Distributed Tivo Cracking

[Pheran]

Just a heads up to let the DC forum know about a new and hopefully short (though it's looking worse now) project: distributed Tivo cracking. A group of Tivo hackers are attempting to brute-force the SHA1 hash of the Tivo backdoor password in a new version of the Tivo software. Note that this does not allow any theft of service from Tivo, but simply allows you to get into developer areas of the software to do some interesting things. See the Tivo Cracking thread for much more info. Get the Unix client or the Windows client to get cracking!

 

[dmcowen674]

This is a repost

and it still doesn't seem right somehow. Access to something you were not normally allowed to have access to, hmmmm.

 

[RaySun2Be]

Just what I was thinking Dave. Does this project have the sanction and approval of the TIVO companie(s)?

Does cracking the code violate the TOS?

 

[FoBoT]

if its ok to have the code, why don't they give you the code?
why does it have to be cracked ?
seems like stealing cable or something

"My cable box can get premium channels, i just don't want to pay for them" or some other skewed logic

are we misunderstanding this or is it warez/cracker type people trying to use DC for nefarious purposes?

somebody should contact the Tivo PR rep and see if they will issue a statement/press release

 

[RaySun2Be]

From what I've read, there are certain features that aren't accessable to anyone except through a "back door", which TIVO blocks access to using an encrypted password. This "project" is an attempt to crack that access code and allow entry through the back door. Earlier versions either weren't protected or had an easy to break encryption scheme. The newer version is using a harder encryption scheme, thus the need for a brute force method of cracking.

According to the TIVO service agreement, it reads to me like this "project" is something that would violate the service agreement, based on what I've read. Although there is a TIVO forum where the hacking of the code is openly discussed, so I'm not sure what the company TIVO's official stance on this matter is.

From the Service Agreement:
10. Using the TiVo Service. You may access and use the TiVo Service only with a product authorized to receive the TiVo Service and you agree not to tamper with or otherwise modify the TiVo DVR.

14. Any attempt to disassemble, decompile, create derivative works of, reverse engineer, modify, sublicense, distribute or use for other purposes either the DVR or software of this system is strictly prohibited, except as expressly set forth in Section 15 (?Open Source Software?).


Definitely sounds like something I would steer clear of, as the only benefit of this project is to crack a password put in place by TIVO in order to access functions that TIVO obviously doesn't want people to access.

It also doesn't sound like something Team Anandtech should participate in or endorse.

 

[joinT]

so you guys are against running Linux on the Xbox ?
IMHO if you buy something - it's yours, to screw with as you like.
Just don't go crying to TiVo if it get's broken.

 

[JHutch]

I think the difference here between the TiVo password cracking, and getting Linux to run on an X-box is this...

The TiVo password supposedly lets you have access to features of the "TiVo service" that you would otherwise not have access to. The service is separate from the hardware. If I am misunderstand here, please correct me.

Plus, while many here see nothing wrong with modifying your own purchased hardware (me included), there are legal issues (stupid DMCA) that make doing so perhaps iffy at best. And since a large number of people use their business boxes to crunching Distributed projects, that becomes a very BIG issue to them.

JHutch

 

[RaySun2Be]

Originally posted by: joinT
so you guys are against running Linux on the Xbox ?
IMHO if you buy something - it's yours, to screw with as you like.
Just don't go crying to TiVo if it get's broken.

What's this got to do with the xbox and Linux? We are talking about a distributed "project" to crack an encrypted password on a piece of hardware/software that is expressly against the TIVO service agreement. Running this kind of "project" could definitely be an issue with DCMA, TIVO, etc. and is unethical if not downright illegal.

I'm only talking about it as a distributing project. Not the kind of thing I believe Anandtech, or Team Anandtech, would endorse or recommend. In fact, threads that talk about cracks, hacks, key hacks, etc. of this sort are quickly locked by the Mods.

However, what you do with your own equipment is your own business.

 

[Pheran]

Originally posted by: RaySun2Be
Just what I was thinking Dave. Does this project have the sanction and approval of the TIVO companie(s)?

Of course not. Tivo has no official stance on Tivo hacking; they have certainly not expressed any support for it but they haven't condemned it either.

IMHO this question is absolutely ridiculous coming from the AT forum. Does Intel endorse or support overclocking? Does AMD support the release of information on how to unlock the multiplier on their chips by reconnecting the L1 bridges?

The Tivo Underground forum is dedicated to making Tivos more useful for their owners. They do things like figure out how to upgrade your hard drives with larger ones, or connect your Tivo to the network so you can schedule recordings via a web interface. As I said, they do not endorse theft of service from Tivo in any way, nor does this "backdoor" password allow you to steal service. In fact, as I understand it one potential use for the backdoor password is to enable a 30-second skip feature (handy for commercials). Tivo doesn't enable this by default since they're worried about offending advertisers.

The running XBox on Linux analogy was actually quite apt. Doing that is just as likely to violate the DMCA (if not more so, because you have to bypass the encryption protection that Microsoft has put in) than hacking this Tivo password.

Also, how is this a repost? Searching the DC forum for "Tivo" gets no hits.

EDIT: For some more info, read the Tivo Hack FAQ.

 

[FoBoT]

Originally posted by: Pheran
Also, how is this a repost? Searching the DC forum for "Tivo" gets no hits.

this thread -> http://subscriber.anandtech.com/messageview.cfm?catid=39&threadid=902694

Thread Title: New DC project?
Created On 11/02/2002 5:47 PM

 

[RaySun2Be]

The running XBox on Linux analogy was actually quite apt. Doing that is just as likely to violate the DMCA (if not more so, because you have to bypass the encryption protection that Microsoft has put in) than hacking this Tivo password.

Just my opinion, but I find a BIG difference in being able to set a few jumpers or change a setting in BIOS to get more cycles from a CPU and hacking an excryption scheme on the xbox, or trying to hack a backdoor password, that someone at TIVO doesn't want people to gain access to, otherwise they wouldn't be strengthening the encryption of the password in each release.

Besides, if I decide to OC my CPU, or hack into an xbox, that is an individual undertaking. It is my decision, my equipment, my consequences.

This TIVO "project" is involving lots of people to brute force attack an encrypted password.

To me there is a big difference. I definitely will not participate. To me it's unethical, if not illegal according to the service agreement and DCMA.

The DC projects up to this point, have either had a scientific, mathmatic, or biological benefit to them, all sponsored, all supported and sanctioned, legal and above board. Even with that, there have been issues with lawmakers.

If TIVO was sponsoring this contest to test their encryption, sure, great go for it. Until then, I don't think it is right to do and promote here as a valid DC project.

What you do as an individual is your choice.

 

[Smoke]

In fact, as I understand it one potential use for the backdoor password is to enable a 30-second skip feature (handy for commercials). Tivo doesn't enable this by default since they're worried about offending advertisers.

S-P-S-3-0-S (1.3, also 2.5, not 2.0 or 2.01) - Toggles 30 second skip mode. This turns the Skip to End button into a 30 second skip button

This has been available for sometime and I don't know anything about a "backdoor password".

 

[FoBoT]

Originally posted by: RaySun2Be
Besides, if I decide to OC my CPU, or hack into an xbox, that is an individual undertaking. It is my decision, my equipment, my consequences.

This TIVO "project" is involving lots of people to brute force attack an encrypted password.

To me there is a big difference.


What you do as an individual is your choice.

that is the difference to me, the fact that it has been turned into a DC project, i am worried that it will give the wrong impression about DC in general

there are already too many corporate managers/security people that view DC in a bad light, they think that DC clients are backdoors and security risks
making a DC client that is specifically trying to crack a password like in this case will just give them ammo/fuel the fire against DC in corporate environments, IMO

 

[Pheran]

Originally posted by: FoBoT

Originally posted by: Pheran
Also, how is this a repost? Searching the DC forum for "Tivo" gets no hits.

this thread -> http://subscriber.anandtech.com/messageview.cfm?catid=39&threadid=902694

Thread Title: New DC project?
Created On 11/02/2002 5:47 PM

Oh well, I take no responsibility for the poor subject choices of other posters.

 

[Pheran]

Originally posted by: Smokeball

In fact, as I understand it one potential use for the backdoor password is to enable a 30-second skip feature (handy for commercials). Tivo doesn't enable this by default since they're worried about offending advertisers.

S-P-S-3-0-S (1.3, also 2.5, not 2.0 or 2.01) - Toggles 30 second skip mode. This turns the Skip to End button into a 30 second skip button

This has been available for sometime and I don't know anything about a "backdoor password".

You're right Smokeball, I was confused - that's one of the things in the backdoor FAQ that doesn't require the password. However, another interesting thing you can do that does require the backdoor password is actually change the speed of each level of fast forward/reverse and the amount of "overshoot correction" (the automatic jump backwards after fast forwarding) in case you don't like the default settings. You can also enable "Advanced Wishlists" in some versions, which allows you to create wish lists with more complex searches.

This thread has lots of info about the backdoor functionality.

 

[ViRGE]

Originally posted by: Pheran

Oh well, I take no responsibility for the poor subject choices of other posters.

Hey!

 

[JHutch]

Well, personally, I don't have a problem with individuals hacking their X-box and TiVo's. Go for it. However, I won't endorse a project to crack the password, because of the DCMA. Personally, I think the DCMA is steaming pile of donkey doo, but it is a law that has some nasty consequences. If you were to try this project out on a company box and someone found out and complained to your boss, you'd very likely get fired. Looking for aliens or checking out drug candidates, while not exactly job-related for most people, isn't illegal.

In short, do I hope someone hacks both the X-box and the TiVo? Yeah. The geek in me thinks that is a great idea. Do I want my computers (or by extension TA) involved? No, not really. The father who has to provide for his family in me thinks its a bad idea.

JHutch

 

[JHutch]

As I read back through, those of us naysaying this look like we are showing our age... Ray and I have kids and family to worry about (granted MyFluffy is a BIT older than my 2 year old maniac) and I think that colors our perceptions quite a bit here.

JHutch

 

[dmcowen674]

I don't think as a close online Community we have had to make any kind of a public statement other than what everyone did in rallying for me in my case but I think unless we hear directly from the Tivo Corporation that they endorse the project that is now apparently taking place related to their product that the TeAm should Officially state that TA does not condone that project in any way and respectfully ask for a sticky for this thread in stating that fact.

David McOwen

PS - Of course after a majority vote of concensus of aggremment on that here.

 

[Pheran]

Originally posted by: JHutch
As I read back through, those of us naysaying this look like we are showing our age... Ray and I have kids and family to worry about (granted MyFluffy is a BIT older than my 2 year old maniac) and I think that colors our perceptions quite a bit here.

I don't know JHutch, I bet I am older than both of you. No kids though.
I certainly agree that the DMCA is a bunch of crap.

 

[JHutch]

Hey, someone is claiming to be older than Ray... Didn't think that was possible!

Hey, Ray, some whippersnapper is trying to lay claim to your cane-o-whacking!

JHutch

 

[RaySun2Be]

Originally posted by: JHutch
Hey, someone is claiming to be older than Ray... Didn't think that was possible!

Hey, Ray, some whippersnapper is trying to lay claim to your cane-o-whacking!

JHutch

They can be older than me, but thay ain't gettin my cane-o-whackin!



I too agree that the DCMA sucks!

 

[Freewolf]

I thought Smokeball was the only living person old then Ray

 

[rbV5]

This seems to violate the spirit of legitimate DC projects IMHO, projects that are for the common good are what attracted me to DC in the first place...this kind of project ranks with cheating SETI as far as I'm concerned..it can only be a black eye for the DC community.

 

[Smoke]

I thought Smokeball was the only living person old then Ray

I think that is true as far as the DC Forum is concerned. There is still only one entry in my category in the Poll: How old is the DC community? thread. :Q

But I don't need a cane .......... yet!