Lurkers & New Posters In Doom9 Seem To Be Trying To Bait FairUse4WM DRM Hacker | Also... DRM Could Lead To "Bricking" Devices

As I follow the threads in Doom9 (which BTW is a great site!) about viodentia and FairUse4WM, it seems that there are sudden bulletin board lurkers (...myself included) hanging around.  That's not so strange.  What's funny is some folks (who are obvious agents for the dark side) seem to be suddenly posting and baiting viodentia to show his source code. 

Whoever is investigating this alleged theft of source code must be a junior code monkey from the dark side.  You DO NOT need source code to study software internals.  Whoever is asking for the source code or wants the source code should spring out the corporate credit card and buy a copy of DevPartner (formerly SoftIce).

It reminds me of the bumbling investigators HP hired to sniff out the boardroom leaks.  At least the dark side can send some competent folks to ferret out viodentia but then again what's the point? 

It is my opinion the dark side's DRM implementation has fundamental  architectural problems need rebuilding from scratch!  Patching is just a hacking challenge.  Bottom line, either re-write the current DRM implementation or drop it entirely.  Putting out bad software is worse than DRM itself.

The real point is DRM could create a consumer nightmare.  As long as there are those who are willing to challenge DRM system and software, the possibility of "bricking" consumer devices looms.  It is criminal to knowingly write and distribute software that will break systems and hardware but people do it anyway.  Although destructive, bricking devices is the ultimate malicious hack.

This is not a science fiction story.  There is a malicious software that goes around bricking Sony PSPs.  Imagine bricked iPods and Zunes.  It would be the ultimate product recall.

Remember hacking is just time, intent, motive and skill. 

BTW, this is another t-shirt that you can buy from Defective by Design.

Hacking and Breaking Microsoft's DRM: Viodentia Releases Fix For Microsoft's DRM Patch! FairUse4WM rel 1.3 Download Link Here

This was sent to me by some friends and I thought it was amusing.  Many years ago, I co-authored a very interesting article on Windows NT that details the weakness of Windows NT security so I know a little bit ;)  about security.

It's been a while since I tinkered with encryption stuff but it seems to me that based on the description set forth by viodentia, he/she did not and does not need any access to the source code as Microsoft alleges in their federal lawsuit.  In my opinion, it is totally not necessary to see the source code to execute this hack.

For those of you who are real software and crypto geeks, you know that the explanation makes perfect sense and leads one to suspect the allegations of source code theft.  But then again, this is merely my opinion. 

Another opinion, Microsoft does not need a patch, they need a full overhaul of the DRM architecture if they want to fix this very elegant hack.

To poke a little fun, I am featuring two very cool shirts from Defective By Design.  Click on the designs to buy the shirts.

By the way, here' s the explanation by viodentia:

"This new version uses a new extraction approach, courtesy of c0redump. The method no longer requires the selection of a DRM protected file, and should retrieve all ECC keys at once.

FairUse4WM has been my own creation, and has never involved Microsoft source code. I link with Microsoft's static libraries provided with the compiler and various platform SDK files.

Thanks for Rjamorim for graciously hosting in Brazil.

http://pessoal.onda.com.br/rjamorim/FU4WMver13.zip

12815576c78a799114025b3b266dd156 *FairUse4WM.exe

                            by: viodentia"

In my humble opinion, the architecture of Windows DRM is defective by design.

Viodentia's further explanation in doom9.org shows he/she knows his/her stuff...

"The AES key displayed in new key extraction

---

For the v11 individualization, v2ksndv.bla (or v2ks###.bla) is now an XML file. There are two tags of particular interest, the first 40 bytes of "c:PKCert" is the public key for ECC encryption and the "Keys" which stores all the secondary keys.

Each time you re-individualize, the DLL sends "escrowed" key information to Microsoft's servers which decrypts it and re-encrypts it inside this secondary key table. These are all the keys for previous individualizations.

The <Keys> tag is encrypted with AES in Counter mode using the displayed key. To decrypt, create a 16-byte BIG-ENDIAN counter (that is, 16 bytes of 0, next would be 15-bytes of 0's and one 1 byte, and so forth). Encrypt that with the AES key. XOR the output with the next 16-bytes from the tag.

Once decrypted, the Keys tag holds a XML document which in turn has both the old ECC keys (which v1.3 happily extracts for you), and some RSA keys - the RSA keys are apparently new for v11, and I don't know what they're for.

By the way, if one looks at the individualization process in Wireshark, it's conceivable that future individualizations can be handled with the assistence of Microsoft's own servers."

To appreciate the technology behind the hack, you'll have to trace the thread at: http://forum.doom9.org/showthread.php?t=114916

Last opinion, Microsoft can fix it but to claim someone stole the source code to execute the hack leads me to believe that some marketing person talked to the legal guys.  The techies would not allege this given the explanation by viodentia.

The Real Hack On Voting Systems... Hacking The Voter Smart Card To Hack The Vote

No instructional here but consider the following scenarios.

What Is a smart card?

A smart card resembles a credit card in size and shape, but inside it is completely different. First of all, it has an inside -- a normal credit card is a simple piece of plastic.

The inside of a smart card usually contains an embedded microprocessor. The microprocessor is under a gold contact pad on one side of the card. Think of the microprocessor as replacing the usual magnetic stripe on a credit card or debit card.

Magnetic stripe technology remains in wide use in the United States except for voter smart cards that do not use the mag stripes. The stripe is really not the best place to store sensitive information.

A smart card carries the intelligence.

The microprocessor on the smart card is usually there for security but it can carry any payload it is designed for. The host computer and card reader actually "talk" to the microprocessor. The microprocessor enforces access to the data on the card. If the host computer read and wrote the smart card's random access memory, it would be no different than a diskette or thumbdrive.

Smarts cards may have up to 8 KB of RAM, 346 kilobytes of ROM, 256 kilobytes of programmable ROM, and a 16-bit microprocessor. The smart card uses a serial interface and receives its power from external sources like a card reader. The processor uses a limited instruction set but can be configured to do any application.

I learned how to program when computers had 256K of memory and we wrote pretty complex spreadsheets on the IBM personal PC platform.

The demonstration that Ed Felton and company from Princeton University demonstrate that given access to a machine which thousands of electoral volunteers do during the election season that it is trivial to hack the code in a machine. 

The fact is if you have the intent, time, motive and skill... one can hack anything. 

Reverse engineering is trivial if you are an accomplished software engineer.  Check this out: http://www.acm.uiuc.edu/sigmil/RevEng/
and http://en.wikipedia.org/wiki/Reverse-engineer.

If you can hack the machine and are able to introduce a polymorphic and self-deleting virus such as the one demonstrated by the Princeton team, you can also hack it to allow the voting machine to "accept" specially configured smart cards to do whatever you want the darn machine to do.  It could have special executables.  It could force buffer overflows a favorite fault injection technique.  Bottom line is you can do a lot with a 256K capable microprocessor.

By the way, most of the voting machine companies would never be able to detect specially constructed viruses because there is no such thing as virus protection for the operating systems that these machines use.  If Windows XP could be hacked by some Bulgarian teenager, what would the possibilities be for a desperate politician or political party?  Perhaps even a construction company that would benefit from a multi-billion dollar bond measure?

This would give new meaning to technical hacking and social engineering... imagine hacking a country, state or bond measure. 

If the voting machine companies want to prove me wrong, then they should open their source code for public inspection.

I dare the voting machine companies to expose their software to prove they are secure.

BTW, here's a list of tools that can be useful for reverse engineering code.

Crocodile http://kastanie.informatik.tu-cottbus.de/crocodile.htm dead link! CXREF - a C language cross referencing and documenting tool. It produces documentation (in LaTeX, HTML, RTF or SGML) including cross-references from C program source code. From Andrew M. Bishop. http://www.gedanken.demon.co.uk/cxref/ Datrix - software source code assessments with the goal of evaluating the maintainability and the evolability of software products. http://www.iro.umontreal.ca/labs/gelo/datrix/ daVinci - a X-Window visualization tool for drawing directed graphs. http://www.tzi.de/~davinci/ Design Recovery Tool http://www.cse.unsw.edu.au/~drt/ DISCOVER - a commercial a software development and maintenance environment Carnegie Mellon University, 1996 http://www.setech.com then bought by MKS (formerly Upspring Software) and integrated into CodeRover. Supports Impact Analysis, Integrity Checker... Commercial, Integration into VisualStudio, JBuilder, Emacs. http://www.mks.com/upspring.shtml GEN++ - an application-generator to support development of analysis tools for the C++ language. From UC Davis and Bell Labs. http://www.cs.ucdavis.edu/~devanbu/genp/ GOOSE - a tool set for analysing the design of object-oriented software systems (FAMOOS project). http://esche.fzi.de/PROSTextern/software/goose/index.html GraphViz - a graph visualization http://www.research.att.com/sw/tools/graphviz/ GraVis http://www-pr.informatik.uni-tuebingen.de/Forschung/GraVis/welcome.html Headway - a commercial source code visualization and comprehension tool for Java and C++ developers. http://www.headwaysoft.com/ IDA - (interactive disassembler) reverse engineering  at low level. http://www.datarescue.com/idabase/ Imagix - a 3D query and visualization tool. http://www.imagix.com inSight tool suite - Nortel. http://case.ispras.ru/insight/index.html Insure+ - a source level run-time debugger for C and C++. http://sdt.cern.ch/Insure/ Introspector - A long term project to extract MetaData from FreeSoftwareTools like the Gcc,Perl,Bash. From James Michael DuPont http://introspector.sf.net Juliet - an IDE extension for NetBeans, Forte, JBuilder, JDeveloper. http://infotectonica.com/juliet/ Klocwork Suite - a commercial suite of RE products targeted at C, C++, and Java. http://www.klocwork.com/ Logiscope - a source code analyser and test coverage tool for C/C++/Fortran. Telelogic. http://sdt.cern.ch/Logiscope/ PBS Portable Bookshelf http://swag.uwaterloo.ca/pbs/ PL/I Analyzer (REFINE) - an interactive workbench used to analyze and reengineer legacy PL/I systems. Phoenix Software Technologists. http://stout.levtech.com/ Refactorit - an IDE extension with metrics and refactorings engine and integration for Forte. http://www.refactorit.com/ Rigi http://www.rigi.csc.uvic.ca/ SHriMP http://shrimp.cs.uvic.ca/ SNiFF+ - supports reverse engineering, configuration management, workspaces and build management and provides a set of browsers and parsers. Commercial. http://www.windriver.com/products/html/sniff.html Source Browser. C Code Browser, non-commercial, Adam Moravanszky. http://n.ethz.ch/student/adammo/ProBrowser.htm SOURCE CODE BROWSER - commercial product by Alajava. http://www.alajava.com/aubjex/products.htm Source Explorer - commercial tool for source code browsing and re-engineering. http://intland.com/html/__source_explorer.html Source Insight - a commercial project oriented program editor with built-in analysis for C/C++, and Java programs. http://www.sourcedyn.com/ Source Navigator http://sources.redhat.com/sourcenav/ http://oimanager.de/sn.htm (Internet Extensions) SPOOL - Spreading Desirable Properties into the Design of Object-Oriented, Large-Scale Software Systems. http://www.iro.umontreal.ca/labs/gelo/spool/ StP - an UML Editor by Software through Pictures. http://www.aonix.com/content/products/stp/stp.html Surveyor - A tool for source code analysis, visualization, and documentation in most popular languages, OS's, and IDE's. http://www.lexientcorp.com Tarantula - Finding software faults by visualizing test results - very specific views on metrics. http://www.cc.gatech.edu/aristotle/Tools/tarantula/ The Small Worlds - is a commercial application for analyzing and visualizing large-scale software, developed by the Information Laboratory. http://www.thesmallworlds.com/ TkSee - Knowledge-Based Reverse Engineering of Legacy Telecommunications Software. http://www.site.uottawa.ca/~tcl/kbre/ Together ControlCenter - commercial round-trip engineering tool for Java. http://www.togethersoft.com Understand C / FORTRAN - an interactive development environment (IDE) tool providing reverse engineering, automatic documentation, metrics and cross referencing of C / FORTRAN source code. http://www.scitools.com/uf.html http://www.scitools.com/ucpp.html VIBRO (VIsualisation BROker Framework) - Visualisation Research Group, participated in SORTIE project. GXL. University of Durham, UK. http://www.csr.uvic.ca/chisel/collab/reports/VIBRO/Report.html Visualize it - a graphical source code visualization tool for Java. http://www.powersoftware.com/vz/ XGVis -  A system for multidimensional scaling and graph layout in any dimension http://www.research.att.com/areas/stat/xgobi/

Software Stuff

Stuff

Download MTV-NFD-0.9.2.1.exe   Win Ver

Download MTV.zip    Mac ver

http://tv.goodstorm.com