Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Murdoch's Hacker Speaks Out

kdawson posted more than 6 years ago | from the all-for-pay dept.

Security 86

This article from a Swiss newspaper recounts the appearance of Christopher Tarnovsky at the European Black Hat conference (link is to a Google translation of the French original). Next month Tarnovsky will testify in a lawsuit brought by a maker of satellite TV encryption systems (Kudeslki) against an Israeli company (NDS), for whom Tarnovsky worked until recently. (NDS is owned by Rupert Murdoch's News Corp.) While with NDS, Tarnovsky cracked Kudeslki's crypto, but claims he didn't post the result on the open Net. His responses to audience questions are amusing, in particular when someone from Microsoft asks him about breaking the Xbox 360 console. Tarnovsky replies (in the translation): "I have been offered 100,000 dollars for the break, but I replied that it was not enough."

cancel ×

86 comments

Sorry! There are no comments related to the filter you selected.

Cheapskate (3, Funny)

that_itch_kid (1155313) | more than 6 years ago | (#22919158)

"I have been offered 100,000 dollars for the break, but I replied that it was not enough."
Any 4 year old can break an XBox 360 with their own toys. Tonka trucks > all.

Twofo buttplugged (-1, Troll)

Anonymous Coward | more than 6 years ago | (#22919190)

Twofo [twofo.co.uk] is Dying is Dying

It is official; GNAA [www.gnaa.us] confirms: Twofo is Dying is Dying

One more crippling bombshell hit the already beleagured slashdot trolling community when Google confirmed that Twofo troll posts had dropped yet again, now down to less that a fraction of 1 percent of all slashdot posts. Coming hot on the heels of a recent usenet survey which plainly states that Twofo trolling frequency has fallen, this news serves only to reinforce what we've known all along. Twofo trolls are collapsing in complete disarray, as fittingly exemplified by failing dead last in a recent digg.com comprehensive trolling test.

You don't need to be one of the Slashdot moderators to predict Twofo Trolling's future. The writing is on the wall: Twofo trolling faces a bleak future. In fact there won't be any future at all for Twofo trolls because Twofo trolling is dying. Things are looking very bad for Twofo trolls. As many of us are already aware, Twofo trolling continues to decline in popularity. IP bans flow like a river of firewall rules.

"Twofo is Dying" trolls are the most endangered of them all, having lost 93% of their core posters. The sudden and unpleasant departures of long time trolls Daz and xyzzy only serve to underscore the point more clearly. There can no longer be any doubt: Twofo trolls are dying.

Lets keep to the facts and look and the numbers.

Twofo Trolling leader Echelon states that there are about 7000 "twofo is dying" trolls. How many "Zeus sucks cock" trolls are there? Let's see. The number of "Zeus sucks cock" trolls versus "Twofo is dying" trolls on slashdot is roughly in the ratio of 5 to 1. Therefore there are about 7000/5 = 1400 "Zeus sucks cock" trolls. "Fuck twofo" posts on slashdot are about half the volume of "Zeus sucks cock" posts. Therefore there are about 700 trolls specialising in "Fuck twofo". A recent article put "destroy twofo" at about 80% of the twofo trolling community. Therefore there are about (7000+1400+700)*4 = 36400 "destroy twofo" trolls. This is consistent with the number of "destroy twofo" slashdot posts.

Due to the troubles at Twofo, abysmal sharing, ITS, lack of IP addresses and so on, "destroy twofo" trolls stopped posting altogether and were taken over by "Zeus sucks cock" trolls who specialise in another kind of slashdot posting. Now "Zeus sucks cock" trolls are also dead, their corpses turned over to yet another charnel horse.

All major surveys show that Twofo trolls have steadily declined in slashdot posting frequency. Twofo trollers are very sick and their long term survival prospects are very dim. If Twofo trollers are to survive at all it will be among hardcore slashdot posters, hellbent on Twofo's destruction. Twofo trolls continue to decay. Nothing short of a miracle could save Twofo trolls from their fate at this point in time. For all practical purposes, Twofo trolls are dead.

Fact: Twofo trolls are dying

Re:Cheapskate (1, Interesting)

Nerdfest (867930) | more than 6 years ago | (#22919614)

I can't imagine who'd pay large amount to break the protection on a console ... a competitor, perhaps? Hasn't the 360 already been somewhat cracked anyway?

Re:Cheapskate (1)

sumdumass (711423) | more than 6 years ago | (#22919774)

I can see it happening. I wouldn't personally do it but there are people who would view it more as a chance to slap MS then getting unrestricted access to the console. Some people are just like that I guess.

  I suspect that the 100,000 might be a collection from different sources with the goal of enticing people who might have the ability to accomplish the tasks. But I think the motivator is to slap MS.

Re:Cheapskate (1)

kesuki (321456) | more than 6 years ago | (#22922912)

"Hasn't the 360 already been somewhat cracked anyway?"

only the HDD, only the HDD.

there are guides on how to copy movies to the 360's hd via Xsata etc, but they haven't gotten a way to say backup game discs to the 360's hd yet, or to put in a mod chip so you can play games backed up to hd-dvd-R discs.

the former is a better goal, more useful than the latter, after all the current crack lets you offload to a PC that could have an array of 750GB HDDS or something like that. HDs are way cheaper than hd-dvd-r's anyways.

Re:Cheapskate (1)

kesuki (321456) | more than 6 years ago | (#22923134)

I'm going to take that back, there ARE mod chips, but any game that doesn't fit on a single DVD isn't going to work (the only modchip/programs i've seen are for DVD sized games) and it's a very painful 4 step process that requires about 7 programs total, and 3 hacks against the x-box 360 itself to do it all.

I know the original Xbox had a single disc compromise that would let you backup and play games from the Xboxes HDD , without needing a mod chip or anything but i don't see that yet for the 360 (at least it's not on page 1 of the google search i did)

no modchip installs are practically a requirement nowadays, you have to have special tools to modchip a modern console, and with ROHS compliance they can make EVEN smaller more close together solder points, that are impossible to solder to with lead solder. then you need to REALLY struggle to figure out how to solder on a mod chip, because it's not easy to get the right temperature point for lead free solder.

the last console i had steady enough hands to mod was the original playstation... now you need special tools even if you have the hands of a surgeon...

although you can always use microscopic needles instead of solder but that has it's own problems, where to insert them, will they hold right, will vibrations shake them loose, will they cut through the circuit board and hit a second lead frying out the system...

external mod solutions are the only viable 'mod' solution left IMO and I'd prefer a disc based one...

Re:Cheapskate (1)

Actually, I do RTFA (1058596) | more than 6 years ago | (#22923596)

I'm going to take that back, there ARE mod chips, but any game that doesn't fit on a single DVD isn't going to work (the only modchip/programs i've seen are for DVD sized games)

That's fine, becaue the only games I've seen are DVD-sized games. The HD-DVD addon was only for movies. And now even that is dead.

Re:Cheapskate (1)

kesuki (321456) | more than 6 years ago | (#22925542)

then i would imagine that they would stop using HD-DVD capable drives in the xbox 360 to save manufacture cost?

that would have to save a significant cost for making new consoles if no games now or ever will use HD-dvd

Re:Cheapskate (1)

LrdDimwit (1133419) | more than 6 years ago | (#22924652)

If you wanted to go into business selling mod chips, you need to hire guys like this.

Don't you know? (1)

GameboyRMH (1153867) | more than 6 years ago | (#22920096)

Tonka trucks are made of plastic nowadays.

Re:Cheapskate (1)

electrosoccertux (874415) | more than 6 years ago | (#22928370)

"I have been offered 100,000 dollars for the break, but I replied that it was not enough."
Any 4 year old can break an XBox 360 with their own toys.

Tonka trucks > all.
I wonder if this means it would take over 3x the work for him to crack it, or if it's only not enough because the benefit to the buyer (MS) is much greater than $100k. IE, with MS's Xbox360 install base, they should be willing to pay a lot more than that.

Or maybe only 5 euros doesn't float his boat. :D

Re:Cheapskate (1)

Greivetimus Prime (1265114) | more than 6 years ago | (#22931524)

I am a professional at it with a hammer.

Reverse engineering genious (5, Informative)

Anonymous Coward | more than 6 years ago | (#22919216)

For those interested, his companies blog is http://www.flylogic.net/blog/ [flylogic.net] Pretty interesting stuff...

Re:Reverse engineering genious (5, Informative)

dascritch (808772) | more than 6 years ago | (#22919310)

For more comprehension about the story : Canal+ (main pay-channel in France, and very big group in pay sat tv) accused Murdoch to have helped hacking its signal. It was during the commercial aggressive war between TelePiu (Canal+ in Italy), Canal+España, Premiere and other subsets agains BskyB and other Murdoch's companies

Re:Reverse engineering genious (3, Informative)

dascritch (808772) | more than 6 years ago | (#22919318)

Oh... Just one thing : European countries are very small, and Movies/Sport rights are sold by countries. That means that if you want BskyB in France, you can't except by a portage via an UK address. Or if you are living in North Africa (french-speaking), you can't have Canal Satellite (Canal + sat tv operation), but a stripped down for Africa market... If there is a distribution system in your country (By example, Algeria during its troubled 1990s, was a big pirated viaccess "consumer").

Re:Reverse engineering genious (2, Interesting)

mrtom852 (754157) | more than 6 years ago | (#22919392)

European countries are very small, and Movies/Sport rights are sold by countries. That means that if you want BskyB in France, you can't except by a portage via an UK address
Isn't this against EU law?

Re:Reverse engineering genious (1, Interesting)

jimicus (737525) | more than 6 years ago | (#22919688)

Isn't this against EU law?

Very likely, but Murdoch runs a large company and like most large companies the law is what they say it is unless and until ordered otherwise by a court.

Re:Reverse engineering genious (1)

innerweb (721995) | more than 6 years ago | (#22919952)

Very big companies listen to courts? I thought all they listened to were threats at gunpoint.

InnerWeb

Re:Reverse engineering genious (1)

Dunbal (464142) | more than 6 years ago | (#22920194)

and like most large companies the law is what they say it is unless and until ordered otherwise by a court.

      And then they can just ignore the multi-billion dollar fines, a la "Microsoft"...

Re:Reverse engineering genious (3, Informative)

blowdart (31458) | more than 6 years ago | (#22919762)

Well partly satellite footprints take care of this, but no, it's not illegal because broadcasters purchase rights per country, and it would be illegal for them to allow viewing outside of that country. Indeed there's an entire directive, 93/83/EEC over this. Copyright and licensing trump the free movement of goods.

Re:Reverse engineering genious (1)

StikyPad (445176) | more than 6 years ago | (#22923536)

I recognized most of those words as English, but I still have no idea what you just said.

Re:Reverse engineering genious (1)

chrb (1083577) | more than 6 years ago | (#22925064)

NDS was accused of cracking the ITV Digital cards in the UK shortly after the released of terrestrial digital TV. NDS UK alledgedly posted the crack on a pay-TV hacking web site (House of Ill Compute) which it had some shady financial links to. This led to widespread counterfeit cards, and was blamed for the financial collapse of ITV Digital. The major beneficiary of the ITV Digital collapse was the other pay-TV service launching at the time - Sky Digital, which was, funnily enough, also owned by Murdoch. Shady stuff. (source [guardian.co.uk] )

Shortly before the Sky Digital release Boris Floricic (aka Tron) gave a talk at a conference in the Netherlands on cracking pay-TV smart cards, and mentioned how much he was looking forward to the upcoming released of Sky Digital for a new challenge. A few months later he was found hanging dead in a park - supposedly going missing for five days, and then killing himself. The timing was very suspicious. Sky Digital remains uncracked.

Re:Reverse engineering genious (-1, Redundant)

Anonymous Coward | more than 6 years ago | (#22919628)

It's a fascinating blog for sure. They're the people Bunnie Huang use for his chip reverse-engineering.

Trial date (2, Interesting)

Anonymous Coward | more than 6 years ago | (#22919668)

The trial begins April 8 2008 , details on Pacer 8:2003cv00950

Most info on this trials documents has been sealed or blacked out like a UFO conspiracy
mostly to protect the outlandish claims of Echostar and their consultants from public
embarassment

Its all lies and soon the trial will reveal everything, this lawsuit loss and the 100 million or so they
owe Tivo after losing that lawsuit will be the final nail in Echostar's coffin.

JJ Gee enjoy your retirement.

first? (2, Funny)

Anonymous Coward | more than 6 years ago | (#22919228)

Damn... no comment yet. Now i really have to actually read the article.

Sky TV uses Linux (5, Informative)

Anonymous Coward | more than 6 years ago | (#22919238)


in their set-top boxes in the EU/UK but they wont reveal the source code (try google'ing it or looking at their site you wont find it),
probably because you could decrypt the encryption on the Satellite stream,
shame that some companies (like murdochs) see Linux as free meal ticket and refuse to contribute anything back

still a GPL violation has never bothered billion dollar companies before, "i got mine screw you" seems to be the mantra of businesss/society thesedays

Re:Sky TV uses Linux (5, Insightful)

LiquidCoooled (634315) | more than 6 years ago | (#22919252)

If you can break the encryption by looking at the code, then they are doing it wrong.
The formula is not important and a good encryption algorithm should be free.

The key used is the protected part and should not be a part of the source code.

Re:Sky TV uses Linux (5, Informative)

Computershack (1143409) | more than 6 years ago | (#22919340)

If you can break the encryption by looking at the code, then they are doing it wrong.
The formula is not important and a good encryption algorithm should be free.

The key used is the protected part and should not be a part of the source code.
You can't break it by looking at the source code because the key is stored on a smart card which itself is then encrypted by hardware built into the card and in addition is tied to the serial number of the Sky card and the serial number of the box. It's not as simple as being able to read a PIC 16C84 and program a homebrew card anymore. Nobody has managed to break this in several years as we're still on the same generation of smart card because Sky were renown for issuing new editions once the old one has been cracked and we've not had new ones for years. They've obviously found a very successful way of safeguarding their service. If someone has found a crack they've kept very quiet about it.

Re:Sky TV uses Linux (0)

Anonymous Coward | more than 6 years ago | (#22919414)

While you are most probably right, it doesn't mean that the company doesn't publish the source because they THINK someone will break the encryption. Sigh...

Re:Sky TV uses Linux (1)

NotQuiteInsane (981960) | more than 6 years ago | (#22919912)

Quick point about DVB and most CA systems -- you generally have three keys. The Control Words (two 64-bit keys with embedded checksums) roll every 10 seconds or so and are used to decrypt the video itself. An ECM key decrypts Entitlement Control Messages, which contain an encrypted version of the CWs. Lastly, the EMM key decrypts Entitlement Management Messages, which update the ECM keys (among other things).

Now if you know the card protocol, you can put a monitor on the smart card bus between the set-top box and the card, and sniff the control words as they go over the link. Then you can use freely-available software combined with the CWs to decrypt the video, or make a fake card that spits the CWs back at the receiver. One of the old Sky VideoCrypt (analogue video CA with a line-cut-and-rotate scrambler) hacks did this -- basically you recorded the encrypted video, then waited for someone to upload the CW file. Then you played the video back through the VideoCrypt decoder, with a PC connected to the card slot feeding control words back to the box to decrypt the video.

The other thing they don't want people doing is sharing cards -- same idea as above (saving and replaying the CWs), but done in real time over the Internet.

Re:Sky TV uses Linux (0)

Anonymous Coward | more than 6 years ago | (#22920402)

Now if you know the card protocol, you can put a monitor on the smart card bus between the set-top box and the card, and sniff the control words as they go over the link.
Most modern cards from NDS encrypt the CW before sending it. It's decrypted in the STB in the same physical chip which contains the descrambler (no buses to tap...)

Re:Sky TV uses Linux (2, Interesting)

Anonymous Coward | more than 6 years ago | (#22919720)

Cracks are dead easy, just pay 20K to have the card shaved, and a scanning microscope to read the bus signals - then a lot of time for analysis. Or if really well heeled, and ion deposition scope to repair cut debug circuitry (Cambridge University has good researchers). This is a little more than the seed capital to some. If its hardware, it is breakable, no buts. Many smart people could have done it, especially disgruntled shareholder(s) or media /program buyers, or someone making a play on shorting. No end of suspects. Releasing the hack - not likely, you can make money both ways. Big players always compartmentalize their research stages/ efforts, while the juniors are paid to leave 'turnkey' systems behind. Wild stab in the dark prosecution based on hunches, should be summarily dismissed, with very large costs to discourage pin the tail on the donkey games.

Re:Sky TV uses Linux (1)

Z34107 (925136) | more than 6 years ago | (#22923092)

I'm guessing if you were "really well heeled" you probably wouldn't be as interested in stealing satellite.

Either that, or you're really bored...

Re:Sky TV uses Linux (1)

comm2k (961394) | more than 6 years ago | (#22919742)

Nobody has managed to break this in several years as we're still on the same generation of smart card because Sky were renown for issuing new editions once the old one has been cracked and we've not had new ones for years. They've obviously found a very successful way of safeguarding their service.
I think not much people want to crack it (anymore) as the service can be accessed by other means (not cracked but circumvented).

Re:Sky TV uses Linux (0)

Anonymous Coward | more than 6 years ago | (#22919838)

The reason they're still on the same generation of smart card is not because nobody's been able to crack it. Modern cards can be reprogrammed by the decoder, so they just send out a firmware update for the card over the air.

Re:Sky TV uses Linux (5, Insightful)

demallien2 (991621) | more than 6 years ago | (#22919356)

Lol, you are a GENIUS! Why didn't anybody think of that before?!?!?

Or, we have thought of it, it's just not as easy as you think. The problem is that the decoder has to have the key, otherwise the paying client can't watch TV. A pirate reverse engineers the decoder to find the key. The defence against this type of attack is to try and hide the key - one solution is to hide the key in hardware - the smartcard option. Another is to hide the code in software, using code obfuscators, virtual machines, whiteboxes. The final option is to obtain the key from a server, using two-way comms.

None of these solutions is fullproof, the first two choices are just security through obscurity - they can, and will, be hacked given enough time/incentive. The third option is problematic because what happens if the key server goes down? Plus, you need to have a whole head-end server infrastructure to support the solution, which the operators don't like. I know, I implemented the client half of such a system for a major content protection company a couple of years back.

Re:Sky TV uses Linux (2, Interesting)

jimicus (737525) | more than 6 years ago | (#22919706)

Or, we have thought of it, it's just not as easy as you think. The problem is that the decoder has to have the key, otherwise the paying client can't watch TV. A pirate reverse engineers the decoder to find the key. The defence against this type of attack is to try and hide the key - one solution is to hide the key in hardware - the smartcard option. Another is to hide the code in software, using code obfuscators, virtual machines, whiteboxes. The final option is to obtain the key from a server, using two-way comms.

Don't modern Sky digital boxes have a telephone connection?

I reckon a nice easy partial solution would be to tie the smartcard's key with the serial number of the box in a database back at head office. Then if two boxes reported different serial numbers but the same smartcard, you disable it.

Forces the attacker to attack the box as well as the smartcard.

Re:Sky TV uses Linux (1)

demallien2 (991621) | more than 6 years ago | (#22919786)

And I, as a big bad pirate, will just make sure that my box doesn't call home on the return channel by unplugging the phone line, or putting in a firewall between the decoder and its head-end.

So then what you need to do is make it so that my box doesn't work UNLESS I call home, for example it needs to call home to get the key in the first place. This is the key server that I mentioned above, with the inconveniences that go along with it.

Re:Sky TV uses Linux (1)

jimicus (737525) | more than 6 years ago | (#22919976)

Two things I am fairly sure of:

1. It has a built-in modem and uses an analogue phone line. You'll need to set up a box with an FXO port to defeat it; it's not as simple as firewalling ports on your router.
2. It refuses to operate if it can't phone home for any length of time.

These things have been properly thought through, y'know.

Re:Sky TV uses Linux (5, Interesting)

demallien2 (991621) | more than 6 years ago | (#22920250)

Yes, yes they have. Not by you though, apparently.

Jiminicus, my job is to crack decoders. Well, at least half the time. The other half is spent designing systems to make the cracker's life difficult, by blocking the attacks that I have used myself.

For example, with your scheme, I would reverse engineer the official decoder, and then patch the code that checks the return code, so that the check always returns TRUE. Now, that can be defeated by making it so that the value returned by the server is actually a key. My next attack would then be to try and convince the server that I am a real official decoder, and that it should give me the key. Unless care is taken, I could probably get the necessary information for this by launching a man-in-the-middle attack on an official decoder.

The typical defence against this attack is to protect the link by using certificates signed by the encryption provider, and linked to the decoder's serial number. As a pirate, I then just extract the official certificate either from the decoder itself, or from the conversation of a real box. I can then clone the certificate/identity of the decoder, and the server will talk to me as though I'm a real decoder.

The response to that attack is to verify that there are not two decoders connected at the same time that use the same identity. But this is not as simple as it sounds. For performance reasons, servers are distributed to handle different 'parks' of decoders. But I have to maintain a synchronized list of currently logged in decoder identities across all servers. This is a definately non-trivial task, or at least that's what my collegues that work on the head-end code tell me.

Other options for a cracker include trying to find a way to compromise the head-end server, and then poke around on it to dig up signing certificates and other good stuff to circumvent the protection. Or he might launch a denial of service attack - most server solutions have a 'degraded' fall back mode where the TV signal is encrypted with a key kept locally in the decoder, to be used if the key servers fail for whatever reason. That key can of course be extracted by the traditional means.

Believe me, many, many, many people have tried to come up with solutions to this problem. The server approach that I have just outlined is the most secure that we have found to date, but as I have also described, it has problems too. Not to mention that it is expensive/complicated to implement.

Re:Sky TV uses Linux (1)

tqbf (59350) | more than 6 years ago | (#22923904)

Which is why modern smartcard-protected systems don't have trivial boolean checks; they use the card as an encryption server to decrypt data necessary to access the stream. There is no opcode byte you can patch to bypass the card, because the card is mathematically inline with the stream. It sure sounds like the systems you work on are easy to beat. The P(n) DirecTV cards, not so much.

Re:Sky TV uses Linux (1)

demallien2 (991621) | more than 6 years ago | (#22928050)

You're not paying attention. In my previous post, I was describing attacks against a server-based protection scheme, not a card-based protection scheme. But if you read all of the posts on this topic, others have already pointed out how to attack cards - there are physical means to get inside the card, and watch what is happening on its internal bus. Sure, it's out of the reach of a bored teenage hacker, but the pros have the necessary equipment.

Also, the prvious post was in reply to Jiminicus, who apparently has no idea of the history of the content protection industry. I started out from a very simple system, patchable by changing a boolean value, to a system where i needed to convince the server to give me the key I needed - in other words, from doing a boolean check to needing to obtain some information from the content protection system, which is the direct equivalent of your idea. I was showing, in one post, the evolution of pirate attacks against systems over time.

But basically you are right, in every system produced since smartcards began, you pass an encrypted control word to the smartcard, and the smartcard gives you the decrypted control word. you can't just patch around that. But as I have already mentioned, there are attacks to obtain the keys inside the card. Or, another popular attack in these internet-enabled times, is simply to buy a rack of decoders with cards, and stick probes on the interface between the card and the decoder. You grab the decrypted control words as they pass, and stick them on a server on the Internet. Then there is a little module that can be inserted in the place of a smartcard in a normal decoder, which basically retrieves the control words from the server. Voilà, system breached again.

That attack is protected against by encrypting the link between the CPU in the decoder, and the smartcard. The decrypted control word never appears on an external bus. These systems are very hard to manage though, as you need to lock the card to the secure chipset on the decoder's motherboard, which is done by getting the two systems to exchange a key. This exchange has to be done whilst following a secure protocol. The system is very brittle, and it is very easy to finish up with a dead decoder/smartcard, which is a logistical nightmare.

Another solution is to do this encryption in software, which happens to be my current project. Of course, software protection can be reverse engineered, so the trick is to make that software easy to update, so you change the encryption algorithm every month or so.

So yes, the systems I work on are probably every bit as hard to crack as the DirecTV system you talk about. And yes, I'm aware of the various counter-attacks used by most content protection providers, such as NDS, Irdeto, Viaccess, Nagra, and friends. I helped design some of them.

Re:Sky TV uses Linux (0)

Anonymous Coward | more than 6 years ago | (#22924748)

to synchronize the fact that a decoder already exist in system is pretty easy, 1 more box in system to do-it just as in any server system with restrict access. have code per user, ad a variable, 0 out, 1 in, each time checks out for a key get a 1 , set-up time restriction on next key, etc, how hard is to get 1 box to do login checks... (i do server security and configuration works sometimes, some really are freaking out on security, for some having same login and pass is enough...) but if there really are gaps in system and problems because of multiple login session, then disable this option )

for multi-user same house, use 2 different accounts, don't get cheap on resources... setting up 2 identical cards bring up more problems then solutions...

anyway, think is, is no so easy to close all the doors absolutely to a system and have-it running fast and smooth for tens of thousands users

idea is that, even if they experience looses on hacks on system, the big base of paying costumers cover up more then enough of the service providers to keep shut about and not to push negative publicity upon them, and those few hundreds(or more) illegal users of system just make the company push on with developing of system, and get a few good extra salaries for those who push buttons for the glory of all (us programmers)

all take a bow here :)

Re:Sky TV uses Linux (0)

Anonymous Coward | more than 6 years ago | (#22927048)

There's one glaring vulnerability to the DVB standard which makes any security system built on top of it entirely useless.
I've been on both sides of the fence, and if there's anything I noticed is the almost complete disconnect between the people creating security and their understanding of where the weakest links are.

Posted as a coward to protect the innocent.

Re:Sky TV uses Linux (1)

Glyndwr (217857) | more than 6 years ago | (#22920936)

You're half right. They have analogue modems in, yes, but the box itself doesn't give a monkeys if it's plugged in or not. My SkyHD has never been plugged in and has been working A-OK for months. The box tries to dial out at 3am each day and silently fails.

Time was, if they scanned their server logs and noticed your box hadn't dialled in for a while, they wrote you a letter and shouted at you. This is because they log all your TV watching habits and sell them on to a ad firm who are a wholly owned subsidary of News Corp; you can escape that clause by paying £25 but Sky don't seem to enforce this any more. I've had no contact from them in months.

Finally, there is Multiroom, where you can rent a second Sky card (with all the same channels as your primary card) at a steep discount as long as you keep them at the same address. Here Sky do care about the dialup, as they use the caller ID logs on the call requests in to make sure you haven't sold your second content card on to a mate. They get very unhappy if you unplug a multiroom box from the phone line.

In any event, the dialup plays no part in the content decryption.

Re:Sky TV uses Linux (1)

jimicus (737525) | more than 6 years ago | (#22921430)

Fair enough. I was just outlining what could be done using a very little knowledge - what is done is something else altogether.

AIUI people who live in military-owned houses have caller ID disabled on their line and it can't be re-enabled - presumably they can't have multi-room?

Re:Sky TV uses Linux (1)

Glyndwr (217857) | more than 6 years ago | (#22921626)

I bet that is the case, yes. I do know that if your BT phone line defaults to not sending caller line ID, you need to tell the Sky box the call prefix to make it come back on for the dial out call -- the entire system is literally tied to the caller ID and nothing else. If you have Multiroom it's strictly non-negoitable, you must have a phone line, it must be plugged in, it must send caller ID.

I also strongly suspect this is why they still use a built-in modem and not the Ethernet port. It'd clearly be preferable in this day and age to just wireless hook the Sky box to your free wireless Sky router, but they couldn't then guarantee the two Multiroom cards were at the same address. It'd be too easy for me to sell you my second card and use some manner of IP tunnel to ensure that when your box connects out, it does so from my address. Sky are none the wiser, except they've just lost half their rental revenue.

Re:Sky TV uses Linux (1)

wolrahnaes (632574) | more than 6 years ago | (#22922300)

It's still not rocket science to "tunnel" the modem traffic with VoIP over to the location it's supposed to be. Hell, depending on how much of the system you control you can even spoof the CID and not have to tunnel it.

Re:Sky TV uses Linux (1)

jimicus (737525) | more than 6 years ago | (#22923642)

No, but intercepting and tunnelling the modem traffic would require an FXS-card equipped PC - not exactly common, cheap consumer hardware - to defeat.

In this day and age, it's probably easier and rather less risky to just download what you want to watch through torrents. Though that probably wasn't the case when Sky Digital first came about.

Re:Sky TV uses Linux (1)

tepples (727027) | more than 6 years ago | (#22924080)

Don't modern Sky digital boxes have a telephone connection?
Even if they did, would you want your cable box to make a telephone call every time you change the channel?

Re:Sky TV uses Linux (0)

Anonymous Coward | more than 6 years ago | (#22919972)

That's stupid. No matter whether you publish the source code to the algorithm or not, the attacker will always have a) the box and b) the key, so if he's determined enough, he'll be able to figure it out no matter what.

Second, even if publishing the source code would hurt the vendor, that's not a valid reason for violating the GPL. In other words, boo-fucking-hoo - maybe if the vendor doesn't want to publish the code, they shouldn't have used GPL'ed software in the first place. It's not as if anybody forced them to do so.

Re:Sky TV uses Linux (0)

Anonymous Coward | more than 6 years ago | (#22920362)

I used to work at Kudelski. They provide head-end solutions, I too have worked on installs in the distribution centers. Reliability wasn't an issue - there are tools for things like that - 5 9's - redundancy - clustering.

Re:Sky TV uses Linux (0)

Anonymous Coward | more than 6 years ago | (#22927300)

Lol, you are a GENIUS! Why didn't anybody think of that before?!?!?
Or, we have thought of it, it's just not as easy as you think. The problem is that the decoder has to have the key,
No, the problem is that they are not releasing the modified source to the GPL software they are using, and the existence of a key, or even if the decoder has the key, has NOTHING to do with that.

What possible difference does it make for the security of the key, if they give out the modifications to the GPLed software?
This makes getting the key out of hardware more or less possible? no, it doesn't.
Either way, giving back their changes as the license requires, and the problem of protecting the key, have nothing to do with each other.

One problem is the software license. Another problem is hiding the key.
We were only talking about the first problem, which is easy for them to fix and be legal.

I don't know how you got moded informative at all.
Sure, your post was factually correct, but had nothing at all to do with the topic at hand or what anyone was talking about.
It would be like me replying to your post and saying only 2+2=4 and getting moded insightful for being correct.

Re:Sky TV uses Linux (5, Informative)

Anonymous Coward | more than 6 years ago | (#22919444)

No current BSkyB box uses Linux... they're all OS20, UCOS, Nucleus, or VxWorks.

Some prototype work is being done on Linux boxes, but they're not available yet.

Posting anonymously for obvious reasons...

Re:Sky TV uses Linux (1, Troll)

NotQuiteInsane (981960) | more than 6 years ago | (#22920008)

No current BSkyB box uses Linux... they're all OS20, UCOS, Nucleus, or VxWorks.
OS20 being STMicroelectronics' operating system for the ST20 chips?

Posting anonymously for obvious reasons...
Because you work for Pace? (well let's face it, there aren't exactly many companies making STBs for BskyB). :)

Re:Sky TV uses Linux (2, Informative)

jrumney (197329) | more than 6 years ago | (#22919492)

I presume you are talking about the Sky Broadband boxes, which are Netgear routers, for which Sky passes on the written offer to download the source from the Netgear website that Netgear provides to comply with GPLv2. While Sky has locked down their routers beyond what the standard Netgear firmware does, it is not clear that they have modified any GPLed source to do this, most likely all they have done is changed configuration files.

Given how strong Busybox has been in pursuing violations, I'd be surprised if Sky is violating the GPL on their boxes and getting away with it.

Encryption U R Doin it wrong (1)

amias (105819) | more than 6 years ago | (#22919526)

even a lolcat wouldn't rely on security by obscurity

Crypto patents and secrets are the reason (1)

StandardCell (589682) | more than 6 years ago | (#22919756)

All of these boutique conditional access companies (NDS, Nagra/Kudelski, Irdeto, Conax, etc.) have a big stake in developing their own unique flavors of crypto and security to avoid payment of royalties to various providers of security IP. Some examples are Certicom for elliptic curve public key and digital signature, Cryptographic Research Inc. for smart card differential power analysis. The truth is that there are only so many ways to accomplish what they're tasked to do, and the trade secret route is used as much as the patent route where they would not disclose key secrets. Yeah, security by obscurity is wrong, but they even have ways to fight this type of reverse engineering. Custom secure execution environments as found in Irdeto Secure Silicon, Nagra On-Chip Security, and NDS Trusted Secure Kernel are probably running very customized code and OS. Most of the non-secure part of the code is still Linux, but I doubt they even want that released just because the hooks may provide hints at attack vectors.

These conditional access companies are also going through extensive background and security checks of anyone working with the implementation of their systems, as well as hiding multiple root keys/certs in obscenely secure environments such as mountain vaults. Frankly, I don't blame them on this part since inside jobs have killed these guys in the past (AVR anyone?), but they'll also go through the trouble of de-capping and de-layering chips to find the secrets.

Ultimately, I have a strong feeling that the code may provide hints to either their proprietary system of security or what crypto they're using that would open them up to legal action. Consider that these guys would rather go up against a non-profit entity like the FSF as opposed to a more well-funded commercial company and will continue to take the risk. Then again, even the well-funded companies need tens of millions to reverse engineer these solutions, so why bother helping them out?

Re:Crypto patents and secrets are the reason (1)

jonwil (467024) | more than 6 years ago | (#22921854)

Why not simply use encryption algorithms that are free of patents like AES and RSA? Assuming the hardware is good enough (and unless the guys that design the smart cards aren't doing their jobs it should be) the fact that they are using a documented algorithim to perform encryption shouldn't matter.

Re:Crypto patents and secrets are the reason (0)

Anonymous Coward | more than 6 years ago | (#22928546)

According to NDS's CEO, Adi Shamir (the S of RSA) is still payed by NDS for consulting work.

Source: http://www.nds.com/worldvision/sixteen/pdfs/Abe_Peled_Interview.pdf [nds.com]

Re:Sky TV uses Linux (1)

sorak (246725) | more than 6 years ago | (#22920438)

in their set-top boxes in the EU/UK but they wont reveal the source code (try google'ing it or looking at their site you wont find it), probably because you could decrypt the encryption on the Satellite stream, shame that some companies (like murdochs) see Linux as free meal ticket and refuse to contribute anything back still a GPL violation has never bothered billion dollar companies before, "i got mine screw you" seems to be the mantra of businesss/society thesedays

IANAL, and I don't know about GPL version 3, but my understanding about GPL is that you can release a product that contains both open and closed software, and you only have to GPL the software that directly contains GPL code. (As opposed to that which was produced by GPL development tools, or that which runs on a GPL operating system)

Correct my if I'm wrong, but hasn't Red Hat been doing this for years?

Le translation (3, Funny)

ettlz (639203) | more than 6 years ago | (#22919264)

At the bottom. I don't think this is either the spirit or the intent of the original French but

Human reproduction and distribution reserved.

Re:Le translation (1)

onlau (1164843) | more than 6 years ago | (#22919412)

Google translates "Droits" (Rights) to "Human"!

Re:Le translation (1)

Mantaar (1139339) | more than 6 years ago | (#22919582)

Doesn't sound so absurd if you consider that Google's algorithm is based solely on stochastic measures, without applying too much linguistics. Like, dictionaries. They sure as hell have one, but it's probably only another weight in a complex system.

Unfortunately, that's the only link I could find regarding that 2005 contest which Google won. They're probably still the best... http://www.astahost.com/googles-translation-wins-hands-down-t11662.html [astahost.com]

There's a problem with the linguistics in computational linguistics:
"Every time I fire a linguist, the recognition rate goes up!" -- Jelinek, IBM 1988
Unfortunately, still true.
Of course, the linguist will tell you "there's a problem with the computational in computational linguistics". Nevermind that linguist. He's probably wrong :-P (beware of biting sarcasm).

Re:Le tranziggle (0)

Anonymous Coward | more than 6 years ago | (#22919870)

Doesnt sound so absurd if you playa thizzay Googles algorithm is based solely on stochastic measures, witout applyn too much linguistics n shit. Like, dictionizzles like old skoo` shiznit . One, two three and to tha four. They sure as hizzy hizzy one, but its probably only anotha weight in a complex system.

Unfortunatizzles thats tha only link I could find regardn thiznat 2005 contest which Google won . Yizouse a flea n Im tha big dogg. Theyre probably still tha best... http://www.astahost.com/googles-translatizzles [astahost.com] [astahost.com]

Thizzles a problem wit tha linguistics in computatizzles linguistics:
"Every tizzle I fire a linguist, tha recognizzle rate goes up!" -- Jelinek, IBM 1988
Unfortunatizzles still true.
Of course, tha linguist wizzle tizzle you "theres a problem wit tha computatizzles in computatizzle linguistics". Nevermind thizzat linguist in tha hood . Keep'n it gangsta dogg. Hes probably wriznong :-P (beware of bizzle sarcasm) . Death row 187 4 life.

Re:Le translation (1)

Tongsy (1188257) | more than 6 years ago | (#22919998)

These are not the Droits you are looking for *waves hand*

Re:Le translation (1)

Hanners1979 (959741) | more than 6 years ago | (#22919576)

Well, they don't have to worry about Slashdot readers breaching the first of those rules...

NDS sounds like a nasty company (3, Informative)

BadAnalogyGuy (945258) | more than 6 years ago | (#22919266)

http://osdir.com/ml/encryption.general/2002-06/msg00009.html [osdir.com]

Tarnovsky was in cahoots with another pair of hackers and when they turned state's evidence, one of them had a very unfortunate accident that left him dead.

Tarnovsky no doubt wants to get his profile as high as possible to make it more difficult to have an unfortunate accident himself.

Not for nothing, NDS comes from the same country that developed Kra Maga, a very vicious martial art based wholly on Cobra Kai's slogan.

Re:NDS sounds like a nasty company (0)

Anonymous Coward | more than 6 years ago | (#22919482)

Krav Maga was invented by a Haganah terrorist, and is basically a bunch of street fighting 'elevated' to a martial art.

If you meet someone that might be a practitioner of Krav Maga (look for the skullcap), the best thing to do is to get your retaliation in first, and leave them squealing like the evil Christkillers they are.

Re:NDS sounds like a nasty company (0)

Anonymous Coward | more than 6 years ago | (#22919632)

They sweep a lot of legs?

Re:NDS sounds like a nasty company (1)

Eli Gottlieb (917758) | more than 6 years ago | (#22920236)

Not for nothing, NDS comes from the same country that developed Kra Maga, a very vicious martial art based wholly on Cobra Kai's slogan.
Well yeah. It was invented for fighting off Nazis in Hungary, then moved to fighting off invading armies in Israel. It needs to be vicious.

Police? (2, Funny)

Max_W (812974) | more than 6 years ago | (#22919272)

I can break any door with a sledgehammer and an ax. Because I exercise regularly. But I does not mean I should or would.

Re:Police? (-1, Flamebait)

Max_W (812974) | more than 6 years ago | (#22919292)

Tarnovsky can put on the best body armor available, the best military helmet, and still I could get him with my old pneumatic air rifle, if he stands still and does not defend himself actively.

In this case the active defense is the law.

Kudeslki?! (2, Informative)

comm2k (961394) | more than 6 years ago | (#22919284)

Kudelski not Kudeslki.. :|

MOD PARENT UP!!! (0)

Anonymous Coward | more than 6 years ago | (#22919866)

http://www.kudelski.com/ [kudelski.com]

What a bunch of illiterate slashbots.

Break an Xbox? (5, Funny)

airencracken (993443) | more than 6 years ago | (#22919364)

Who needs this guy to break an Xbox, from what I've experienced, they're quite capable of breaking themselves.

Re:Break an Xbox? (1)

thatskinnyguy (1129515) | more than 6 years ago | (#22919860)

Hell! I got 3 for the price of 1 with the warranty!

Re:Break an Xbox? (1)

jandrese (485) | more than 6 years ago | (#22922172)

I've thought that the Red Ring of Death has turned out to be a fairly effective way of discouraging people from installing modchips. If you know you're going to have to send your console back to Microsoft at some point for repair, it's suddenly a lot more expensive to install a warentee voiding modchip.

Damn, I hoped.. (0)

Anonymous Coward | more than 6 years ago | (#22919604)

.. this was an interview with mr. Tartakovsky instead

It's OK because everyone else does it? (3, Interesting)

NotQuiteInsane (981960) | more than 6 years ago | (#22919640)

In his view, the lawsuit against NDS is an attempt to racketeering. "Of course I broke cards Kudelski, he begins annoyed. I was paid by NDS to do so. It's an activity that leads all companies in the sector. But why would I published these codes for free on the Net? I am not stupid, and I never had the intention to take that risk."

Interesting.. so AIUI all the CA (conditional access) vendors routinely break each others' systems. That's not surprising in itself (I'll admit to having learned a fair bit from reverse engineering other peoples' code). It does seem a tad unethical though, especially the alleged release of the code. I wonder if the code release was a decision made by upper management at NDS / News Corp (and it wouldn't surprise me in the least if that turned out to be the case). From the outside, this looks a lot like a protection racket... "Buy our system, because it would be an awful shame if your revenue stream were to be... terminated"

Re:It's OK because everyone else does it? (0)

Anonymous Coward | more than 6 years ago | (#22925472)

A very short history of Kudelski, including present situation.

Note that it was DTVs F, H, Hu cards that were used by the satellite hackers, prior to the introduction of the P-series cards which remain unhacked.

Dates
  • Sep 00 - Nagravision v1 hacked using rom2. Each (rom3-rom11) card update is to expand the functionality of the hardware, or to increase security, however all of them decrypt the same basic code. The cat is out of the bag, and they are limiting is the amount of hardware which can be hacked.
  • Feb 04 - Blackbird FTA is released which can be updated with modified firmware to decrypt Dish/Bell satellite. The FTA is "legal" because its original intent is used to receive unscrambled television. FTA use explodes because it is extremely easy compared to a card. A simple serial cable (later USB drive, or internet updates) is all that is required update the firmware to receive all the channels.
  • May 05 - Bell activates Nagravision v2, starting with premium (PPV/Porn) then moving to all channels.
  • Jun 05 - Bell completes its swap to new cards capable of decrypting Nagravision v2.
  • Jul 05 - Dishnet activates Nagravision v2, starting with premium channels.
  • Aug 05 - All Dishnet channels use Nagravision v2.
  • Sep 05 - 5 days after the 100% Dishnet changeover,
    information on how to hack the new cards is released publically, FTA fixes are released shortly thereafter.
  • Dec 05 - ECM used to loop cards.
  • Jun 06 - ECM used to loop cards.
  • Jun 06 - Dish/Bell replace all subscriber rom101 cards with rom102's and activate an onboard hardware feature, map57. This does not stop hacked cards, but renders FTA which cannot use a hacked card unable to decrypt the signal.
  • Aug 06 - FTA release updated firmware.
  • ??? 06 - ViP (mpeg4) boxes start to have rom206 cards, which is rumoured to support Nagravison v3.
  • Aug 07 - Bell begins a revision update, with the ability to dynamically change the math required to decrypt the stream.
  • Oct 07 - Dish performs the same revision update.


Present Situation
    Both Dish & Bell can dynamically update the code, modifying the math required to decrypt the stream. The math routines are typically called MAPs and each is referenced with a hex byte. The first two used were MAP$57 and $3B, the one currently in use is $30. Because the current rom102 is thoroughly hacked, it only takes FTA manufacturers hours or a few days to add the required changes. This is likely used more as an inconvenience than an actual solution.

DTV was much more aggressive with their anti-piracy measures, both in technical counterattacks (ECMs) and legal persuits.

Conspiracy theory // May 26th, 2001 - Interesting info from an old news log
    This may seem like story out of movie but it is not. There are 2 main satellite companies in USA one is DTV other is Dishnetwork both of these
companies are very competitive with each other, these companies have hired security companies for themselves DTV has security contract with NDS (which is expiring soon) their rival company Dishnetwork uses Nagravision (swiss company) for their security this situation is creating competition between DTV and Dishnetwork for customer base in USA and for security contract for one or both companies between NDS & Nagra (which is up for renewal very shortly) DTV went after a well known American hacker few years ago forced him to sign a deal with them not to do any DSS cards again few months later their security company NDS hires this guy to work for them little while later this hacker comes out with Dishnetwork hack which is sold commercially all over the net since then, Dishnetwork/Nagra went hard after the cards by changing keys, ECMs and receiver attacks along with getting all information about the hackers when they found out NDS employee who was the master mind of this hack they stepped up their surveillance on him and his dealer who sold these cards all over north America they got enough evidences on those guys and came up with their theory they claim that their card (dishnetwork card) was hacked by NDS employee with NDS's help so at contract renewal time they can tell DTV that they are not only one whose card got compromised this can stop DTV to look at Nagravision as their potential security company over NDS this event infuriated Dishnetwok/Nagra they already have evidence on this hacker and his dealer they are trying to get these guys to admit their hack so they can launch a huge law suit against DTV/NDS or DTV and NDS, this shows you what goes behind the scenes sometime.

Manual translation from french - FWIW (5, Informative)

Apogee (134480) | more than 6 years ago | (#22919844)

"Kudelski will lose their case", states the man who pirated their chip cards

Image legend:
Christopher Tarnovsky: "Why would I have published these codes on the net for free? I am not stupid, and I never had the intention of taking that risk."

Main text:
PAID ACCESS SYSTEMS. A key witness in the court case opposing the Swiss group against the media giant News Corporation was passing by in Amsterdam, attending a conference on computer piracy. We met him.

François Pilet, Amsterdam
Saturday, March 29 2008

The audience is glued to the lips of Christopher Tarnovsky. In front of a podium of hackers and security specialists - with an average age of 25 - the self-taught electronics specialist revealed the techniques that allow him to break open chip cards that block access to pay TV chains in the whole world.

The scene takes place in the Mövenpick hotel in Amsterdam, where the European edition of the Black Hat conference was held Thursday and Friday last week. This is one of the prime professional meetings dedicated to computer piracy. Among the twenty or so speakers invited to this big get-together, Christoper Tarnovsky talked for more than one and a half hour in the "Lausanne" room - a sign of destiny (Tr. note: Lausanne is a Swiss city close to the headquarters of the Kudelski Group).

Employed by NDS

The 39 year old American is accused of having been recruited in 1999 by the Israeli company NDS, a competitor of Kudelski, to break the security codes of Canal+ (French Pay TV) and publish them on the Internet, and to have repeated the operation, to the detriment of the Swiss group and its clients. The publication of these codes allowed hundreds of thousands of savvy users to access encrypted TV channels without paying the subscription fees.

The American satellite TV company Echostar also uses Kudelski cards to protect their content. They confirmed having lost hundreds of millions of US dollars due to these pirate activities and demand one billion US$ of damages from NDS, a subsidiary of the media group News Corp.

This April, Christopher Tarnovsky will take the witness stand in a California court in defense of NDS, his employer for ten years following 1997. According to him, Kudelski and Echostar have wholly invented the conspiracy they claim having been victim of in order to mask the weakness of their encryption.

In his eyes, the case against NDS is nothing short of an extortion attempt. "Sure, I've broken the cards of Kudelski", he annoyedly states. "I was paid by NDS to do it. This is an activity that all companies in the trade do. But why would I have published these codes on the Net for free? I am not stupid, and I never had the intention of taking that risk."

Having become an awkward asset, Tarnowsky is no longer employed by the group since a year. He started his own company, Flylogic, through which he offers his know-how to electronics manufacturers, to test the resistance of new products to pirate attacks before they are launched.

Christoper Tarnovsky details the general weakness of systems based on certain chips designed by a handful of companies like Motorola and Infinenon (sic), systems used in products as divers as garage door remotes, car alarm systems and TV decoders.

"Unbreakable? That's wrong!"

"The manufacturers of semiconductors claim that their chips are unbreakable. The companies integrating them into their products trust the specifications they obtain. They believe that their secrets will be well kept. That is wrong, of course."
He showed pictures of his laboratory, set up with second-hand equipment worth a couple of thousand dollars. The centerpiece is a powerful Zeiss microscope to access the heart of the chip, where the precious codes are hidden. Successive layers of silicone are peeled away, using acids and lasers.

The engineer then explains how he takes over control of the card by short-circuiting one by one its protections with long microscopic needles. It takes a few minutes for the weakest of them, a few hours for better designed chips, but the content of the card gives in to these attempts 9 out of 10 times. For such an operation, Flylogic bills "about 30'000 dollars".

When questions were taken, a voice is heard from the end of the room. A Microsoft engineer is wondering: "Did you take an interest in the processor of our Xbox360 game console?" - "I was offered 100'000 dollars to break it", says Tarnovsky. "But I replied that that wasn't enough."

"They didn't invest enough"

The next question comes from an Estonian journalist. His country, forerunner of cyberdemocracy, has introduced a chip-containing identity card, which can be used for e-banking, as well as online voting. "It's a Motorola", sneers Tarnovsky. "An old model, badly protected."

What about the Kudelski cards? A short embarrased silence before his reservations disappear: "Sorry: The last two generations were broken. The next one will be, as well. They did not invest enough into research in the last ten years. Today, Kudelski is running out of money, look at their stocks. They hope to reestablish themselves with this lawsuit, but they will lose."

Re:Manual translation from french - FWIW (1)

kesuki (321456) | more than 6 years ago | (#22922846)

I wonder if the Chinese will hire this guy to crack the chip encryptions scheme discussed a while back... http://it.slashdot.org/article.pl?sid=08/03/06/2115223 [slashdot.org]

sounds like he really knows what he's doing and he might just be the guy to break EPIC protection for the Chinese.

Kudelski's technology is used by DISH Network. (2, Informative)

kriston (7886) | more than 6 years ago | (#22925028)

Please note: Kudelski is the company that developed Nagravision (and please spell it correctly).
Nagravision is what "secures" DISH Network, Bell Open Vu, and a large number of smaller satellite-delivered television properties.
NDS is owned by the same company that owned DirecTV at the time of the Nagravision breach.
The story is predictable.

100000k Isn't that bad. (1)

Cryptacool (98556) | more than 6 years ago | (#22928484)

Well figuring that there are 17 million xbox 360's in the world (give or take I believe) lets say 1% of them install a modchip, assuming it costs 50$ to manufacture them (this is most likely ridiculously high) I bet you can charge 100$ for the chip that runs the program he writes if it lets you play on live guaranteed forever (current chips run 60$ and you have a solid chance of being banned).

Which is what I assume this quote is referring to. Additionally keep in mind that every app pen test researcher out there working for a consulting company gets 200-250$/hr even if they are 1 week out of college. So that 100k only pays for 10 weeks of work, nothing on a project of this scope.

Ok so for the 100k the company gets a cheap they can sell at a profit margin of 50$ for 170k customers. Which gets them 8.5 million dollars (I think this is a conservative number but what do I know.).

I would agree with his decision.

Nagravision hacker reveals smartcard hacking techn (0)

Anonymous Coward | more than 6 years ago | (#22973128)

At this site you can read some more in-dept info about the recent Nagravision hacks. http://ufs910.hdtvinfo.eu/content/view/77/1/ [hdtvinfo.eu]
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?