a restaurant and leave your car with valet parking, the parking guy can probe your key while you’re eating and enjoying your steak and by the time you leave he has all the information he needs,” says Dunkelman.

Last week Dunkelman and his colleagues contacted Microchip Technology to report their findings. They also discussed the findings at the Crypto conference. But they say they won’t release their research paper publicly until after they’ve heard from Microchip.

A spokeswoman for Microchip declined to comment on the researcher’s findings.

from GAMERIOT

Players of World of Warcraft have discovered an exploit that allows them to crash any realm in WoW, and they are now wreaking havoc on all servers. The exploit crashes the main worlds and all instances associated with the realm, including dungeon and arena servers. Tichondrius, alone, has been crashed over 10 times tonight, and the general mood of the server is anything but happy. Raiding guilds and arena teams are all on hold as we all wait for official word on when this issue will be addressed. There has been no update from Blizzard regarding the situation as of now, but I suspect the issue will be dealt with ASAP tomorrow morning. Until then, I suggest taking some time away tonight for another game.

From Engadget

It looks like the long, litigious saga of AllofMP3 is about to take yet another turn, with the company is now promising to resume its music download service following a recent Russian court ruling in its favor. While it apparently isn’t quite ready to get all that specific, the company has posted a brief notice on its official blog saying that it expects to resume the service in the “foreseeable future,” and that it’s doing its best to ensure that “users can use their accounts, top up balance and order music.” Of course, AllofMP3 has hardly left all its legal troubles behind it, so there’s no telling what may happen between now and the intended re-launch. Either way, we’re pretty sure this won’t be the last we hear from the company.

from Noobz.eu

We told you that we’d be releasing an unbricker for the M33 bricks. But then we got to thinking, maybe that just wouldn’t be exciting enough.

Would you like a super special surprise bonus? How about an unbricker for ALL PSPs? Yep, you read that right. We call it “Pandora’s Battery”.

There’s a larger story behind this unbricker, though, and it deserves to be told. It’s the culmination of years of behind-the-scenes research and development by some of the top names in PSP hacking, under the name of the Prometheus project. This group of people, from various development teams, was dedicated to developing and releasing PSP hacks and exploits, with the aim of improving the status of PSP homebrew, and making sure that it was kept alive.

For some time this project was highly successful – many releases from Noobz, C+D and others were direct results of this work. The zenith of this success was the development of this unbricker – which required some amazing technical leaps, including:

1. Reverse engineering of the service (unbrick) mode
2. Development of a technique to change an ordinary battery into a service mode trigger battery (and back)
3. Development of custom IPL code along with a technique to sign that code as authentic.

Even more impressive is that all of the above was achieved without any access to the official hardware or software. With careful nurturing, this unbricker and custom IPL was to become the foundation of a whole new homebrew environment.Unfortunately something happened to shatter the idyll. Somehow, the unbricker was leaked into the wider world before it was ready to be released. Whether this was deliberate, by one of the team members, or accidental via a security breach is still unclear. The fact is that this unbricker appeared on the black market, being sold for huge prices. As far as we know, it is probably very close to the same software that appears in at least some of the ‘magic unbricker’/'jigkick’ videos.

So, although the time was not right to release this (it would have been wise to wait at least until the PSP Slim release), our hand has been forced. In order to prevent small fortunes being made by leeches, we are giving this unbricker away for free. So – let it be known – if you have paid for an unbricker, then you have been ripped off. I suggest that you take up your grievances with the seller – it should never have been sold. And if you’re unhappy about this being released before PSP Slim – then blame whoever it was that leaked or stole it.

It’s unclear whether or not this is the end for the Prometheus project – hopefully not, but that is undecided so far. In case it is the end, it is worth a quick roll of honour. In alphabetical order:

Adrahil, Booster, Cswindle, Dark_AleX, Ditlew, Fanjita, Joek2100, Jim, Mathieulh, Nem, Psp250, Skylark, TyRaNiD.

And here are their respective C+D (Create and Destroy) nicknames.

Mathieulh = WiseFellow
Tyranid = bockscar
Fanjita = FullerMonty
Joek = CosmicOverSoul
Dark_Alex = Malyot
Chris = Caretaker
Adrahil = VoidPointer
nem = h1ckeyph0rce

Anyway – make sure to read the readme.txt in this release for how to use it, but in brief it works like this:

1. You run a program on a homebrew-enabled PSP that will convert a standard PSP battery into a jigkick battery. Note that you can’t then use that battery normally – so you should use a spare one.
2. You run a program to generate the unbricker memory stick image, built from the v1.5 update EBOOT (note that this, and the custom IPL, means the release is completely free of Sony copyright materials).
3. You run some programs on a PC to install the image to your memory stick.

Now, you have a battery/memory stick pair that works just like the famous jigkick combination (but better) – just insert them into any PSP (even a brick) and the PSP will be reinstalled with the v1.5 firmware. As far as we know, this will continue to work for all future firmwares.

Enjoy! And remember – if you find this useful, please donate to the original developers – it’s a lot cheaper than paying £1500 for it on the black market… Donations via paypal please using this button:

Please preserve our Digg, rather than starting your own.

UPDATE : Oh, and thanks for the scum that decided to ‘bury’ our Digg story, in favour of their own. That’s scummery of the lowest type.

Download: Please use one of these mirrors:

Mirror 1

Mirror 2

*Added by CodedChaos* Mirror 3

Just to confirm, this hack works perfectly, I have the proof!

Article from: www.ubuntu-tutorials.com

Image from: andrewferguson.net

Update: Visit Save The Internet and let your voice be heard!

Sunday afternoon I finished setting up a dedicated rtorrent server for seeding Ubuntu .iso images. I do my best to hand out all the CDs I can, but I also figured I could make use of the bandwidth I have to do the same. Once I got on that idea I realized I had access to two Comcast connections (family) where I could drop in two more of these “rtorrent appliances”. So, I got to work setting a second one up and dropped it on the network at my Dad’s house.

Wasn’t I surprised to find that my seeds weren’t taking off. After some quick Google searching I found that Comcast is cutting torrent connections nearly across the board. All across the internet people are complaining about Comcast not letting them seed anymore–and many of these for completely legal material!

I know bittorrent is associated with a lot of pirating. Hell, so was ftp and whatever other protocol you want to drop in here. This doesn’t mean that it is *only* used for pirating. This doesn’t mean that there aren’t legit reasons to use the efficient protocol. Apparently Comcast doesn’t see it this way.

The way I see it this is the first step toward a Tiered Internet, whether or not any such thing is approved in Legislation or by the consumers. Comcast doesn’t care. They are simply cutting off access to part of the Internet, plain and simple.

I would not be surprised at all to soon hear that Comcast will allow bittorrent traffic, for an additional fee. If you *really* want to use that protocol you can pay us more, but otherwise we don’t deem it as part of “normal internet usage”. Once that starts what is to stop the avalanche that will happen next?

“You want access to YouTube? It really uses a lot of bandwidth and we weren’t expecting most people to use more than casual browsing and email. That’ll be $5/mo additional.”

If Comcast is able to start cutting off access to internet protocols they are already to the Tiered Internet that will only become grounds for corruption and extortion. Who will be next?

The telecoms like the idea of a Tiered Internet because they can then extort both sides of the product. Since they are the middle-man they can charge more to the consumers for access to “the whole internet” and charge more to large domains and take pay-outs from big online powerhouses to provide “better or preferred” access to them.

What do I mean by that? We all know Google pwns the internet. We start getting into the Tiered Internet setup and Microsoft gives a big payout to Comcast, requiring them to limit access to Google, while preferring access to Windows Live Search (or whatever the hell its called). They’ll make up some reason why its more efficient for bandwidth or some BS and you’ll have to pay more to get to Google. They would be in the perfect position to rake in huge piles of money from both ends, with nothing to stop them.

The internet needs to stay open. The *whole* internet. Not the convenient internet. Not the bandwidth friendly internet. Not the bribed-into-becoming-the-new internet. The whole internet. All protocols. All sites. All networks.

If Comcast is allowed to continue cutting off even one protocol we’ve already lost. Voice your opinion. Contact your local office. Complain. Make some noise. Switch providers.

Until then I’ll be getting these two Comcast connections switched to a competitor. It may be a slower internet (in my area) on DSL, but at least its the whole internet.

Sorry for the delayed posting of this, I had a lot of stuff to attend to when I returned home from Vegas.

I just wanted to take a quick second to thank all the people that made Defcon15 a lot of fun for me and my crew. As always Major Malfunction, Johnny Long, & Dan Kaminsky as always you guys put on a hell of a show. Thank you to all the speakers who put on some good talks this year, hell thanks to those of you whose talks didn’t live up to what I was expecting. Keep trying, it takes a lot of guts to get up there — who knows maybe I will submit a paper next year.

Defcon Goons: Thanks for being so cool this year, I had a great time hanging out with you guys. Xinc and Quiet, I like to think that I was the first one “tagged” by the goons,

but after reviewing our cameras, I see that you guys um “tagged” few other things. (no-class pun, may be nsfw) You guys are a cool bunch, I would love to be wearing a red badge for real next year.

The I-Hacked party went off the hook, when a few guys from the Wall of Sheep broke out their sticks and started swirling. I wont mention your names on here, and I don’t remember your nicks, but I had a great time hanging out with you guys, and I know I owe a few of you some shirts I promised..

Shoot me an email with some proof (like pick yourself out in a picture) and I will get them in the mail to you. For those of you who attended the party, I hope you enjoyed the give-a-ways provided by consolesource.com, those guys have been incredibly cool to deal with and I would encourage you to visit them any time you have any console modding needs. (Tell them I-Hacked sent ya) Grifter, thanks for everything you did for getting us the Skybox, and taking care of the last minute problems. I hope that is something we can do again next year.

Bunnie, thanks for coming threw with the Laser Etched VIP Invites — they were insane. I cant thank you enough for doing that. Sucks that bringing the etcher didnt work out this year, lets work it out for next year. =)

Joe, once again your badges blew me away — Like we talked about Surbo has some great ideas for next year’s badge.. He will be in contact.

Ninjas — You guys threw a hell of a party, that will be one that I wont forget. Thanks for the invite and cant wait for next year.

Lastly, thanks to everyone who came out, everyone who sported I-Hacked T-Shirts, and to all the Hackers who make Defcon possible! See you at 16!

You can see all of our photos we took here!

(P!nk Thr3@T , BT , Hevnsnt and Surbo)

from Nintendo-Scene
Team Symbiote (the makers of Wii-Boss) have released a DVD player Application for Wii.

Instructions:

Burn with clone CD, Boot in modded wii with homebrew based
mod programmed with YOASM 1.8 (I used a wii-boss).

When menu comes up then the hit “z” to unmount, change disc to DVD movie and hit “start” to play.

Keep in mind that you’ll want to have a modchip that supports Dual Layer DVDs so those of you with homebrew chips will want to use the recently released YAOSM 1.8 firmware.

Download: Team Symbiote Wii DVD Player Beta 1.0

from Make

Today in Germany the Hacker Tool Law goes into effect. With the
official name of Paragraph 202C it states that it is illegal to
possess, use, produce, or distribute a “hacker tool”.

In theory, law enforcement could come and arrest everyone here at
Chaos Communications Camp. A group of hackers gathered in solidarity to
protest this law. Hackers in Germany have been protesting the making of
this law for the past year and are stunned that it passed and has gone
into effect.

The term “hacker tool” is left vague. Nmap or other network monitoring system could fall into this category. Software likeKismac, a wifi detection software, closed down today. Phenoelit, a hacker group, also closed down shop and saying goodbye to Germany.

From Zdnet

The North Denver News reports
that Thomas Martel, 28, of Bonnie Brae, Colorado recently underwent
“whittling” thumb surgery to better enable him to use the
iPhone.

Thomas Martel, 28, of Bonnie Brae is a big guy. So he has a hard
time using the features on ever-shrinking user interfaces on devices
like his new iPhone. At least, he did, until he had his thumbs
surgically altered in a revolutionary new surgical technique known as
“whittling.”

“From my old Treo, to my Blackberry, to this new iPhone, I had
a hard time hitting the right buttons, and I always lost those little
styluses,” Martel tells reporter James Bently. “Sure, the
procedure was expensive, but when I think of all the time I save by
being able to use modern handhelds so much faster, I really think the
surgery will pay for itself in ten to fifteen years. And what
it’s saving me in frustration – that’s priceless.”

Well OK, Tom.

“This is really, on the edge sort of stuff,” explains
Dr. Robert Fox Spars, who worked on developing the procedure.
“We’re turning plastic surgery from something that people
use in service of vanity, to a real tool for improving workplace
efficiency.”

As Bently describes it, “the procedure involved making a small
incision into both thumbs and shaving down the bones, followed by
careful muscular alteration and modification of the fingernails.

From Mashable
Reports we’re getting in the mail say that some Gmail users
have seen their storage bumped to over 9GB today – 9030MB, to be exact.
If not a glitch (and why would it be?), it means Google is playing
catch-up with Yahoo, which now provides unlimited storage.

With no other info, we can only assume the accounts are currently
being selected at random. As someone who is just about to exceed his
Gmail limit, I’m keeping my fingers crossed.