TiVo Community Forums Archives - The end of hacking in sight?

Warning: include() [function.include]: URL file-access is disabled in the server configuration in /home/avsforum/archive.tivocommunity.com/tivo-vb/history/archive_functions.php on line 31

Warning: include(http://archive.tivocommunity.com/tivo-vb/history/header.php) [function.include]: failed to open stream: no suitable wrapper could be found in /home/avsforum/archive.tivocommunity.com/tivo-vb/history/archive_functions.php on line 31

Warning: include() [function.include]: Failed opening 'http://archive.tivocommunity.com/tivo-vb/history/header.php' for inclusion (include_path='.:/usr/local/lib/php') in /home/avsforum/archive.tivocommunity.com/tivo-vb/history/archive_functions.php on line 31
Pages:1

The end of hacking in sight?
(Click here to view the original thread with full colors/images)

Posted by: SmokeBringer

The current information I'm seeing suggests that the DirecTivo boxes running 2.5 are (as of yet) unhackable. It appears as though the new kernel keeps a cached copy of all files on the root partition and performs a checksum on power up. If any actual files in root don't checksum out correctly they are replaced (prior to boot) with the copies (stored in compressed form) in the kernel image.

This appears to be end of hacking on DirecTivo boxes.

Even if someone finds a way to hack the kernel image, I would imagine that Tivo would next begin doing checks on the "call home". If this occurs, then the hacking community would need to develop a "stealth" hack that can hide itself (replace all modified files) during a call home.

As for the SA boxes, Tivo has a decision to make. Should they implement the same anti-hacking measures for SA as they are currently doing for DirecTivo? The big risk I see there is that many people may op to UNPLUG their SA and run without service.

My "crystal ball" says that Tivo will allow hacking to continue on the SA boxes. They are not willing to lose revenue on boxes unplugged due to hacker paranoia.

I am curious as what the "real" hacking guys think about all of this.

------------------
PC Boards Repaired Here!
-- (Ignore the Name) --

Posted by: SmokeBringer

In doing further musing on this subject, the following question comes to mind:

What is left unknown regarding the Tivo's functionality? Are we any closer to the day when an open source version of the Tivo software (myworld, etc) or something functionally equivalent could be produced?

------------------
PC Boards Repaired Here!
-- (Ignore the Name) --

Posted by: osxanalyst

Does this mean I need to add a new hard drive before I get the upgrade to 2.5?

------------------
What we do in life, echoes in eternity

Posted by: oosik77

I doubt that TiVo would mess up the ability to expand your TiVo. Doing so would certainly adversly effect sales. Before we jump to any conclusions here let's remember that 2.5 is in beta and perhaps they are preventing changes while those in the beta program test what TiVo intends on supporting rather than letting those doing the testing change things. Then they have to figure out if they have a real problem based on the "normal" use of a TiVo or on some other use.

I do think that they are trying to get a handle on some of the other hacks going on. Perhaps these are going to be more difficult to achieve in order to keep the program content owners (ie the networks and MPAA) happy.

That's my 2 cents.... your mileage may vary. http://www.avsforum.com/ubb/smile.gif

------------------
I am TiVo of Borg you will be <jump back> I am TiVo of Borg you will be recorded with a Seasons Pass and abosorbed into my collective.

Posted by: ADent

With TiVolutionary's comment about military grade encryption, people fooling with the new PROM image downloaded with 2.0 software (but not installed), I assume the non-plussed reaction to ExtractStream, and people selling online and on eBay modified boxes 'that need no service' I could see why TiVo wants to lock the box up.

BlessTiVo and MadTiVo are run with the drives outside the box so they could leave those abilities around.

Posted by: sjf

quote:
Originally posted by ADent:
BlessTiVo and MadTiVo are run with the drives outside the box so they could leave those abilities around.

BUT! Tivomad creates and modifies scripts on the drive, which are then executed when the tivo boots up. Under this scenario, those files would be deleted/repaired before they could be executed. BlessTivo would still work OK.

------------------
A second was defined in 1967 as "the duration of 9,192,631,770 periods of the radiation corresponding to the transition between the two hyperfine levels of the ground state of the Cesium-133 atom."

Posted by: Otto

chattr +i guys... http://www.avsforum.com/ubb/tongue.gif

------------------
All comments made in this post are my opinion and my opinion alone. Deal with it.
Otto, Zen TiVo Master - Moderator - AVS Tivo Forums - Tivo Underground, Tivo Coffee House
"The way of the portable computer user is as a stony path strewn with plugs and sockets, all the wrong size..." -- Terry Pratchett

Posted by: KRavEN

But chattr +i does not work in 2.5 on the DTivo. If it finds any files that do not match it's signature file, it deletes them or deletes and replaces them and then reboots, If chattr +i is set, when it tries to delete them it will fail, reboot and then try to delete them again, over and over. Boot loop....

This has changed from 2.0.1 on the DTivo where it tries to delete and replace and then keeps going without the reboot.

Posted by: CoosCoos

quote:
Originally posted by oosik77:
I doubt that TiVo would mess up the ability to expand your TiVo. Doing so would certainly adversly effect sales.

How would it "adversly effect sales"? The only people expanding their TiVo are a very small minority of TiVo's customers. And how many of the people in this minority purchased a TiVo simply because it was expandable? A small number, I'm sure.

A minority of a minority does not equate to 'adversly effected sales'.

I personally do not have a DTiVo, so this doesn't affect me except where it might spill over into the SA side of things. But I suppose we'll need to wait until 2.5 is released before we get the final word.

Until then it's just rumor.

------------------
Cous cous is the food.
CoosCoos is your online hero.

[This message has been edited by CoosCoos (edited 08-03-2001).]

Posted by: unoriginal

quote:
Originally posted by CoosCoos:
How would it "adversly effect sales"? The only people expanding their TiVo are a very small minority of TiVo's customers. And how many of the people in this minority purchased a TiVo simply because it was expandable? A small number, I'm sure.

A minority of a minority does not equate to 'adversly effected sales'.

It is a very loud minority.

------------------
Do you sell lives? I really need a life.

Posted by: Otto

It's also a minority with the ability to hurt Tivo very badly by changing to box as to not require service, not require calling in, not require anything.

Locking the box is a bad idea, because it only means that people will need to fight them in order to continue to hack their boxes. And then you end up in the situation DTV is in with DTV hackers. DTV hacking is now basically undetectable unless you do something stupid, and DTV can no longer fight the signal theft on a technological level. By killing almost all simple H card hacks, they drove the sales of emulation boards thru the roof, and it's now at the point where DTV cannot even fight them wholesale, they have to sue them when they find them. It's a sad situation DTV got themselves into, and Tivo might be starting down the same road if they don't watch it.

When it comes to these things, the trick is that any decision made to have an effect in the short term is a bad one. DTV thought it was a good idea, in the short term, to stop H card hacking. In the long term, it's made DTV hacking basically impossible to stop, ever, short of scrapping the whole mess and starting from scratch, which is impossible, of course.

------------------
All comments made in this post are my opinion and my opinion alone. Deal with it.
Otto, Zen TiVo Master - Moderator - AVS Tivo Forums - Tivo Underground, Tivo Coffee House
"The way of the portable computer user is as a stony path strewn with plugs and sockets, all the wrong size..." -- Terry Pratchett

[This message has been edited by Otto (edited 08-03-2001).]

Posted by: SmokeBringer

quote:
Originally posted by Otto:
Locking the box is a bad idea, because it only means that people will need to fight them in order to continue to hack their boxes.

I agree with you. If they totally lock down the DirecTivo boxes, then someone will invent a way to used hacked HU cards/emulators without a need to "call in". At the same time, a community will spring up and form the "Tivo Channel Listing Network". With TCLN, You'll have, say this person responsible for ESPN, and that person responsible for CNN/TWC. All of this aggregate data will be made available to the Tivo boxes via TivoNET or PPP/Serial. It will take some time, but it WILL HAPPEN if they lock-down the boxes.

------------------
PC Boards Repaired Here!
-- (Ignore the Name) --

[This message has been edited by SmokeBringer (edited 08-03-2001).]

Posted by: zaknafein

Keep in mind that TiVo makes NO money on the boxes. If anything, they lose. Where TiVo has to recoup their costs is in the service fees. If TiVo starts locking down boxes to prevent them from being upgraded, the chances of the very dedicated TiVo hacking community jumping ship are very high.

I agree with oosik77. It is most likely that TiVo just wants to make sure that people don't muck around with the software while it is in beta, therefore making it more difficult to debug.

Posted by: brianp6621

quote:
Originally posted by Otto:
It's also a minority with the ability to hurt Tivo very badly by changing to box as to not require service, not require calling in, not require anything.

Locking the box is a bad idea, because it only means that people will need to fight them in order to continue to hack their boxes. And then you end up in the situation DTV is in with DTV hackers. DTV hacking is now basically undetectable unless you do something stupid, and DTV can no longer fight the signal theft on a technological level. By killing almost all simple H card hacks, they drove the sales of emulation boards thru the roof, and it's now at the point where DTV cannot even fight them wholesale, they have to sue them when they find them. It's a sad situation DTV got themselves into, and Tivo might be starting down the same road if they don't watch it.

When it comes to these things, the trick is that any decision made to have an effect in the short term is a bad one. DTV thought it was a good idea, in the short term, to stop H card hacking. In the long term, it's made DTV hacking basically impossible to stop, ever, short of scrapping the whole mess and starting from scratch, which is impossible, of course.

While I don't disagree, I'm not sure I follow...

Say you have 100 hackers total (just using an small number) in the US who are getting free DTV via H cards. Now DTV disables H card hacking required an EMU setup.. Lets assume all 100 hackers invest in EMU hardware and are up and hacking again.. The net result is no change.. The reality is that as DTV makes it harder to hack SOME percentage of the hacking is going to go away...

Your argument is that they shouldn't have tried to stop them in the first place because they only drove hackers to find methods which CAN'T be stopped.. Well why would it matter that they can't be stopped now if you're proposing that DTV shouldn't have tried to stop them to begin with...

Either way you've got a significant portion of the people STILL hacking.. They may have a slight benifit if the new hacks start to exclude some of the original hackers...

I'm just not following how you say that they shouldn't have done something... They should have sat on their hands?

------------------
DSR6000R01 DirecTiVo upgraded to 88 hours
HDR112 dust collector

Posted by: Alexander

quote:
Originally posted by Otto:
In the long term, it's made DTV hacking basically impossible to stop, ever, short of scrapping the whole mess and starting from scratch, which is impossible, of course.

Except that they can -- that's the whole point of the swappable access card. Unless I'm mistaken, isn't the custom encryption ASIC still not broken, thus requiring the emulators to have to "hijack" an H card's ASIC?

So what's to stop them from doing a card swap that uses ONLY a custom ASIC, and not the current off-the-shelf processor connected to an ASIC?

Then the hackers would be back to trying to crack the ASIC by microscopically reading the traces, which just ain't fun or legal -- even in Canada. http://www.avsforum.com/ubb/smile.gif (Isn't that what stopped the PASS card?)

Alex

Posted by: nextguard2

Isn't the logical response to any attempt to prevent expanding the Tivo simply (well it may not be simple to do it well) replace the service?

If Tivo pushes in this direction and the service is replaced what are the chances that the only people who use this will be the hackers?

Thus I don't think Tivo will attempt to prevent expansion of SA tivos if they think it through.

------------------
NextGuard = Paul from Atlanta

Posted by: supervhs

"Think it thru"??? Anyone that works for a company of more than 50 employees knows that logical thinking (even in engineering dominate companies) is not often applied.

Why is Dilbert is so popular -- because it too closely reflects corporate behavior. Please do not expect TiVo to avoid cutting off it's nose to spite it's face just because if they "think it thru" they would realize it is not a good idea.

Why does TiVo require a 800 call (that they pay for) for Guided Setup when there is a perfectly good local access number that could be used? Why can I not do my own setup? This forces unsubbed users to incur a cost to TiVo. (I am sure the logic at TiVo is that no one would not subscribe. Of course, the same logic would have put the subscription price in the purchase price.) So now that they realize this, they are no longer setting the clock on unsubbed units (so I hear) in an attempt to recoup??? Fix a bad situation by making it harder on people.

Personally, I am all for TiVo getting a fair share for the value that they have created. It is a two-way street. Balance will be found - one way or another.

[This message has been edited by supervhs (edited 08-03-2001).]

Posted by: Phlebas2001

quote:
Originally posted by Oh2Smooth:

I'm just not following how you say that they shouldn't have done something... They should have sat on their hands?

They should have done *something* but they did the wrong thing, they started a technology war, what they should have done was to figure out a way to make money from the hackers, or may it not worthwhile to hack.

P

Posted by: richardkleim

How about this - a hack that allows the box to continue updating the guide data and the clock but which cancels out any system upgrade? It would be both possible and legal, if you pay for service. Nothing in my contract w/ tivo forces me to allow them to upgrade the OS. I own this copy of the OS and can hack it all I want legally. I pay for guide data, but cannot be forced to allow OS upgrades. If you disagree, show me where in the law or our contract w/tivo thet I am required to allow OS upgrades...

Posted by: stattenf

I'm not sure I'd take Tivo's actions on the DirectTV/Tivo combo units as the future direction for Tivo as a whole. I'd guess that their contract / agreement with Hughes requires them to protect these boxes from being hacked as much as possible, since DirectTV already has battles with hackers who are trying to steal service from them. If the DirectTV side of a combo box were hacked in such a way to get around the need for a subscription, you can bet that many thousands of people would buy Tivos just to get free satellite tv service.

So, while Tivo may make it really difficult to hack a combo box, I'm not sure they intend to do the same tricks on the standalone boxes.

------------------
-Keith

Posted by: Worf

quote:
Originally posted by supervhs:
Why does TiVo require a 800 call (that they pay for) for Guided Setup when there is a perfectly good local access number that could be used? Why can I not do my own setup? This forces unsubbed users to incur a cost to TiVo. (I am sure the logic at TiVo is that no one would not subscribe. Of course, the same logic would have put the subscription price in the purchase price.) So now that they realize this, they are no longer setting the clock on unsubbed units (so I hear) in an attempt to recoup??? Fix a bad situation by making it harder on people.

1) You cannot program *EVERY* access number into the pre-ship TiVo.
2) You cannot program *EVERY* lineup into the pre-ship TiVo.
3) People are too stupid to do their own setup

You can try to put all of 1 & 2 into a TiVo. But guess what? A TiVo may sit on the shelf for 1 month after software creation, or 12 months, etc. Now, while the majority of lineups do not change in this period, a few do. Same with access numbers. Easiest solution is to download specialized up-to-date information when the customer sets it up. Otherwise you'll end up with a ton of calls saying "None of these numbers work, how do I enter one, etc. etc. etc.", "I don't see my lineup here, what do I do, etc. etc. etc.".

And point #3 is the reason why you can't do your own setup. V-Chip is a failure because people just find it too complicated to use. VCRs displaying 12:00, necessitating the need for autoset VCRs (and numerous complaints when it doesn't work too well - heck, my TiVo screws up my VCR autoset from time to time!).

And for people complaining that forced upgrades are bad, they exist elsewhere too, and several forced upgrades people hated.

Of course, TiVolutionary and other TiVo Inc employees read these forums. Perhaps the hacks that don't work right now can be relayed to them, so TiVo can decide how to properly let them work. And again, it's probably done to keep the DirecTiVoMad hacks (which are anticipated soon) from causing problems initially - a beta can go through several versions of the software. Perhaps they're doing a "feature test" now, fixing bugs in features they're implementing. Then they'll go through an "appeasement" process to make us happy and try to fix what they broke.

Also, this is a feature that hasn't been hidden - 2.0 rumors have stated that this was supposed to exist during then, so none of this should come as a surprise.

Posted by: SmokeBringer

quote:
Originally posted by stattenf:
I'm not sure I'd take Tivo's actions on the DirectTV/Tivo combo units as the future direction for Tivo as a whole. I'd guess that their contract / agreement with Hughes requires them to protect these boxes from being hacked as much as possible, since DirectTV already has battles with hackers who are trying to steal service from them.

Yes, and this is the dilemma that Tivo/DirecTV faces. Lock down the boxes and force hackers to "cut the cord" and use the product without paying for any services. If they keep the box open there will be no driving reason for hackers to do this (IMO).

------------------
PC Boards Repaired Here!
-- (Ignore the Name) --

[This message has been edited by SmokeBringer (edited 08-04-2001).]

[This message has been edited by SmokeBringer (edited 08-04-2001).]

Posted by: vadimr

Guys believe me TiVo Inc is not doing some future tests on 2.5 on combo. I'm sure somewhere from DirecTV side or NDS they want these boxes secured. They don't care about TiVoMad, BlessTiVo since it's not allowing you to do anything except record more shows. I mean who cares how many hours you got? Who cares if you can extract movies from SA? They already been encoded again and they are not as good as DVD quality. Now think again about combo, do you care if you can extract pure MPEG2 that's being send down via satellite? Yes you do! We have recordable DVDs around the corner and this could effect them a little (15%). Since even if you could record you own movie it's not like you just stole it from Hollywood before it was released to the movie theaters.

Are you following me? All of the public hacks such as DTiVoMad, BlessTiVo and ExtractStream are not really all that important.

Oh yeah I forgot to add, TiVo Inc can't add the same security to Stand Alone boxes as they did to combo for a very simple reason. Not enough ram 16MB can't support it.
BTW They updated PROM for combos. Weird huh?

So those people that are afraid that they won't be able to add another hard drive (2nd in combo) or even replace both drives in SA can be OFF guard. Believe me it will never happen. There is no way they can lock down the box. I mean it's just IMPOSSIBLE. No matter what they do to it, it still can be cracked with just a matter of time.

Now Combo owners may (I repeat may) have something to worry about. Like it was mentioned above TiVo has a backup of certain files in the kernel that can be replaced right away (just like in 2.0.1), else it will dial in and download the rest of them. Only this time there is a catch, it will reboot after it replaced them and check again and if they aree not fixed it will do it again. This means chattr +i will not work and it will go into an infinite loop. Yes that prevents TiVoNet and all other shell stuff.

However I believe it's all just a matter of time, maybe a week or so after we finally get 2.5 (Can't wait) before all of the �security" they added could be broken down if needed. And No they don�t have some special release for beta which they will remove later on. How do I know this? I read everything everywhere and I simply understand their strategy and their requirements to meet what they promised in some contracts with 3rd party companies.

All I know, I have already have finished wiring the house for dual tuners and I'm waiting for 2.5 release any day now. You can be scared of it or not but I don�t care I want the damn dual tuners.

------------------
- Vadim
Visit my website (new uncensored TiVo hacking forum) ************.com

I'm ready for Dual Tuners, are YOU?

Posted by: supervhs

quote:

1) You cannot program *EVERY* access number into the pre-ship TiVo.
2) You cannot program *EVERY* lineup into the pre-ship TiVo.
3) People are too stupid to do their own setup

Worf:
1) MSN, EarthLink, and other national ISPs post local access numbers on the web, so there is no need to program every access number. The 800 number can be there for backup.
And, if I want to Repeat Guided Setup because I want to change my source, doesn't my TiVo already have a local access number? but still uses the 800 number.

2) It would not be difficult to set the TiVo up initially with Ant 1-67, Cable 0-99, Sat 100-999 and let the user assign station names just like they would "Search by Name" to find a program to record. Of course, this effort would not be required if the user subscribes. Again, TiVo decided that the only way someone would use it is with the service and thus pays for those 800 calls expecting to reap the service fee.

3) Imagine if the TiVo box worked out of the box like my VCR and the user was given the extras by subscribing. The choice would be much easier when deciding if it was worthwhile. "Too Stupid" people would be very willing to subscribe to get the added functionality. Instead, without a subscription, you get something with less functionality than a VCR. This has resulted in people making hacks (even for profit) to give back basic functionality.

People are already seriously considering canceling their service because of recent "bad" things that the TiVo service has done (forced upgrades, not allowing changes to system files) and the rumors of future encryption. People are working on creating their own service data. Remember, when PCs first came out, "You can balance your checkbook" was a big feature. Making your own MP3s was not. People stretched the capabilities of the computer and the results (generally) have benefited the masses. MACs were "locked boxes" compared to IBM boxes. Apple lost the market share, IBM got out of the PC business, and the open PC box is now everywhere. TiVo is starting to look like a MAC and may end up the same way (still in the game, but not on top).
Hopefully you are right about TiVo people reading these forums and they will reach a fair balance such that we can hack in ways that do not harm TiVo (I really like the simple freespace script that lets me know how much room is left). Unfortunately, most corporations do not have that kind of future thinking.

[This message has been edited by supervhs (edited 08-04-2001).]

Posted by: Worf

Yes, TiVo does read these forums. If you want, send a private message to TiVolutionary (who shows up from time to time here, but I'm sure he reads the interesting posts). I suppose if you really want to talk to him, post in the forums that he reads, or private message him.

As for the dialup numbers, you expect someone to "go to this URL, and enter in the number that's appropriate for your location"? I know some people would, but others won't. They'd ask why they have to bother - why doesn't the box do it itself.

Anyhow, TiVo is made to work with the TiVo service. I'll admit that they made a mistake by not asking people to sign up with their TiVo, and not forcing people to subscribe to use the box. That's their error, and their mistake.

It's not only TiVo that's been forcing upgrades, btw. Some popular games (Quake 3 Arena, Diablo 2, among others) force users to upgrade if they want to use multiplayer. This can be likened to TiVo requiring upgrades if you wish to use the server. If you don't use the service (like I do, because TiVo doesn't *yet* offer service in Canada), you don't get upgrades. And no, these upgrades do cripple certain things, like re-balancing skills and abilities. And people who used certain hacks to get an advantage suddenly discovered that they can't anymore.

I wonder though, if TiVo would be in the same place if they hadn't allowed these hacks in the first place... of course, I think DirecTV has the most power in dictating what TiVo does to the DirecTiVo boxes. If DirecTV says "Users may not have TiVoNet", TiVo has to comply, or DirecTV can simply shut off service to all DirecTiVos.

Of course, I have faith in the fact that if TiVo locks up the boxes, we'd find a way to break it within a week! At least to the extent to getting TiVoMad/etc to work again.

Posted by: TUSER

So does this mean that a DirecTivo that has an 80 gig hard drive added in will not work when 2.5 is released?

Posted by: SmokeBringer

quote:
Originally posted by TUSER:
So does this mean that a DirecTivo that has an 80 gig hard drive added in will not work when 2.5 is released?

Very unlikely that an existing upgrade would be broken since the partition and file structure is (mostly) static across an upgrade. Also, expanding space by adding drives should work even after the upgrade occurs. What can't be "hacked" in 2.5 is modifiying any startup files, which needs to be done if you want to communicate with the Tivo (either voa serial or TivoNET) after it has booted.

------------------
PC Boards Repaired Here!
-- (Ignore the Name) --

Posted by: supervhs

quote:

As for the dialup numbers, you expect someone to "go to this URL, and enter in the number that's appropriate for your location"? I know some people would, but others won't. They'd ask why they have to bother - why doesn't the box do it itself.

Would that be like asking the user to got to www.tivo.com to subscribe? Grin

Posted by: vadimr

The quide setup is good, stop complaining. If you live outside US or UK then I guess you can't have a TiVo and if you do want one stop complaning. No company will go loosing money so 2-3 people can have TiVo service there. If they would do it, it would be very stupid move.

However think about what you mean by "locking down", is it really possible? No! What can the lock?

Someone said that they should of made people get service, like an agreement or something. Well then many people would not buy one, I'd be one of them.

------------------
- Vadim
Visit my website (new uncensored TiVo hacking forum) ************.com

I'm ready for Dual Tuners, are YOU?

Posted by: tivoright

TIVO can move to "lock down the box" by flashing a new BIOS which only boots after successfully authenticating the drive and using public key encryption in the HD driver to prevent
anyone else from writing on the root partition (yeah you can write in clear text on the drive but one would have to know the private key to encode it so that it decodes correctly). Both the BIOS and the kernel would have to be hacked in order to circumvent this.

Can I clip a pin or wire it to +5 to prevent TIVO from flashing my PROM?

Posted by: bostonte

I suggest that Combo-Box owners keep in mind that TiVo doesn't have much to do with anything. When you attach your Combo-Box to your feed, it's no longer a TiVo -- it's a DirecTV Receiver with Tivo Service. Hence, it's covered in your DirecTV contract.

I believe if you read your DirecTV contracts fully, you will discover that any receiver attached to their feed no matter from where purchased is covered by the terms of your contract which are pretty explicit on what you can and cannot do. I also believe they go so far as to specify that as long as a receiver is connected to their feed, they can upgrade it whenever they want....

It's been a while since I read a DirecTV contract, but don't go bitting of TiVo's behind when they're not who you should be chasing...

Posted by: vadimr

One word, Impossible.

Technicly it's just no possible, relax no one will lock down your box. Chill

quote:
Originally posted by tivoright:
TIVO can move to "lock down the box" by flashing a new BIOS which only boots after successfully authenticating the drive and using public key encryption in the HD driver to prevent
anyone else from writing on the root partition (yeah you can write in clear text on the drive but one would have to know the private key to encode it so that it decodes correctly). Both the BIOS and the kernel would have to be hacked in order to circumvent this.

Can I clip a pin or wire it to +5 to prevent TIVO from flashing my PROM?

------------------
- Vadim
Visit my website (new uncensored TiVo hacking forum) ************.com

I'm ready for Dual Tuners, are YOU?

Posted by: vadimr

I believe so far they can't do anything even when it's in their feed.

quote:
Originally posted by bostonte:
I suggest that Combo-Box owners keep in mind that TiVo doesn't have much to do with anything. When you attach your Combo-Box to your feed, it's no longer a TiVo -- it's a DirecTV Receiver with Tivo Service. Hence, it's covered in your DirecTV contract.

I believe if you read your DirecTV contracts fully, you will discover that any receiver attached to their feed no matter from where purchased is covered by the terms of your contract which are pretty explicit on what you can and cannot do. I also believe they go so far as to specify that as long as a receiver is connected to their feed, they can upgrade it whenever they want....

It's been a while since I read a DirecTV contract, but don't go bitting of TiVo's behind when they're not who you should be chasing...

------------------
- Vadim
Visit my website (new uncensored TiVo hacking forum) ************.com

I'm ready for Dual Tuners, are YOU?

Posted by: tivoright

One word, Impossible.

Technicly it's just no possible, relax no one will lock
down your box. Chill

Would you elaborate on this (the technical issues that prevent TIVO from making it much more difficult to hack SA units in their current architecture?) What is it that you see as their Achilles' heel?

Posted by: Worf

quote:
Originally posted by supervhs:

Would that be like asking the user to got to www.tivo.com to subscribe?

Ah, but at least in most cases, you get to set up the new device without having to subscribe initially. You've gotten the ability to play with it a couple of days before you can go on the web casually to subscribe (or call).

Of course, what TiVo needs to fix is the initial length of guided setup. 3+ hours is a long time to wait to play with a new toy!

Posted by: vadimr

It's very simple to explain! With the current hardware which is slow for any type of encryption, they can't do anything. They might slow it down for a week or so, just so they can attract more sponsors but they will not be able to do anything to the current hardware. Combo boxes are a bit different story, they have little faster CPU and 32MB of ram. However they already implemented file checking system that is a very interesting system but it's not absolute. There are ways around it, and you will see more of them later on.

quote:
Originally posted by vadimr:
One word, Impossible.

Technicly it's just no possible, relax no one will lock
down your box. Chill
[B]

quote:
Originally posted by tivoright:
[B]
Would you elaborate on this (the technical issues that prevent TIVO from making it much more difficult to hack SA units in their current architecture?) What is it that you see as their Achilles' heel?

------------------
- Vadim
Visit my website (new uncensored TiVo hacking forum) ************.com

I'm ready for Dual Tuners, are YOU?

Posted by: dockb

Since I've just ordered my 40g Quantum drive for the Directivo combo, when is 2.5 coming out? I want to have this installed before then.......

35 hours is just not long enough to record and keep all the movies I want!

Posted by: Delta

quote:
Originally posted by vadimr:
It's very simple to explain! With the current hardware which is slow for any type of encryption, they can't do anything. They might slow it down for a week or so, just so they can attract more sponsors but they will not be able to do anything to the current hardware. Combo boxes are a bit different story, they have little faster CPU and 32MB of ram. However they already implemented file checking system that is a very interesting system but it's not absolute. There are ways around it, and you will see more of them later on.

The main processor (IBM403GCX) is very slow. In fact it has just enough power to coordinate the tivo software with the other chips like the real-time MPEG2 encoder (CXD1922Q), MPEG decoder (CS22), and crypto chip. I believe that if TiVo decided to utilize that crypto chip then they would have more that enough power to lock all of the tivo files.

------------------
Back to the old drawing board...

Posted by: Otto

quote:
Originally posted by Delta:
The main processor (IBM403GCX) is very slow. In fact it has just enough power to coordinate the tivo software with the other chips like the real-time MPEG2 encoder (CXD1922Q), MPEG decoder (CS22), and crypto chip. I believe that if TiVo decided to utilize that crypto chip then they would have more that enough power to lock all of the tivo files.

You're forgetting that in order to be usable, they have to be unlocked or decrypted at some point. You intercept that process and voila. Crypto is not some magic holy grail, it works just like anything else.

In any case, the crypto chip does not do what you think it does... Not directly anyway.. Bit hard to explain, but suffice it to say that what you're thinking of will not occur.

------------------
All comments made in this post are my opinion and my opinion alone. Deal with it.
Otto, Zen TiVo Master - Moderator - AVS Tivo Forums - Tivo Underground, Tivo Coffee House
"The way of the portable computer user is as a stony path strewn with plugs and sockets, all the wrong size..." -- Terry Pratchett

Posted by: Delta

quote:
Originally posted by Otto:
In any case, the crypto chip does not do what you think it does... Not directly anyway.. Bit hard to explain, but suffice it to say that what you're thinking of will not occur.

Anyone know where I could get my hands on a datasheet for the crypto chip?

------------------
Back to the old drawing board...

Posted by: cnaumann

quote:
Originally posted by Otto:

Locking the box is a bad idea, because it only means that people will need to fight them in order to continue to hack their boxes. And then you end up in the situation DTV is in with DTV hackers. DTV hacking is now basically undetectable unless you do something stupid, and DTV can no longer fight the signal theft on a technological level. By killing almost all simple H card hacks, they drove the sales of emulation boards thru the roof, and it's now at the point where DTV cannot even fight them wholesale, they have to sue them when they find them. It's a sad situation DTV got themselves into, and Tivo might be starting down the same road if they don't watch it.

I just have to throw in my 2 cents here. Of course I do not personally know any DTV hackers, but if I did know any I am sure that they would tell me that the main reason they hack DTV is so that they can get the major networks in their area, not to get free service. Remember, congress has made it illegal to receive a network in your area via cable or satellite from a non-local station if a station within about 80 mile is broadcasting it. This stupid law is KILLING DTV, both by making legal DTV undesirable, thus making hacked DTV desirable, as well as free. Broadcast TV should have died off 5 years ago, and the UHF spectrum allocated to more useful things.

As far as the end of hacking, there is no way that TiVo can stop the hacking of stand-alone boxes. The only thing that they can do is to make their pay service incompatible with current generation of hacked stand-alone boxes. That would be a very bad move.

The analogy between DTV and TiVo is flawed in several ways. Hacking a DTV box to steal programming is illegal. Hacking a TiVo is not illegal. Even modifying a TiVo to work without TiVo's service is not illegal. Stealing TiVo's service would be illegal, but the TiVo box is your own. You are free to run whatever program you choice on it. Many people here assume that since TiVo loses money on every box sold, that somehow TiVo has a legal right to tell you what you can do with your box. They do not. They may have the right to terminate their subscription service to you if you modify the box, but that is really as far as their right go as far as the Stand alone boxes go. They could make some stink about using part of their code in a way they had not intended you to do, and with a good lawyer they might even win that arguement.

They could of course make the boxes very difficult to hack, they could cover the entire board with black epoxy, and encrypt everything on the harddrive. I am not sure what the point would be. I think it would be better if they stopped selling the boxes for a loss.

TiVo does have a patent on the recording and playing back of MPEG data to a hard disk. I am not sure how this would apply to a hacked box. It could make manufacturing a hacked box or selling the hack of a box illegal. It is legal for an individual to used patented technology without the patent holder's permission in some cases. At this point I will stop pretending to be a patent lawyer.

Direct TiVo is completely different animal. The DMCA may in fact prevent you from making a digital copy of an encrypted data stream. It is not that TiVo has the right to tell you what to do with the box, but modifying it could very well make the box illegal. TiVo, as the manufacturer of the box, has some obligation to stop this practice. That seems to be what they are doing.

Lastly, it has been said over and over here that the hackers (including the 'BlessTivo kiddies') are a very small minority of TiVo owners. After reading TiVo latest filing with the SEC (which basicially says that TiVo has much, much bigger problems than hacking), I have come to conclude that there are remarkably few TiVos out there. I am still sure that only a small number of them are hacked (expanded) but I bet it is not _that_ small.

[This message has been edited by cnaumann (edited 08-06-2001).]

Posted by: Arjuna34

quote:
Originally posted by Delta:
Anyone know where I could get my hands on a datasheet for the crypto chip?

According to the 9th Tee description , this is the Atmel crypto-chip datasheet .

Arjuna34

Edit by Otto: Fixed links.

[This message has been edited by Otto (edited 08-07-2001).]

Posted by: SirWill

quote:
Originally posted by cnaumann:
I just have to throw in my 2 cents here. Of course I do not personally know any DTV hackers, but if I did know any I am sure that they would tell me that the main reason they hack DTV is so that they can get the major networks in their area, not to get free service. Remember, congress has made it illegal to receive a network in your area via cable or satellite from a non-local station if a station within about 80 mile is broadcasting it. This stupid law is KILLING DTV, both by making legal DTV undesirable, thus making hacked DTV desirable, as well as free. Broadcast TV should have died off 5 years ago, and the UHF spectrum allocated to more useful things.

Actually I think your data is out dated. While I have cable I have multiple neighbors, relatives and friends with dish/directtv stuff that get the local channels now. You pay more for them.($5?) I belive part of the deal is they only offer it in major markets, and they have to have an agreement with the local stations to offer it. (i.e. compensation).

Posted by: Worf

Just a correction.

The 9th Tee description and here and here are the brochures.

And here is some information on the processor used in the TiVo itself. Note that most of the information is under NDA... could it be... security solely through obscurity?

I doubt the processor has enough power to do real-time encryption of the video. I suspect it just encrypts stuff like the MFS equivalent of a file table...

Edit: stupid me. I forgot to close a UBB tag.

[This message has been edited by Worf (edited 08-07-2001).]

Posted by: dmz

quote:
Actually I think your data is out dated. While I have cable I have multiple neighbors, relatives and friends with dish/directtv stuff that get the local channels now. You pay more for them.($5?) I belive part of the deal is they only offer it in major markets, and they have to have an agreement with the local stations to offer it. (i.e. compensation).

It is certainly possible to get some local stations in some areas of the country with DirecTV. For instance, here in Los Angeles, I have my local ABC, CBS, FOX, NBC, and WB affiliates, plus an independent station (KCAL 9) which made it onto the dish when the local UPN station decided to play hardball with the DirecTV people. I have no way of getting a UPN - nor any of the other broadcast networks here, if I wanted them. In fact, I also have the distant networks package - so I get the east coast feeds of ABC, CBS, FOX and NBC - but there's still no way for me to get a UPN. Would I hack my DirecTV receiver to get a UPN? Certainly, if I could get away with it and it would keep me from needing my standalone ReplayTV box just to record that one channel at a quality inferior to that of the DirecTV/TiVo combo unit. I mean, I pay the DirecTV people over $80 a month and they still won't give me a UPN. Even if I got a waiver from my local UPN station, they wouldn't give me a UPN. That's just not reasonable, and it makes it quite understandable that some people hack their DirecTV receivers to get local stations.

(Note: I have not hacked, and have no intention to hack, the DirecTV service portion of my DirecTV/TiVo combo unit :)

------------------
Daniel M. Zimmerman
Caltech Computer Science

[This message has been edited by dmz (edited 08-07-2001).]

Posted by: vadimr

I hope you realize you can't encode anything with crypto?
It can't even create a digital signature, it stores password, serial and algorithm to verify signatures (not 100% sure). Good luck trying to utilize it!

Edit: Forgot to add, it only has EEPROM of 32KB, so yeah, REAL TIME ENCYRPTION!! All the way, I heard it can even produce new screws and screw them from the inside so you can no longer open your TiVo, just don't tell anyone because I'm under NDA and don't close your tivo or it will get screwed when 2.5 gets released!.

quote:
Originally posted by Delta:
The main processor (IBM403GCX) is very slow. In fact it has just enough power to coordinate the tivo software with the other chips like the real-time MPEG2 encoder (CXD1922Q), MPEG decoder (CS22), and crypto chip. I believe that if TiVo decided to utilize that crypto chip then they would have more that enough power to lock all of the tivo files.

------------------
- Vadim
Visit my website (new uncensored TiVo hacking forum) ************.com

I'm ready for Dual Tuners, are YOU?

[This message has been edited by vadimr (edited 08-07-2001).]

Posted by: SmokeBringer

I'm not sure I understand the relevance of the encryption discussion to the topic of this thread. I started the thread because I became aware of a rumor that with DirecTivo boxes running the 2.5 Beta software, it was impossible to hack the /root files to get TivoNET or a serial bash shell.

If this rumor is true, then encryption will not be necessary to protect MPEG data, since there will be no possible way to talk to the Tivo box via either RS-232 serial or Ethernet.

------------------
PC Boards Repaired Here!
-- (Ignore the Name) --

Posted by: kevina500

TivoNet, along with many other things works fine with 2.5 (beta). Don't pay too much attention to rumors.

------------------
Kevin

Philips HDR 212 w/(2) 100GB drives

Posted by: KRavEN

quote:
Originally posted by kevina500:
TivoNet, along with many other things works fine with 2.5 (beta). Don't pay too much attention to rumors.

Maybe on an SA tivo they do, but if you had read the thread thoroughly you would have seen that he was talking about a DTivo and getting a bash prompt or TivoNet to work on it is not currently possible...

Posted by: kevina500

Yes, you are right. I visually missed the DirecTivo part and I appologize but there is no need to be a smart ass about it.

------------------
Kevin

Philips HDR 212 w/(2) 100GB drives

Posted by: vadimr

Yes, there is a need, because this kind of thing trows people off subject if its not pointed out in a harsh way!

quote:
Originally posted by kevina500:
Yes, you are right. I visually missed the DirecTivo part and I appologize but there is no need to be a smart ass about it.

------------------
- Vadim
Visit my website (new uncensored TiVo hacking forum) ************.com

I'm ready for Dual Tuners, are YOU?

Warning: include() [function.include]: URL file-access is disabled in the server configuration in /home/avsforum/archive.tivocommunity.com/tivo-vb/history/archive_functions.php on line 37

Warning: include(http://archive.tivocommunity.com/tivo-vb/history/footer.php) [function.include]: failed to open stream: no suitable wrapper could be found in /home/avsforum/archive.tivocommunity.com/tivo-vb/history/archive_functions.php on line 37

Warning: include() [function.include]: Failed opening 'http://archive.tivocommunity.com/tivo-vb/history/footer.php' for inclusion (include_path='.:/usr/local/lib/php') in /home/avsforum/archive.tivocommunity.com/tivo-vb/history/archive_functions.php on line 37