The Edge of I-Hacked

from http://tech.nocr.at/

from chadledford.com

If you’re like me, you ordered the xbox 360 Premium instead of the 360 Elite because you wanted to save money. However, if you want HDMI going to your TV and Digital Optical to your surround sound, Microsoft has engineered the Premium in a way that requires you to purchase their HDMI cable with audio adapter for $49.99. BUT! Here is how to get around that!!

from Noobz.eu

We told you that we’d be releasing an unbricker for the M33 bricks. But then we got to thinking, maybe that just wouldn’t be exciting enough.

Would you like a super special surprise bonus? How about an unbricker for ALL PSPs? Yep, you read that right. We call it “Pandora’s Battery”.

There’s a larger story behind this unbricker, though, and it deserves to be told. It’s the culmination of years of behind-the-scenes research and development by some of the top names in PSP hacking, under the name of the Prometheus project. This group of people, from various development teams, was dedicated to developing and releasing PSP hacks and exploits, with the aim of improving the status of PSP homebrew, and making sure that it was kept alive.

For some time this project was highly successful - many releases from Noobz, C+D and others were direct results of this work. The zenith of this success was the development of this unbricker - which required some amazing technical leaps, including:

1. Reverse engineering of the service (unbrick) mode
2. Development of a technique to change an ordinary battery into a service mode trigger battery (and back)
3. Development of custom IPL code along with a technique to sign that code as authentic.

Even more impressive is that all of the above was achieved without any access to the official hardware or software. With careful nurturing, this unbricker and custom IPL was to become the foundation of a whole new homebrew environment.Unfortunately something happened to shatter the idyll. Somehow, the unbricker was leaked into the wider world before it was ready to be released. Whether this was deliberate, by one of the team members, or accidental via a security breach is still unclear. The fact is that this unbricker appeared on the black market, being sold for huge prices. As far as we know, it is probably very close to the same software that appears in at least some of the ‘magic unbricker’/'jigkick’ videos.

So, although the time was not right to release this (it would have been wise to wait at least until the PSP Slim release), our hand has been forced. In order to prevent small fortunes being made by leeches, we are giving this unbricker away for free. So - let it be known - if you have paid for an unbricker, then you have been ripped off. I suggest that you take up your grievances with the seller - it should never have been sold. And if you’re unhappy about this being released before PSP Slim - then blame whoever it was that leaked or stole it.

It’s unclear whether or not this is the end for the Prometheus project - hopefully not, but that is undecided so far. In case it is the end, it is worth a quick roll of honour. In alphabetical order:

Adrahil, Booster, Cswindle, Dark_AleX, Ditlew, Fanjita, Joek2100, Jim, Mathieulh, Nem, Psp250, Skylark, TyRaNiD.

And here are their respective C+D (Create and Destroy) nicknames.

Mathieulh = WiseFellow
Tyranid = bockscar
Fanjita = FullerMonty
Joek = CosmicOverSoul
Dark_Alex = Malyot
Chris = Caretaker
Adrahil = VoidPointer
nem = h1ckeyph0rce

Anyway - make sure to read the readme.txt in this release for how to use it, but in brief it works like this:

1. You run a program on a homebrew-enabled PSP that will convert a standard PSP battery into a jigkick battery. Note that you can’t then use that battery normally - so you should use a spare one.
2. You run a program to generate the unbricker memory stick image, built from the v1.5 update EBOOT (note that this, and the custom IPL, means the release is completely free of Sony copyright materials).
3. You run some programs on a PC to install the image to your memory stick.

Now, you have a battery/memory stick pair that works just like the famous jigkick combination (but better) - just insert them into any PSP (even a brick) and the PSP will be reinstalled with the v1.5 firmware. As far as we know, this will continue to work for all future firmwares.

Enjoy! And remember - if you find this useful, please donate to the original developers - it’s a lot cheaper than paying £1500 for it on the black market… Donations via paypal please using this button:

Please preserve our Digg, rather than starting your own.

UPDATE : Oh, and thanks for the scum that decided to ‘bury’ our Digg story, in favour of their own. That’s scummery of the lowest type.

Download: Please use one of these mirrors:

Mirror 1

Mirror 2

*Added by CodedChaos* Mirror 3

Just to confirm, this hack works perfectly, I have the proof!

from consumerist

The Consumerist’s 3-month sting operation snared a Geek Squad technician stealing porn from our hard drive, and we’ve got the work-safe video and logfiles to prove it.

from The Register

Script kiddies have latched onto a minor glitch in Symantec security software to boot users off Internet Relay Chat (IRC) channels. Typing “startkeylogger” or “stopkeylogger” in an IRC channel results in the involuntary logoff of users of Norton Firewall and Norton Internet Security suites, The Washington Post reports.

The commands mimic those used by the infamous Spybot worm, a botnet client with multiple variants, some of which spread over IRC and peer-to-peer file-swapping networks, that installs a backdoor onto compromised systems. Symantec’s software doesn’t recognise the context of the commands and therefore takes fright, exiting IRC channels with the response “Read error: Connection reset by peer” whenever the dreaded Spybot-style phrases are uttered. A number of IRC channels have reportedly started filtering out the phrase.

Symantec said it would fix the bug, which is best described as a “minor quirk”. IRC channels are full of pranksters and mischief makers who’ve undoubtedly had some fun with the Symantec glitch, even though its unlikely to have affected more than a handful of people. ®

Speaking of Keyloggers, check out this one. This program is 3.5K small, as in 3,584 bytes and can do ANYTHING other Key-Loggers claim, this is Version 1.0, a Stealth version will be next to show Hiding concepts.

from Mal-Aware.org

The ExpressPay stored-value card system used by FedEx Kinko’s is
vulnerable to attack. An attacker who gains the ability to alter the
data stored on the card can use FedEx Kinko’s services fraudulently
and anonymously, and can even obtain cash from the store.

FedEx Kinko’s fired back saying

According to Fedex Kinko’s:
“Our analysis shows that the information in the article is inaccurate
and not based on the way the actual technology and security function.
Security is a priority to FedEx Kinko’s, and we are confident in the
security of our network in preventing such illegal activity.”

So the hackers had an interesting response….

from heise online

Shortly after reports of the first virus for Mac OS X, a new security flaw has surfaced. The culprit is the option “Open ’safe’ files after downloading” in Apple’s Safari web browser. This feature is activated by default. Its function is to automatically display images and movies after they are transmitted to the user’s computer, using the application assigned to that particular document format. Safari will also unpack ZIP archives and display the documents within if they are considered “safe”. If active content such as an application or shell script is found within the archive, a prompt requests user confirmation. So far, so good.

Problems ensue if a shell script is stored into a ZIP archive without the so-called shebang line. If this line is omitted, Safari no longer recognizes the content as potentially dangerous and executes shell commands without a confirmation prompt. This behavior has been discovered by Michael Lehn, who has documented it on a web site.

from F-Secure

A new variant of the Mare family of Linux worms has been found. This one exploits one vulnerability in Mambo and another one in PHP XML-RPC.

Mare.D installs an IRC-controlled backdoor as payload.

The worm is under analysis and a detailed description will be posted soon.

F-Secure Virus Information
OSX/Inqtana.A is a Java based proof of concept bluetooth worm that affects OSX 10.4 (Tiger) systems that have not been patched against vulnerability CAN-2005-1333

Inqtana.A has not been met in the wild and has internal counter that prevents it’s operation after 24. February 2006. So it is unlikely that this variant would be a threat to Mac Users.

Inqtana.A arrives to victim system as OBEX Push request, requiring user to accept the data transfer. When the transfer is done Inqtana.A uses directory traversal exploit to copy it’s files so that it starts automatically on next reboot.

On reboot the Inqtana.A will activate and look for devices that accept OBEX Push transfers and try to send itself to those devices.

OSX/Inqtana.A affects only Mac OSX 10.4, if you use 10.4 make sure that you have installed latest OS updates from Apple

From milw0rm.com

The new Windows Media Player exploits have been released on Milw0rm.com..  They even included a Metasploit file.  I am thinking of writing a metasploit tutorial, would you guys be interested?