hacking
Latest
Hacker gets revenge on Puzzle Quest's bullying AI
We're not certain what sort of demonic sacrifices Infinite Interactive made to grant Puzzle Quest its hellborn AI, but we imagine that the cursed contract that authenticated the ceremony was written with the blood of many innocents. The match-three puzzler does everything short of outright cheating, stealing your advantages and setting up multiple combos, each computer-cleared gem bearing the mark of Mephistopheles.DS gamer Zaraf plotted a strategy that would tear down the AI's defenses and avenge dozens of unfair losses. Unwilling to spend months leveling up and making preparations, staying his vendetta, he hex-edited the game to to max out his character's stats. Zaraf then armed his warrior with a class spell called Deathbringer, enabling him to fill the screen with an amount of damaging skulls equal to half of his red mana. Head past the post break for the results caught on video.
Hackers next target: your in-car navigation system
We hate to break it to you, but that oh-so-reliable GPS system that you simply obey each day could eventually lead you down a dark, perilous path. No, we're not referring to the blind faith drivers who throw caution common sense to the wind and drive directly into sandpiles and bodies of water, but a new discovery has found that the unencrypted data that's beamed to drivers everyday via RDS-TMC navigation systems could be undermined with relative ease. Andrea Barisani, chief security engineer with Italian consultancy Inverse Path, has claimed that the wireless signals could not only be intercepted, but incorrect directions could actually be used to lead motorists into a trap, direct traveling competitors away from a sales presentation, or create a massive gridlock by instructing the weary working crowd to all take the same "detour" home. It was noted that some firms are already looking into more secure methods of delivering such critical information, and considering the lessons we've already learned about GPS-addicted drivers, the updates can't come soon enough.[Thanks, Andrea B.]
Nintendo reportedly planning another Modchip-busting revision
Even though there's no love lost between Sony and Nintendo fanboys, the two ancient rivals may soon have one thing in common: an ongoing battle with their respective deities over modding their precious consoles for homebrew. PSP owners are well aware of the epic back-and-forth struggle between hackers like Fanjita and Dark_Alex and the obviously-frustrated firmware programmers over at Sony, and now DigiTimes (they of the rather dubious Apple rumor track record, mind you) is reporting that Wii lovers may soon be faced with yet another round of modchip-nullifying hardware revisions from Nintendo. The good news is that -- as usual -- the altered circuit layout shouldn't thwart modders for more than a few weeks at most, even if Nintendo decides to move over to so-called ball grid array IC packaging according to "providers of Wii modification services in Taiwan." Still, if these rumors turn out to be true, it would seem that Nintendo is pretty committed to tripping up the Wiinjas and TeamCyclopses of the world, and making your choice of their wares just a little more difficult.
One-stop-shop for Apple TV tech geekery: Apple TV Hacker
High-def video consultant Mike Curtis (of HD for Indies fame) has launched a new blog dedicated to the Apple TV, dubbed Apple TV Hacker, where he hopes to share his "latest reports and doodles and discoveries about what can be done with, and more importantly, TO an AppleTV." So, if you have any interest in tooling with your brandy new Apple TV beyond playing with the standard features, this site is shaping up to be a valuable resource for in-depth Apple TV tech geekiness. Expect much more content when he receives his own device and puts it through his own "heavy paces".
Microsoft admits uptick in Live account hacking, writes it off to social engineering
Everyone enjoys a good Xbox hack, but they're not so fun when the tables are turned and it's your Live account that's been commandeered by crooks -- who are supposedly draining your credit card while you're stuck on the sidelines with a duplicate, unusable Gamertag. While it's not surprising that hackers would hijack online accounts to snatch valuable personal info, the question being raised in forums and now in the media is how Microsoft has been dealing / plans to deal with these breaches. The company first admitted that "there have [recently] been reports of fraudulent activity and account theft taking place" on Live when contacted by CNET, and went on to say that it is "actively investigating all reports of fraudulent behavior and theft." However, Major Nelson is now reporting that Redmond has found "no evidence of any compromise of the security of the Xbox Live Network or Bungie.net," and is attributing all of the recent incidents to "malicious users...attempting to draw personal information from unsuspecting users." It's hard to imagine that the uptick in fraud revealed to CNET is due solely to an increase in gullible gamers, but unless Microsoft plans on tightening security, all you can really do is continue to exercise the usual precautions or cancel your account and get your MMO fix from Yahoo! Bingo.[Via Joystiq]
Microsoft investigating possible Xbox Live hacking
CNet has the scoop on what a Microsoft representative calls "reports of fraudulent activity and account theft taking place on the Xbox Live network." The company is investigating the claims, which include use of stored credit card information to run up massive Xbox Live points charges.It's not yet clear how extensive these problems are, but anecdotal evidence from forums and web sites shows how the apparent theft can manifest itself. It's not yet known if the unauthorized use is the result of hacking in Microsoft's network or a phishing scam to get login details from individual users.We're waiting to hear back from Microsoft on the extent of the problems and what specific steps are being taken to fix them. We'll keep you posted.Update: Major Nelson: No Xbox Live security breach
SXSW: Game Perverts
At first glance that panel title sounds like a very special episode of Dateline NBC's "To Catch a Predator," but the subtitle makes it a bit clearer ... for some: "A Robot, a DS, and a dot-matrix printer menage a trois." This panel was all about hacking and homebrewing, and we saw some pretty cool stuff. Bob Sabiston's Nintendo DS animation project -- this is a homebrew kit that Bob began developing after sending Nintendo a letter explaining that he was a fairly decent programmer and engineer (he is - he wrote the rotoscoping software used for the animation in Richard Linklater's A Scanner Darkly) and they sent him a software development kit for the DS. His animation and painting program is one of the best apps we've ever seen on the DS, and even the artwork he's produced on it is very impressive. Rich LeGrand got into game robotics with the Game Boy Advance, because there is a fairly limitless supply of hardware available on eBay at around $20 a pop. He reverse-engineered a robotics tool for the GBA called the Xport, which he sells through his company Charmed Labs, that lets you program and build a robot around your handheld (most people use Lego for the robot exoskeleton). He has also very successfully not been sued by Nintendo. Paul Slocum took an old Epson LQ500 dot-matrix printer and reversed engineered a box that lets him program and play music through it by changing the speeds and strengths that the pins strike the paper. It really has to be heard to be believed (it's part of the song - former dot-matrix users will hear it right away). He also uses an Atari 2600 with a modified cartridge to generate drums and "bleep" sounds. Pretty impressive stuff. We lovingly retitled this panel "How to hack up your precious hardware," but now we're thinking about cracking something open and giving it a whirl. We just wish we'd kept those old dot-matrix printers.
Microsoft's sneaky Xbox 360 "update"
In an underhanded move -- some would say, without honor -- Microsoft has covertly patched a security vulnerability in Xbox 360 that allowed hackers to run their own software. Disguised as an "operating system update," the patch seals off the console's non-privileged memory areas, which hackers are using to do such depraved things as write "Hello World" and try to run Linux. The update will be included with all games released after February 20 and is available to download via Xbox Live or the Xbox website (burnable onto CD or DVD). You best grab it before the uncontrollable urge to indulge in naughty hackery takes hold.Next time, Microsoft, tell us what we're downloading instead of slipping us a patch in an update's clothing. We're on to your shenanigans...[Via Engadget]
Mii pants hacking
Blogger David Hawley has apparently uncovered, using a hex editor, the future of Nintendo avatar pants: "Special Miis" with pants of gold. If you can get your Mii over to your PC, then you can edit it in hexadecimal to create such a Special Mii. Special Miis cannot be copied, only moved; if you try to put two identical Special Miis in a Plaza, they will disappear.He has also figured out how to make "foreign" Miis, who are adorned with the blue pants worn by Miis made in other people's Wiis and visiting your Plaza. We have yet to verify this with our own Miis, so be careful when performing code surgery on your Mii.We wonder what Nintendo thought gold pants would be an appropriate reward for. Maybe they're planning a Studio 54 Channel?
GameTrailers.com hacked
Late this weekend video game media site GameTrailers.com found itself on the receiving end of a joyfully implemented internet shenanigan. Hacked by a not-very-mysterious source, it seems the miscreants didn't do much more than defile the home page, alleging that someone other than MTV "owns" them and making sure we know how to get in touch with them for more witty banter. GameTrailers is back up and running now, serving delicious content as if nothing ever happened.[via digg]
Silica hack "tester" perhaps too good at its job
As if we didn't have enough cause to be paranoid about WiFi hacking, Justine Aitel has worked out a way to do it completely automatically -- your ports will never be safe again. Justine's Immunity Inc. has developed a tool it calls Silica, which runs a custom version of CANVAS, Immunity's point-and-click attack tool, on a Nokia 770. The 770's touchscreen displays three simple buttons: "Scan," "Stop" and "Update Silica." As soon as you hit Scan, Silica can start hopping onto WiFi networks, search for open ports, and automatically launch code execution exploits. For instance, you could set Silica to download anything of interest off of exploitable file shares, then put the 770 in your pocket and walk through an office, gleaning all sorts of fun files to peruse later, or even have the device actively penetrate machines and have them hook up to an external listening port via HTTP / DNS at your bidding. Sounds pretty malicious, but it's all in the name of safety -- Immunity sells the $3,600 device to penetration testers to have a quick and automated way of testing network security on the spot. Once you're done running the scan, you get an HTML report of Silica's findings, meaning even a noob can get their hack on with this thing. Immunity keeps track of new exploits, and sends out updates about once a month to Silica users. Of course, Immunity also tries to be careful who they sell the device to to make sure it doesn't fall into malicious hands, but there's no way to be 100 percent sure, so we recommend unplugging your router now, selling the house and kids and moving to a mountain cave before it's too late.[Via Slashdot]
Ben Heck explains how to make Wii laptop
Remember that crazy Wii laptop Engadget commissioned from mod extraordinaire Ben Heckendorn? Well, Ben Heck was kind enough to write up a thorough how-to guide so that we can emulate his work. The third and final part of his instructional guide has been posted onto Engadget so that you can now get out your soldering iron and copies of Hardware Hackery for Dummies and give your Wii a crazy makeover. Part 1 ripped up the console. (O, the humanity!) Part 2 rearranges the parts and designs the case. Part 3 creates the casing and puts it all together. Hack, mod and enjoy, but be wary: if you screw up, a replacement will be extremely hard to find.
Hacking e-voting machines can be hard, Diebold shows you how
You know, we could almost admire Diebold's "in face of all odds" kind of determination to ignore the haters and continue to assert that its e-voting machines are secure -- but this is just taking it too far. Alex Halderman, who was part of a team that discovered Diebold was using a rather standard sort of hotel mini-bar key to "secure" its machines from tampering, has pointed out that Diebold is showing vote-tampering wannabes just how it's done. Halderman and company refrained from posting images of the actual key, just to deter any casual voting hax0rs out there, but Diebold one-upped 'em all by posting pictures loud and proud of the keys on its own website. You have to be a Diebold account holder to actually buy one, but anyone could copy the key design from the pic -- which sounded like a great idea to Ross, who made three homemade keys based on the online pics, two of which worked to unlock the Diebold machine. Care to comment, Diebold? Oh, that's right, you're doing that whole quiet, dignified thing. As an aside, up to one-third of the e-voting machines which were used widely in the Brazilian elections in October last year showed signs of manipulation, with all sorts of number disparities and obvious fraud or malfunction. Those poor e-voting machines just can't catch a break. Check out a video of this latest Diebold hacking after the break.Read - Diebold reveals e-voting keysRead - E-vote fraud runs rampant in Brazil
Mischievous duo plead not guilty to LA traffic hacking scandal
We've seen our fair share of scheming and conniving, but a duo of engineers that were previously employed by LA's Automated Traffic Surveillance Center allegedly pulled off one of the most impactful jobs we've ever heard of. Both men have just pled not guilty to charges of "manipulating traffic signals to disrupt transportation across the city in the run-up to a union protest last August," a case which pins them with deeds such as identity theft and illegally using those 1337 skills to wreck havoc. In a situation eerily similar to that seen in The Italian Job, the pair overrode intentional barriers to access the traffic light system in LA, and proceeded to not only force lights to stay red for extended periods of time in some of the city's most critical and congested intersections, but locked out city officials from entering back in and reversing the changes as well. Ranking right up there beside the numerous ATM hacks we've seen, this job led to massive amount of chaos in the following days, creating gridlocks in some areas that reportedly took "four days" to totally clear out. If convicted, the two could face several years in prison, but if not, we're sure risk-loving tech executives everywhere are drooling to pick these two up and put 'em to (honest, law-abiding) work.[Via The Register]
iRobot releases "Create" specs, pricing
Until now all we've seen of iRobot "Create" is a bunch of FCC docs that illustrate the concept of a vacuum-less Roomba spin-off. As of tonight, iRobot has started selling the Create with a 1-2 day shipping period at prices starting from $129.99 going up to $999.99 for a 10-pack of the little fellas. Riding the wave of the open source / hacking communities, iRobot hopes that owners of the Create will do what they did with the Roomba and use their imagination to come up with innovative and zany uses for the technology. For a little taste of "the zany," check out the bionic hamster ball navigation system add-on that the iRobot engineers cooked up. Some of the features of the Create are 30 built-in sensors, a 25-pin expansion port for connecting a command module and other electronics, and a spacious cargo bay with plenty of holes for mounting hardware. iRobot is so eager to get people out there Creat-ing clever uses for their device that they're offering a free 30-day trial period, so what're you waiting for?[Via MAKE]
PlayStation 3 hacking challenge ends; winner: no one
It looks like there weren't any hackers l33t enough to meet the "0wn a PS3 and own it" challenge, wherein a modified PlayStation 3 was up for grabs to anyone who could replace a specified JPG image without violating the site rules disallowing your run-of-the-mill DoS attacks, etc. That means the tricked out PS3 featuring a 160GB hard drive, HDMI cable, Fedora Linux pre-installed, and a free game isn't going anywhere, losers! Fortunately for the PS3-less masses, you probably won't have too much trouble picking one up without resorting to beefing up your mad hax0r skillz.
HD-DVD circumvened with 360 drive [update 1]
Update: Our limited knowledge -- we are not haxxors in the least -- has led to a terminological error. AACS has not been "broken," merely "circumvented" by using the decryption keys. Furthermore, decryption keys can be revoked, meaning that the ones currently available could easily be nullified. It's also likely that the DVD software used to find the keys will be patched. Whether or not AACS was technically broken, the upshot is that you can backup HD-DVD's even though you're not supposed to, for the moment anyway. Thanks to Dylan Neild for setting us straight.Utilizing a 360 HD-DVD drive, a hacker known as muslix64 has successfully broken circumvented the AACS HD-DVD copy protection. The software used, called BackupHDDVD, utilizes cryptographic keys that are specific to each individual movie. This means that any would be makers of "backup" copies will first need the proper key. It is currently unknown where muslix64 happened upon his keys. Once decrypted, the film can be copied to a hard drive and played with the appropriate program. TeamXbox points out that Blu-Ray also uses AACS encryption, so it's only a matter of time before Blu-Ray encryption is broken circumvented as well. Muslix64 claims that it took him only 8 days to decrypt his first HD-DVD movie. Makes you wonder how much Hollywood spent developing AACS, doesn't it? The hacker made a short video showing the software facilitated decryption process. Watch it after the break.
Wiimote acceleration values plotted on a PC
While a good number of people who've gotten their hands on a Wii have caused all kinds of damage ranging from a busted window to broken TVs and beer glasses, others are taking a much more careful and measured approach to understanding the Wiimote's true nature. A fellow named Marcan42 on YouTube has put together a video which shows the Wiimote's acceleration values dumped to a computer, the first step necessary in hacking the device. It's anyone's guess how long it'll take to actually transform this raw data over Bluetooth into actual usable gameplay input and mechanics, but those hungry now for at least a video of some hot acceleration charts n' graphs need to no further than past the break.[Via digg]
PSP homebrewer creates indie game encryption system
PSP homebrewing by its very definition requires a moderate level of subversion. As Sony has shown time and time again, running unsigned code on the PSP is not the way that it wants its customers to use the PSP, simply because there's a lot more profit to be gained in selling games than there is in selling hardware. Hold that thought for a second as we bring you up to speed on the latest from the PSP homebrew scene: a developer by the name of Xart has created an encryption system for homebrew PSP code. Apparently, the problem of homebrew community members copying their fellow coder's work and re-releasing it with their name in the splash screen has become bad enough to warrant this encryption system. So lets get this straight: a coder has made an encryption system for a community that's based partly around bypassing Sony's own complex restrictions. What's next? DRM for freeware games?[Via PSPFanboy]
Mooooo! New animal-themed PSP faceplates coming soon
Talismoon, the same company that brought us the Evolve line of PSP face plates, is gearing up to do something we haven't seen before - fur-themed faceplates. Yeah, you read that right. Cow and leopard-themed PSP faceplates with a fur-like finish will be available soon for $15 a hide."With the Talismoon upcoming range of Evolve 'Wild Jungle' edition for the PSP and Xbox 360, gamers will be treated to extreme levels of comfort thanks to a soft 'like fur' finish, as well as refreshing and unique new look," a press release stated. "Both sets of faceplates for PSP and Xbox 360 will come complete with everything needed for a pain-free install, and each fur faceplate pattern will be unique. Initial stocks will consist of a 'cow' or striking 'leopard' fur finish." I'm not totally sure I want my PSP feeling like a cow when I'm playing a game of Warhammer, but this is just so bizarre, I'm going to have to buy one anyway.[Via PSP-Vault]
