PhatHack
The Hacking Hoedown => PhatBox Hacking => Topic started by: sbingner on April 08, 2005, 04:35:54 am
-
Quoted from http://www.tek-tips.com/gviewthread.cfm/pid/751/qid/798036
an email i got from Terry Kennedy from the forum
"The protection is cryptographic. You won't crack it in a timeframe that matters
- tell me if the 60GB DMS is still relevant in 10+ years."
Trust me, it won't work. The PhatNoise developers sign all their code
with a RSA (encryption) signing key. Similarly, they read the drive model /
serial / etc. and sign that with their signing key. As with all public-key
cryptographic systems, a signing key is different from a public key - with
the public key you can verify that something was signed with a specific
private key, but you have no knowledge of the private key that was used.
PMM does the same thing to sign playlists, but they are signed with a
different key, since the private key for that is in PMM.
It would take a long time (many computers working for at least many
months) to discover the private signing key.
I "cheated" and used the internal Fujitsu tools to create a second 60GB
drive with the same serial number as a real 60GB DMS.
-
BTW, it took me forever to find this... and took me a long time to re-find it. The google search that turned this up again was
"terry kennedy" protection rsa sign dms
-
Exactly. The options available to solve the problem are narrowing:
1) Get hold of the Phatnoise drive signing utility including their private key - unlikely without someone leaking the utility and key or a break-in of the premises!!
2) Use an identical model of drive used by Phatnoise, change the drive serial number to a known good one and copy the good image to it - probably wouldn't give us much of a price incentive over what Phatnoise already sells for.
3) Change the boot firmware in the Phatbox to skip the drive signing check (i.e. turn it into a red phatbox).
Option 3 is the only way I can see progress being realistically made... :-/
-
someone should contact "acem77". He & I tried a few things a while back but never came back with anything.
He might have some interesting material.
-
Why would it even have to be the same size/style of drive. If you change out the serial number and then load good image... why wouldn't it work?
-
because the other data in the hdparm output will likely be used by the signing utility that Phatnoise runs.. so the model of the drive or other data might have to be the same. We'll have to test that theory though.
-
Has this been tested yet??
I remember reading that a few people had two of the same model drives and I also saw some serial number changers on here.
Or how about taking two DMS cartridges and switching the magic keys and the serial numbers??
If i had two i would try it.
-
Well as soon as we have a way to modify the serial number this will get tested.. however that hasn't happened yet.
I've been real busy with work and haven't been able to mess with my test keg at all.
-
Has anyone gotten their hands on this:
http://www.salvationdata.com/hfrpro_detail.htm
-
Hmm, I've seen that software before. It's the only software I've seen that can change a drives serial number. It only works on Maxtor drives and, as fate would have it, Maxtor is one of the few hard drive companies that doesn't make a 2.5" drive. :(
-
how was it that terry kennedy changed the serial number on his drive?
-
It seems he has access to the software Fujitsu uses internally to program the serial numbers on their drives. Whether it's leaked software that he managed to aquire, or he is affiliated with Fujitsu in some way, I don't know. Anyone here know?
-
Looks like there ARE tools out there that can change serial numbers etc..
www.hdd-tools.com
Seems like these guys have access to restricted areas of the drive as in their "Repair Station", check the docs out and it looks like thay can change the serial number etc... there's also an interesting link shown in the forum for the "Technical Committee T13 AT Attachment"
sends you out to ...
http://t13.org/
-
Wow sometimes I wonder if people read anything already posted...