crack
Latest
Are iPhone 3Gs developing cracks?
In what appears to be an increasingly common problem, hairline cracks are beginning to form on Apple's new iPhone 3G. While most of the cracks are reportedly affecting the white model, this is likely due to the increased visibility of the dark fracture on the white case as opposed to any differences in materials between the white and black units. At the moment, the issue seems largely cosmetic and doesn't appear to interfere with the operation of the phone. Now bust out the magnifying glass and let us know if you're seeing the same.[Thanks to everyone who sent this in]Read -- MacRumors forumRead -- Apple Discussions
SplashTop instant-on OS hacked to run other programs, boot off flash drives
DeviceVM's SplashTop "instant-on" OS is based on Linux, even though it's locked down to only run IM, Skype, media software, and Firefox, and you know what that means -- it's already been hacked wide open. Yep, the clever kids at the Phoronix forums have managed to open up the BIOS-based OS and make it do all kinds of tricks, including run other programs and boot other machines off a flash drive. The hacks are still a little complex, but with ASUS shipping tons of ExpressGate-enabled mobos and laptops and HP's support in the Voodoo Envy 133, we'd there's a one-click unlocker in the wild fairly soon. Anyone brave enough to install it on their machines?[Thanks, george85]
SlySoft keeps AnyDVD HD current, circumvents latest BD+
The crew over SlySoft isn't messing around, as just days after the v6.4.1.1 update hit the web, along comes yet another version to run laps around Big Content's best efforts. Posted yesterday, AnyDVD HD 6.4.5.0 adds in support for "a new version" of BD+ that's apparently included on films such as Jumper and a new flavor of AACS. This update also fixes a few minor problems with CSS logging and key retrieval, not to mention quirks found when removing ALPHA-DVD protection. You know the drill, head on down and stay current.[Via CDFreaks]
Researcher creates malicious, router-controlling website
Like having control of your connection to the internet? Don't tell Dan Kaminsky that -- the researcher has developed a method of DNS attack utilizing typical D-Link or Linksys routers that can allow hackers to gain command of your gear. The winner-takes-all maneuver, which is called a "DNS rebinding attack," functions by putting JavaScript into play that fools your browser into altering your router's configuration, thus letting the operator remotely administer the device. The concept isn't water-tight, as it takes advantage of easily-guessable router admin passwords, though Kaminsky says the enabling bug exists as a "core issue" for browsers. The attack will be showcased at tomorrow's RSA security conference, where it's hoped the demonstration will raise awareness about router security vulnerability. In the meantime, we suggest you change that default password.
SlySoft's latest AnyDVD HD release strips BD+ from Blu-ray Discs
The title pretty much says it all here, folks. Just a few months after SlySoft revealed a beta of its AnyDVD HD software which obliterated BD+, v6.4.0.0 has finally arrived and proudly possesses the ability to "remove BD+ protection from Blu-ray Discs." Among the other changes is an option to enable / disable BD+ removal, a fix for seeing a black display with some BD discs and other minor DVD-related tweaks. Brimming with excitement? Hit up the read link below -- your next download awaits.[Thanks to everyone who sent this in]
Vista copy protection cracked, totally, for real
They've finally, really done it. Your good friends in the hacking community have apparently come up with a solution to get you Vista -- should you want it -- activation free. According to a report, there's now a cracked, full version of Vista floating around that totally circumvents that cumbersome and costly activation process. The crack supposedly stems from OEMs (and end users) that were fed up with that process, and somehow persuaded Microsoft to pull an up-up-down-down maneuver and make the OS work, sans activation. The software utilizes System-Locked Pre-Installation 2.0, embeds OEMs BIOS files (signed by Microsoft), and passes all of the company's Windows Genuine Advantage checks. Of course, maybe it's possible that the folks in Redmond care more about users adopting Vista than they care about them paying for it. Nah, probably not.Update: According to our suave, stylish, and clearly informed readers, this hack has been floating around for some time. So for those who know, feel free to move on, otherwise; check it out, Vista activation bypassed![Via Techdirt]
Mac OS X password recoverable from RAM?
In a recent post over at Ars Technica, they say that Mac OS X users could have their login passwords recovered through physically accessing the RAM. This comes after FileVault was proven to be cracked. The article notes that Mac OS X and certain applications store the user's password in memory, leaving it there after you've logged in. While locally-running apps cannot readily retrieve the password, someone could get access to the contents of RAM after the computer has been rebooted or shut down. This could be accomplished by physical means and might require the hacker to remove the RAM cover on your Mac and chill the RAM, as suggested by Edward Felten's research team at Princeton. This freezing allows the information to stay on the RAM for longer than the normal 2.5 to 35 seconds -- allowing someone to place it in another computer and read the contents.In a separate approach to the password-in-RAM vulnerability, CNET witnessed an EFF demo of an attack using a custom NetBoot "EFI memory scraper" to record the RAM contents on reboot and save the data as a file on another machine over the network -- the attackers were able to clearly find the login password in the file. Again, this attack requires physical access to the machine (in order to force the NetBoot via holding down the N key on restart) within a minute or two of shutdown. However, an attacker could conceivably target a machine that was locked or sleeping (with RAM contents 'live'), power it off and back on, and use the NetBoot attack immediately.While Apple has been made aware of the attack (notified on February 5), no fixes for these issues were reported in the 2/11 security update. According to CNET, an Apple spokesperson said they were aware of the issues and were "working to fix it in an upcoming software update." Until this update comes out, you may want to set a firmware password for your Mac, or wait longer to leave your unattended Mac after a shut down. Alternatively, we have lovely TUAW-branded tin foil hats available for purchase. [via Ars Technica]
Overheard@GDC: crack and the mobile games business
Not everyone is a fan of cell phone games and their development. Said an anonymous attendee at the Telltale party tonight, "Sure, mobile games are big business. Selling cocaine is big business, too. That doesn't make it respectable." It does add a new meaning to the term "Crackberry" (yeah, we're punny).
PSP firmware 3.90 cracked (yes, already)
Well that was fast. Here we are, not more than two days after the Skype-granting PSP 3.90 firmware was released, and a new custom firmware comes along to let PSP owners run homebrew and/or pirated programs yet again.While there aren't many exciting new features for this quick and dirty custom firmware upgrade, we should note that the M33 line of hacks now has the ability to download updates directly from the internet via Wi-Fi using the PSP's built-in Network Update tool. When PSP users don't even have to be tethered to a computer to break Sony's copy-protection, what chance does Sony really have of stopping them?[Via PSP Fanboy]
ES&S e-voting machine fails epically at withstanding hackers
We're going out on a limb here and assuming that precisely no one is surprised, but yes, another e-voting machine has proven totally incapable of resisting even the most unsophisticated of hacks. Not long after California Secretary of State Debra Bowen okayed the use of systems that failed prior security audits provided they make a few last minute attempts to appear invulnerable, a security penetration team revealed that an ES&S test system was no better than the rest. Reportedly, Red Team researchers were able to circumvent physical blocks with little effort, and they were even able to access internal files by making a quick and dirty change to the BIOS and booting it up with an external memory device. Needless to say, this deceased horse has been bludgeoned quite enough, but if you're interested in seeing a dozen pages of epic failure, the read link has got you covered. [Warning: PDF read link][Via ArsTechnica, image courtesy of USA Today]
SlySoft's latest AnyDVD beta cracks BD+
Regardless of what those oh-so-knowledgeable analysts had to say, we all knew this day was coming. Yep, that highly-touted, totally "impenetrable" copy protection technology known as BD+ has officially been brought to its knees, and it's not at all surprising to hear that we have SlySoft to thank. The AnyDVD 6.1.9.6 beta has quite a comical change log too, and aside from noting that users now have the ability to backup their BD+ movies and watch titles sans the need for HDCP-compliant equipment, it also includes a candid note to Twentieth Century Fox informing the studio that its prior assumptions about BD+'s effectiveness were apparently incorrect. You know the drill, hit the read link below to try 'er out.[Thanks, Aaron]
Virtual reality game gets Pavlovian on crack addicts
Bless you classical conditioning, for without you we wouldn't have stories about virtual crack dens. A Duke University developed game is attempting virtual reality therapy for crack addicts hoping to break their addiction. Prof Zack Rosenthal states that the game takes people "into a virtual crack-related neighborhood or crack-related setting and have them experience cravings, just like they would in the real world." Rosenthal says cravings are a mental and learned behavior which the game attempts to quell.Subjects will face in-game temptations and be required to rate their level of craving, after which the craving is expected to subside due to the game's inability to deliver a real fix. The therapist then ties the moment the craving subsides to a tone trigger, leading the addict to "associate the sound with the sensation of a decreased craving." Yup, it's all one giant virtual reality "Pavlov's Dog" simulator. [Via GamePolitics]
SlySoft claims to have cracked BD+, naysayers fall quiet
We haven't broken down the minutes and seconds or anything, but we're fairly certain that July 10th wasn't exactly ten years ago. Nevertheless, the so-called "impenetrable" BD+ DRM scheme has reportedly already been subverted, and it's no shock to hear that the folks behind SlySoft had a hand in it. Regrettably, there's not a lot of details beyond that just yet, but according to the outfit's CEO, the software is ready to rock and should be released before the end of 2007. Chalk (yet another) one up to the hackers.[Via HighDefDigest, thanks to everyone who sent this in]
iPhone v1.1.1 firmware gets the Jailbreak treatment
For all you fanatics on the edge of your seat over the iPhone v1.1.1 hacking situation, there's some good news on the horizon. According to Erica Sadun -- one of the soldiers heading up the fight to break Apple's stranglehold -- the iPhone / iPod touch dev team have indeed managed to Jailbreak the new update. Apparently, the general-use tool hasn't made a showing yet, but baby steps have been taken, and the goods are sure to follow. So what can you expect? Third party apps are working, but will probably need to be recompiled due to the new frameworks, Springboard won't recognize DisplayOrder.plist (included apps now seem to be hard-coded into the Springboard app), you can activate the phone with third-party workarounds, and the Mobile Terminal and BSD suite work, as well as ARM-compiled command-line utilities. Of very interesting note: Erica says that the new firmware references both Nike and a radio, and that the devs are taking up a fund to buy a cake and deliver it to Apple, courtesy of "the Crazy Ones." She says the Jailbreak isn't "ready for prime time," and based on this info we tend to agree, but if you really want the full scoop, truck over to TUAW and check out the info for yourself.
eFuse successfully "blown," Xbox 360 kernel downgrades possible
A team of modders have found a way to downgrade the Xbox 360's kernel, giving the console potential for a greater homebrew effort than at present. Key to a homebrew scene is the ability to modify a console's core software: even if reverting to an older version means no more Xbox Live for you, the presumably looser security in the older software equals easier hacking. We won't even go into how it was done, beyond saying that it involved eFuse "timing attacks" and ignoring the harder "CPU-key hack." *Sob*, we'll never be 1337.[Via Xbox360Fanboy]
Workaround enables Netflix 'Watch Now' titles to be decrypted, saved
Looking for a new way to use FairUse4WM? Have a Netflix account? If so, go on and roll your sleeves up, as a crafty (and acrimonious) fellow has managed to find a workaround that enables you to not only decrypt the DRM-laced "Watch Now" movie files, but save them to your hard drive for future viewing. Admittedly, the process is somewhere between painless and potentially frustrating, but the gist of it involves Windows Media Player 11, FairUse4WM, Notepad, a Netflix account, and a broadband connection. Through a series of hoop jumping, users can now strip the "Watch Now" files free of DRM and watch them at their leisure and on any video-playing device they choose. Granted, there's certainly issues of legality mixed in here, but where there's a will, there's a way. [Warning: Read link language potentially NSFW][Via TVSquad]
Team Xecuter's Hard Drive Xtender replaces PS3 HDD with your own
Rest assured, those looking for a clean solution to add hard drive space to their PlayStation 3 had mixed emotions when pondering the Hyperdrive. Thankfully, Team Xecuter has unveiled a much sleeker (and flexible) alternative with the Hard Drive Xtender; the device actually replaces the internal PS3 hard drive and provides a plug to run externally, where you can then attach your favorite SATA or IDE drive (with optional adapter). Obviously, the biggest boon in this setup is the money you'll save from not having to spend a small fortune on a dense 2.5-inch SATA drive, and considering that the Hyperdrive can reportedly be used in conjunction, the limits of PS3 capacity are now slightly closer to endless. Hackers rejoice, it's yours for a meager £12.99 ($26).[Thanks, Jaimesh]
Custom iPhone ringtone hacking instructions prepped for noobs
If you can't wait for the eventual Apple update, then by all means have at it weekend hackers: custom iPhone ringtones can now be yours. Disparate hacks have been cobbled together into a step-by-step guide over at the appropriately named hacktheiphone site. The instructions make use of both the iPhoneInterface and jailbreak hacks which opened up full access to the iPhone's UI and filesystem. Unfortunately, the former only works on the Intel-based Macs at the moment. For those of you a bit wary of screwing the $600 pooch somewhere along the 23 steps, take heed: "everyone [they] know has been able to restore their iPhone fully by using iTunes." So go ahead, we double-dog dare ya. Just report back in the comments how it went, mkay?[Thanks, HaJo and Richard]
Analyst claims BD+ is impenetrable for ten years, hackers chuckle
We must say, it feels awfully good to not be Richard Doherty of the Envisioneering Group right about now, as he's probably taking an incredible amount of flack for his nonchalant comments made in the latest issue of HMM. As seen in the scan, Mr. Doherty claims that "BD+, unlike AACS, which suffered a partial hack last year, won't likely be breached for ten years." As if that weren't comical enough, he also added that "if it were, the damage would affect one film and one player," essentially nullifying his prior claim of invincibility. Of course, he did mention that BD+ offered up "four times the safeguards on top of AACS against piracy," so we'll give the oh-so-inundated hackers about four times longer than usual to prove this guy wrong.[Via Slashdot]
iPhone Hackers: "we have owned the filesystem"
The kooky hacking kids over at IRC channel #iphone claim to have gained full ownership of the iPhone filesystem. In an update titled "How to Escape Jail," they highlight the technical steps required to enable custom ringtones, wallpapers and more for your iPhone. They have not released a tool for general consumption -- yet -- but do provide the picture above as evidence of their hacking skillz.
