hacking
Latest
Apple sends takedown notice to iPod hacker's ISP
Yesterday, Erica posted in her state of the iPod touch jailbreak that a hacker named "Martyn" had obtained a broken iPod touch, and was planning to dive in and download every bit of code on it in the increasingly complicated effort to put 3rd party applications on the iPod touch. He didn't plan to release the code to the public, but he did plan to upload the code to a secured area of his site in order to let the other touch hackers have a crack at it.But even before his upload finished, we're told, his ISP showed up, with a takedown notice in hand. Apple had somehow found his site, had contacted his ISP, and let them know that it would be against copyright law for him to upload that code to the Internet. Martyn isn't interested in breaking the law (and it would be illegal to share that code), so he pulled the page off. But what's amazing here is how fast Apple moved on this-- either they've got someone listening in on the development wiki, or they're taking cues from us on how things are going over there (hi, Apple!).Despite what we've heard before, clearly they are very, very interested in making sure the iPod touch doesn't get hacked. Martyn tells me, as has Erica, that Apple has clearly gone out of their way to keep hackers out of their latest iPod. We're also told that progress continues despite all that, but Apple is apparently bending over backwards to do everything they can to keep the iPod touch closed.
iPhone hackers create open source unlock
Well despite the fact that some hackers claimed they weren't working on an open source iPhone unlock, it appears it's happened anyway. iPhone hackers have released a free software unlock for the iPhone.Apparently there are two solutions-- the one above is part of a script based on ieraser, and the other is called iUnlock (Engadget says that one "appears to be in a more complete state"). We aren't yet sure what these do-- whether they're an actual unlock, or simply a reverse engineer of the iPhoneSIMfree unlock released the other day.Either way, it doesn't much matter (hope iPhoneSIMfree made their money while they could). Even if these solutions (both of which seem to be straight code at this point-- there's still no simple "userfriendly, automated tool" available) aren't exactly what people need to use any SIM in their iPhone, a free, open source solution is likely just around the corner. Until Apple changes the firmware, that is.
Playing with the iPhone's accelerometer
Yesterday, we saw what Medallia was doing with touchscreens a few months ago, and today, we've got hot off the press news about what they're up to with the iPhone's accelerometer. Erling has found a way to pull the raw data off of the iPhone's LIS302DL, a 3-axis accelerometer that's currently used for noting when you're looking at Safari vertically or horizontally. A few hackers, like the folks behind Tilt, have been able to catch the iPhone noting the change itself, but this is the first time, I believe, that we're seeing live data come right off of the unit at a high sampling rate, enabling Erling to pull off the magic seen above.And the best part: source code is up on the site. iPhone programmers, start your engines-- we've got a whole new interface to work with.[ via Waxy ]
eFuse successfully "blown," Xbox 360 kernel downgrades possible
A team of modders have found a way to downgrade the Xbox 360's kernel, giving the console potential for a greater homebrew effort than at present. Key to a homebrew scene is the ability to modify a console's core software: even if reverting to an older version means no more Xbox Live for you, the presumably looser security in the older software equals easier hacking. We won't even go into how it was done, beyond saying that it involved eFuse "timing attacks" and ignoring the harder "CPU-key hack." *Sob*, we'll never be 1337.[Via Xbox360Fanboy]
Diebold says e-voting sales have failed
According to an AP article released today, Diebold, one of the prominent makers of the recently embattled electronic voting machines, says that the company has failed to make its e-voting business profitable. If you'll recall, Diebold machines have repeatedly been the target of various hacks, many of which have proven the machine to be susceptible to intrusion from outside elements and thus unreliable from a security standpoint. The company has reduced its revenue outlook by $120 million, and has plans to allow its e-voting unit to operate more independently, giving the team its own board of directors and possibly a new management structure. To complete the overhaul of the ailing division, the company will also change the name of the branch from "Diebold Election Systems" to the starkly different "Premier Election Systems." Diebold blames the "rapidly evolving political uncertainties and controversies surrounding state and jurisdiction purchases of electronic voting systems," for much of its problems... as opposed to the fact that they currently produce faulty, unprotected, and unreliable machines.
Metal Gear Solid Online encourages hacking opponents
Shaky cam video footage of a TV program revealed a few new details on the upcoming PSN title, Metal Gear Solid Online. In it, a Konami producer explains the hacking mechanism that'll be crucial to the online collaborative experience. "You're encouraged to link up with your teammates. If you link up, you can share information. You can see what your teammates say, you can see how they're doing, their battle condition ... One of the guys that was playing, he captured an enemy, and then hacked into his nanomachines that's connected to his team and he was able to get all the information of his opponent's team that was all linked up." Certainly sounds intriguing! We can't wait until the beta releases later this year, and we hope someone in Kojima heaven will grace us with a chance to play it.
Doom on the iPhone... almost
After the NES emulator, you knew it was just a matter of time, and now Doom is running (though not playable yet) on the iPhone.stepwhite is behind this one, too, and he worked it up because he'd promised a friend he would (not to mention that he was prominent requests for it on Waxy.org, and some other little Apple site you might know). Unfortunately, he hasn't implemented a controller system yet (all you can do right now is watch the demo scenes), but that's the beauty of open source-- no doubt some intrepid programmer out there has an idea on how to do it. Also, you gotta turn that thing sideways, man! This isn't the iPod; let's use the whole screen space.Geez, after Doom, what's left? Quake III Arena? I stand in awe of what you programmers have been able to do with the iPhone.
iPhone Hacking 101: Jailbreaking
When you want to add ringtones, change wallpaper, or run third-party applications on your iPhone, you need to perform a task called "jailbreaking". What this does is to open up your iPhone's file system so it can be accessed from your computer. There are a number of tools available to jailbreak. If you're on an Intel Mac, you just won the lottery. The easiest software to use, by far, is iFuntastic. It walks you through the entire process with helpful prompts and pictures and is very simple to use. The iFuntastic crew promise PPC support in upcoming releases. If you are a PPC user and don't have the desire to download, compile and install complicated hacker tools you might be best served by just waiting for the next iFuntastic release. Also keep in mind that you don't have to jailbreak on your own computer. You can borrow a friend's computer for 15 minutes to use iFuntastic. That's handy if you're a Windows users or on a G4 or G5. A much more complicated alternative to iFuntastic is the iPhone Utility Client, with its amusing acronym iPHUC. You will have to google for the link as the website in question has requested no direct links. If you have access to developer tools, iPHUC will allow you to jailbreak on your G4 or G5. I warn you that the process is ugly and involves extreme hackery. If you want a slightly easier way to use iPHUC, the latest version of the iActivator tool performs iPHUC-compatible jailbreaks. Best of all, it's a Universal Binary. For Windows users, there's the original fully-leaded jailbreak utility. The complicated bit is that it requires that you have a copy of the original 1.0.0 firmware present. To get that, you will have needed to have restored your iPhone at least once during it's 1.0.0 release. The bottom line is that if you don't own an Intel Macintosh, the path to jailbreaking is difficult and complicated. You'll need to google a lot and, I recommend, rely on social networking. The best place to get started with jailbreak is over at irc.osx86.hu, in the #iphone channel. Be polite. And remember, anyone helping you out is doing so of their own goodwill. Thanks Nate True, duck_tape and Ste.
iFuntastic 2.5 for iPhone brings full file browser, even more customizability
The iPhone Alley crew are on fire with iFuntastic, their iPhone hacking and modification tool. Just over a week ago they released v2 that brought custom ringtones and reordering apps, and now v2.5 ushers in another major milestone of iPhone hackery: a full file browser and manager. If you've been waiting to dig into your iPhone, edit images and logos or get to even more serious tinkering, this is likely the tool you've been waiting for. Other new features in this version include replacing any system sounds and coloring iChat SMS balloons. Unfortunately, iFuntastic 2.5 doesn't support PowerPC Macs just yet, but iPhone Alley has promised that the next version - which is set to arrive "any day now" - will. More details on the changes in this new version and a download link are over at iPhone Alley.
Fresh study (still) finds Diebold e-voting machines hacker-friendly
The fact that some individuals still have any level of faith left in Diebold is quite baffling, but in case you were looking for just one more episode to dash your hopes of a hack-proof voting machine, open wide. As fate would have it, a fresh study in Florida has found that even optical scan voting systems "can be hacked into," which is causing quite a bit of concern considering that touchscreen alternatives aren't exactly an option in the Sunshine State. Reportedly, the document noted that "official memory cards in the optical scan machines could easily be exchanged with ones altering the vote count," and it was also stated that Diebold must "deal with the flaws" by August 17th. Yeah, we're sure it's all over that.[Thanks, Josh]
California white hat hackers: 3, Diebold and friends: 0
In a move which will bolster your undoubtedly high sensations of "faith" in the US voting process, a group of University of California researchers have just hacked their way through security on nearly every voting machine certified by the state of California. According to Secretary of State Debra Bowen, who initiated these tests, the team was able to "bypass physical and software security in every machine they tested." The group, which was sanctioned by the state, was given full access to the machines, as well as their source code and manuals, leaving some to argue that the test doesn't accurately depict how vulnerable the machines are -- because we all know how hard it is for hackers to get their hands on that kind of stuff. The report will affect whether or not Bowen approves the systems for use throughout California in its upcoming presidential primaries. It looks like 2008 is going to be an exciting year, to say the least.[Via The Raw Feed]
iPhone "Hello World" binary released
The busy beavers of the #iphone IRC channel, whose collective efforts have built the first unauthorized iPhone GUI application (it displays "Hello World" and does nothing else), have released the source for the demo app, buildable with the community-built toolchain and UIKit. There's also a compiled binary version of the app being hosted here.Our collective hat is off to the dedicated hackers who are building a development environment for the iPhone from bits of string and folded-up tinfoil. It's an impressive achievement.Thanks #iphone and Erica
Hello World, says iPhone
Those crazy dudes working around the clock to hack the iPhone open have gotten one step closer. Last night, it was posted on the iPhone dev wiki that a hacker named "Nightwatch" had compiled and launched a Hello World application, the first nonstandard application to run on the iPhone. He did this by using a project of his called the ARM/Mach-O Toolchain, which is "being refined and tested" and "should be released as soon as possible."This does not mean, however, that the iPhone is completely broken open-- from what I understand (and I'm definitely not a hardcore hacker), each iPhone has its own special code to be cracked, and even if the code is entered, there's no guarantee that the next software update won't break everything again.But running a user application-- any user application-- on the iPhone is definitely a huge step in the process, and it's the result of a lot of these guys working around the clock since iPhone's release. Good for them.Thanks, Mike D!
Rootkit hack taps Greek prime minister's phone
In 2005, Greek authorities discovered a plot hatched and executed by unknown sources which allowed the tapping of wireless phones on the Vodafone network belonging to the country's Prime Minister and other top officials, making it one of the furthest reaching covert infiltrations of a government in history. A recent report from IEEE Spectrum shows that the tap was made possible by a 6,500 line piece of code called a rootkit, the first-ever to be embedded in a phone switch's OS. The complex hack took advantage of aging phone systems by disabling transaction logs on calls and allowing call monitoring on four switches within the teleco's computers, thus sending the call to another phone for monitoring (similar to a legal wiretap). The spies covered their tracks by creating patches on the system which routed the calls around logging software which would have alerted admins, and were only discovered when they tried to update their software. The case clearly exposes holes in call security amongst providers (due largely in part to outdated systems), and suggests the possibility that this kind of thing could easily happen again... to you![Via textually]
iPhone hackers turn up a few vulnerabilities
To no one's surprise, hackers have been hard at work on the iPhone since day one, and it looks like they're already turning up a few vulnerabilities. As The Register reports, the folks at Errata Security seem to have been the most successful to date, finding not one, but two "bugs" with the phone. The first is apparently similar to one of the bugs recently found in the Windows version of Safari which, in this case, allows someone so inclined to take control of the browser and run applications by causing a buffer overflow. The second, somewhat simpler flaw Errata discovered is that the device can apparently be easily locked up when exposed to a so-called Bluetooth "fuzzer." Despite that, the Errata folks say that they think the iPhone "is inherently more secure than competing smartphones," largely due to its dependence on iTunes and its ability to push out security updates faster than carriers are able to. As The Register points out, some intrepid "researchers" also recently discovered the passwords required to give an application root access although, as of yet, no one's actually found anything useful to do with them.[Thanks, Jags]
Web-based iPhone games begin to appear
So you waited in line all day Friday for a coveted iPhone only to find you're already bored with the device's map-displaying, music-playing, video-watching, text-messaging, internet-browsing and sticky-bun-making capabilities. What you need is a quick, diverting touch screen game to distract you. Unfortunately, despite rumors that the likes of EA and Nintendo are looking iPhone game development, Apple is so far not providing any downloadable games for the device, or even hinting that any are coming down the pike. You can't even play your old iPod games on your new toy. What's a game-loving iPhone owner to do?Enter the web. Already sites like iGiki, fun4iPhone, and MacMost are hosting simple web-based iPhone games to keep you busy. Much like similar web-game portal Wiicade, these games will work on practically any computer with a mouse but have been designed with the iPhone's screen and unique capabilities in mind.Unfortunately, since the iPhone's Safari browser doesn't support Java or Flash, the offerings thus far are limited to relatively simple and uninspiring JavaScript games. Still, we're hopeful that the burgeoning iPhone hacking community can get around this limitation and turn the iPhone into the game-playing device it's obviously destined to be.
Sony preaches the smack to circling PS3 hackers
Sony's PS3 anti-hacker walls are crumbling, with an exploit for 1.10 and 1.11 firmwares recently found, and the announcement of the first copied game to boot on the heretofore unassailable console -- though it isn't actually playable yet, just booting. Sony, of course, isn't taking this lying down, and has threatened legal action to anyone using these new exploits illegally. "Unfortunately, hackers will try to exploit any hardware system software," said SCEA spokesperson Dave Karraker. "The best we can do as a company is to make our security that much stronger and aggressively pursue legal action against anyone caught trying to use an exploit in an illegal manner." Of course, Dave wasn't abundantly clear as to what's "illegal" activity, but soundbites aren't exactly the best place to start bantering about fair use. What is clear is that these are only the opening shots in what promises to be a long war between Sony and the homebrew scene, with the PSP community providing the best example of what Sony most hopes to avoid, for reasons not wholly comprehensible.
Sony vows legal action against hackers and pirates
SCEA has declared that they will "actively pursue" legal action against hackers that attempt to crack the PS3 anti-piracy software. This announcement arrives just after recent news that hackers were close to completely cracking the PS3 anti-piracy software found in firmware versions 1.10 and 1.11. Their progress on the crack would allow pirated PS3 games to boot, but they still were not playable. The homebrew community is also still waiting in the wings, as even this latest attempt still prevents any type of homebrew gaming on the PS3 console. Obviously, SCEA hopes to stalwart further progress and deter hackers from completely subverting the anti-piracy measures completely, because saying "please" just doesn't carry the same weight as legal action. Dave Karraker, SCEA spokesperson says, "the best we can do as a company, is to make our security that much stronger and aggressively pursue legal action against anyone caught trying to use an exploit in an illegal manner." The pirates who want to burn and run copied PS3 disks? Yeah, they're bad. Bad, bad. Spankings all around kind of bad. And if you're thinking of doing it, you shouldn't. Go find someone to deliver a spanking for even thinking such thoughts. On the homebrew front, we're kind of indifferent. Now, we're stepping out on a very thin limb here, but maybe, just maybe if Sony was a little bit more organized in lining up a steady stream of content for thirsting PS3 owners, we wouldn't have hackers so interested in cracking the PS3 for homebrew. What do you think?
TiVo fears new open source license will harm business
As if TiVo honestly needed any more reasons to fear for its life, it looks like the forthcoming version of the General Public License could actually do more "harm to its business." It the firm's most recent regulatory filing, it warned that the third version of the aforementioned license "would prohibit manufacturers of consumer appliances that use open source software from implementing technical measures designed to prevent user modifications," essentially giving the TiVo hackers of the world even fewer hoops to jump through. TiVo fears that if GPLv3 is widely adopted, it may be "unable to incorporate future enhancements to the GNU / Linux operating system into its software," which would obviously affect the outfit in a negative fashion. Notably, Novell has also spoken up about how this latest document could "disrupt its Linux distribution partnership with Microsoft," but unless something major happens rather hastily, the Free Software Foundation reportedly expects GPLv3 to be published sometime this summer.
User-created WMDs do massive damage in Second Life beta test
Virtual world pioneer Randy Farmer loves to mess around with MMO games. As a beta tester for Second Life, Farmer was responsible for one of the first legendary events in the game: the Jessie Massacre. Out of curiosity, he created a weapon of mass destruction and unleashed it on a community of former WWII gamers. The resulting mayhem made him the target of more than a few nasty looks, but to the rest of the community he was thought of as a hero. Using the SL creation tools, Farmer constructed tiny, almost invisible objects and programmed them to explode into dozens of fragments, flying out at maximum velocity and doing loads of damage. Afterwards the fragments teleport themselves to a random location and start the carnage again. The only way to stop them was for Farmer to shout "STOP!".As you can guess, chaos ensued when the WMD was unleashed in the town of Jessie. Farmer quickly decided his completely scientific beta testing experiment was a success and went to disarm the grenades. Then he ran into a small problem: he couldn't find the little invisible buggers. With help from Linden labs he managed to remove the bombs, but the legend of the Jesse Massacre lives on.[Via GameSetWatch]
