Author Topic: How to protect our precious Phatbox? Do we've to?  (Read 15182 times)

0 Members and 1 Guest are viewing this topic.

Offline para

  • Senior Member
  • Veteran.
  • *****
  • Posts: 181
How to protect our precious Phatbox? Do we've to?
« on: June 06, 2005, 07:08:08 am »
Ok guys, don't start a flamewar on this but now as we're getting some steps ahead we might need to consider something:

Is there a way of blessing our own drives WITHOUT cracking the DRM security used for audible and the like? As it turned out this is the (understandable) major concern of Phatnoise because their deals with GM might get into trouble when we open the DMS/PB - and that won't be of anyone's use!

I mean they're often blamed to rip us off with their DMS pricing policy - and they do IMHO - but securing their DRM features is a real good argument, whether one likes DRM or not...

It might be even too late to lower the prices in the wake of us opening the box.

So what does it mean when we accomplish our task? Will the DRM features automatically be broken?

Any thoughts?
« Last Edit: June 06, 2005, 05:13:52 pm by para »

Offline A543

  • Senior Member
  • Veteran.
  • *****
  • Posts: 214
Re: How to protect our precious Phatbox?
« Reply #1 on: June 06, 2005, 03:59:36 pm »
Quote
but securing their DRM features is a real good argument, whether one likes DRM or not...


Phatnoise has made their own bed...

When I read about the 20 something year old Phatnoise employees riding around in new Mercedes and living in Malibu, I don't picture a company on the edge financially. When I see statements in interviews with Phatnoise employees saying things similar to "the road to profit is a short one" it doesn't fill me with a sense of Phatnoise struggling along.

Think about this, when will a person need a new cable? When they've bought another car.  So now they can either say goodbye to their Phatbox, or pay Phatnoises outrageous price for a cable.  
It's no accident that Phatnoise sells cables for $120.00! The price is intentional because they know that they have the customer over a barrel.
Why does Phatnoise mark up the drives way beyond reason, because they can! They are the only source!
I've said it before, and I'll say it again. I personally, don't care about the key and having to buy drives from Phatnoise only, it's the price that is unfair. DRM has absolutely nothing to do with the markup of the drives.
Phatnoise treats us like lemons to be squeezed, and squeezed hard!  Too bad for them if we've gotten fed up and decided to squeeze back!

My two cents.

para, this wasn't a flame directed at you at all, just a general response to your question, even if it did get me wound up.

Offline spin

  • A few posts under my belt.
  • *
  • Posts: 23
Re: How to protect our precious Phatbox?
« Reply #2 on: June 06, 2005, 04:02:09 pm »
Who cares. I paid ~$800 for an mp3 player. I want to be able to run any code I want to it. If their business is in jeapordy because of broken DRM, then they shouldn't have put that much faith in it to begin with. I doubt DMS blessing would end up hurting them anyways, its not like your casual user is going to be replacing their DMS guts, even if we could bless it.

Offline Genesis

  • Getting the hang of things.
  • **
  • Posts: 83
  • Bite Me
Re: How to protect our precious Phatbox?
« Reply #3 on: June 06, 2005, 04:22:56 pm »
I dont' see the issues as being connected.

First, I have every legal right to hack anything I actually own. I didn't license a Phatbox, I bought a piece of hardware.  If I run some other code on it, that's tough crap for them once I've figured out how to do it.

I am breaking the law if I use that capability to steal music that I don't have a right to use.  I am not breaking the law if I use that capability to enhance or repair a product I have ownership and title of.  I was not required to sign a license agreement (digitally or otherwise) to buy the Phatbox I own - its mine.  What I run on it is my business.

Consider the car companies with flash code in the ECU.  There are hundreds of firms that "chip tune" vehicles.  There's nothing illegal about you hacking the code in your ECU.

Second, Phatnoise has brought this upon themselves.  By de-featuring some of their models (the Kenwood firmware) and extortionate pricing on necessary parts (disk drives DO fail, you know) they've driven people to take this action.  At some point the expense makes it worth the effort.

There is no DRM issue.  Phat's software can refuse to DRM-sensitive load content onto an "unblessed" drive.  That they didn't bother with this belies THEIR foolish reliance on a strategy that appears to have been fatally flawed.

There IS a way to solve the "blessing" problem - Phat can release the drive signing code and the private key, or make it possible for us to bless our own drives.  

They would have to decide to do this pretty quickly though, because it appears that the game is pretty much over.

As I pointed out a few days ago the more complicated you make something, and the more you try to exploit that "something" to profit unreasonably, the more likely that one can figure out where to throw their "Sabot" into the works....

Offline judb

  • Administrator
  • Veteran.
  • *****
  • Posts: 1329
  • ph4t l3wtz
Re: How to protect our precious Phatbox?
« Reply #4 on: June 06, 2005, 04:39:01 pm »
Quote
I dont' see the issues as being connected.

There IS a way to solve the "blessing" problem - Phat can release the drive signing code and the private key, or make it possible for us to bless our own drives.  

They would have to decide to do this pretty quickly though, because it appears that the game is pretty much over.

As I pointed out a few days ago the more complicated you make something, and the more you try to exploit that "something" to profit unreasonably, the more likely that one can figure out where to throw their "Sabot" into the works....



Hey, you know, there is another way to solve the problem from the phatnoise end.. well two ways.

1. (the least likley, however in my mind its the best all around solution) release firmware updates that REMOVE Audible playback and works with unsigned drives.  This negates us from having to bypass their DRM / Drive locking and lets us have what we, the customer, want...

2. Sue the everloving shit out of all of us involved on this board and that post any information about us.  I this sadly seems the more likley option as they are a corporation and this avenue of breaking the DRM could cost them one or two revenue streams.  Stream 1, raping us for drive upgrades and replacements.  Stream 2, license revenue from other channels of distribution (GM etc..)

I really hope #2 doesnt happen.  We havent really broken anything yet.  However with this new method we could very simply mount another drive if we can get two drives to run power wise off the unit and cable up the second drive.  I dont know if their IDE controler would support that but we could create the dev devices with a script and mount the partition using a modified playlist.  We could change the startup sound to be a file format that executes our script.  

Giving up WMA or FLAC or OGG to do the script would be required ... that is if we can do it by replacing all of those players..  or maybe the AA player for audible.

This is an ugly hack method im not keen on but its a possibility that doesnt even require us to hax0r the DRM out or change the BIOS / Bootloader.  :)
« Last Edit: June 06, 2005, 04:39:26 pm by judb »

Offline judb

  • Administrator
  • Veteran.
  • *****
  • Posts: 1329
  • ph4t l3wtz
Re: How to protect our precious Phatbox?
« Reply #5 on: June 06, 2005, 04:44:49 pm »
More on the additional drive idea..

we'd have to use plsign or something to create the playlists on the original drive that point to our new mount location.. that or ditch the PMM and use a windows version of phat4x that has support for a second drive mount.

Still, we need to see if we can get the two drives connected and detected by the kernel ... I'd guess that we would have a problem with the way the ide controler is set up on the board, not a software problem hosing us.

Offline para

  • Senior Member
  • Veteran.
  • *****
  • Posts: 181
Re: How to protect our precious Phatbox?
« Reply #6 on: June 06, 2005, 05:12:28 pm »
Quote
There is no DRM issue.  Phat's software can refuse to DRM-sensitive load content onto an "unblessed" drive.


I think this is the answer to my question and I tihnk you're right! As I said I also don't wanna justify the pricing policy with DRM. It's just mad, but let's stop this as this community needs to distinguish itself from "others" ;)

Quote
1. (the least likley, however in my mind its the best all around solution) release firmware updates that REMOVE Audible playback and works with unsigned drives.  This negates us from having to bypass their DRM / Drive locking and lets us have what we, the customer, want...


I think the second way won't happen as Genesis has the correct view on it. We're not about to release any information on how to circumvent a copy protection (that's be illegal) scheme, are we?!

So this way would be the easiest for all...

Thanks


PS: @A543: no problem, got it.
« Last Edit: June 06, 2005, 05:13:14 pm by para »

Offline judb

  • Administrator
  • Veteran.
  • *****
  • Posts: 1329
  • ph4t l3wtz
Re: How to protect our precious Phatbox? Do we've
« Reply #7 on: June 06, 2005, 05:57:32 pm »
no, see, if we defeat the drive signing (remove it as a requirement) then we also defeat the core of their DRM strategy.  if we go with a second drive (unsigned) option then we might get around it where we can still have DRM but not have restrictions on the drive capacity exactly (which will require a hardware mod or two) then we might be in the clear but I think any method we come up with thats non hardware mod related will be seen as a DRM hack / crack possibly and be subject to potential legal action.

Offline Firefox

  • Needs to get outside.
  • ***
  • Posts: 124
  • Kenwood 710 Keg 80GB ;-)
Re: How to protect our precious Phatbox?
« Reply #8 on: June 06, 2005, 06:28:39 pm »
Quote


1. (the least likley, however in my mind its the best all around solution) release firmware updates that REMOVE Audible playback and works with unsigned drives.  This negates us from having to bypass their DRM / Drive locking and lets us have what we, the customer, want...



Agreed - this is what they have to do.
Only a small percentage of us actually give a sh*t about Audible and other DRM content. You could even have firmware that decides behaviour - the Firmware says "hmmm, unsigned drive, me no play Audible....." or "aha, signed drive, i'll play it all........"
Then you could keep one (official) DMS for Audible/other DRM and another (homebrew) for anything else.

Congrats to everyone for getting this far. I've been watching in awe (chewing the mints and pacing up and down like the proverbial expectant father after helping out at the conception :) ) as the surgeons moved in....

Offline para

  • Senior Member
  • Veteran.
  • *****
  • Posts: 181
Re: How to protect our precious Phatbox? Do we've
« Reply #9 on: June 06, 2005, 06:50:07 pm »
Quote
but I think any method we come up with thats non hardware mod related will be seen as a DRM hack / crack possibly and be subject to potential legal action.


Do you think this would be a violation of the DCMA (does it protect protections?)? I'm no lawyer but I still doubt that...

Para

Offline Genesis

  • Getting the hang of things.
  • **
  • Posts: 83
  • Bite Me
Re: How to protect our precious Phatbox? Do we've
« Reply #10 on: June 06, 2005, 07:02:26 pm »
I don't see any possible legitimate legal attack on us in the way we're doing it and for the purposes we're doing it.

AND, since Phat is apparently a Californicated company, they have to worry about California's Anti-SLAPP law, which is very dangerous ground for them.

Just ask PADI (the diving folks) - they tried to silence someone who was saying something uncomplimentary about them, and while it took a while, the result was a large sanction ruling against them AND all of the attacked's legal costs being paid.  Their founder died of a heart attack the day the ruling came down - you have to wonder if his coronary was precipitated by the "bad news" being delivered to him.....

If we were doing this for the purpose of stealing Audible content, THEN they'd have a leg to stand on and we'd be in deep kimchee.  We're not - we are doing this to enhance and be able to repair products we already own.

Both of those actions are PROTECTED under the law.  There is ample precedent in the chiptuning business which is also specific to the automobile market (as this kinda is) - Ford, GM and others have tried (and failed) to get the chiptuners shut down on the argument that their code is "proprietary" - they have lost because you didn't have to agree to their terms to buy the car.  No contract, you own the TITLE to the vehicle, you do what you want (so long as you don't break any EPA rules doing so.)  

The same holds here.  There was no shrink-wrap license associated with the Phatbox, nor any document I signed.  I paid, I got TITLE to a device.  I am free to make modifications to it in order to enhance its functionality or to enable its repair if it was to (or does) fail.

Phat can easily release PC software that simply refuses to load audible content on any DMS that is not blessed.  This is what they should have done originally.

Frankly, I doubt very much that there is even a 1% "uptake" on Audible content use with their hardware.  I took one quick look at it when I got my unit and said "you're nuts!" as to the pricing and what you're actually buying, and that was that.  Audible conveniently forget that nobody pays "list price" for a book anymore - they buy at Books-a-Million or online via Amazon, and get their books at 40-45% off cover.  Audible is trying to play to a monopoly market, but they're not even very good at that, since I can go into any Cracker Barrel and get a CD version of the same book from the "books on tape" folks for rent for a couple of weeks for less than what Audible wants - WAY less.

Let's also not forget that Audible is NOT Phat; they're a different company, and have other DRM-based players that you can run their stuff on.

Offline judb

  • Administrator
  • Veteran.
  • *****
  • Posts: 1329
  • ph4t l3wtz
Re: How to protect our precious Phatbox? Do we've
« Reply #11 on: June 06, 2005, 07:33:13 pm »
@Genisis... you are right on with that.. good points.  However I hope we dont have to go to court to find out. :)

Offline Genesis

  • Getting the hang of things.
  • **
  • Posts: 83
  • Bite Me
Re: How to protect our precious Phatbox? Do we've
« Reply #12 on: June 06, 2005, 08:30:34 pm »
I understand that, but here's the problem - stuffing the genie back in the bottle, or the toothpaste back in the tube, is impossible once its out.

And now, its out.

Witness the DVD "piracy" stuff.  And that was real piracy.  The sites that distributed the crack were shut down in the US, but do you think that really shut them down?  No.  You can still, right now, go on the net and download a piece of code that will rip a DVD, remove the CSS, and recode it to fit on a DVD-R.  That code may be illegal to distribute HERE, but its not illegal to distribute THERE (meaning outside the US), and its still available.

And this was a business (the MPAA) that had literally billions to spend on trying to stop it.  They failed.  They're STILL failing.  All they managed to actually stop were sales of a commercial product exploiting the hack.

This is an entirely different situation.  Even under the DCMA, the test of actual intent and available use must be answered.  A device or code is not illegal if it has legitimate uses which dwarf the potential illegitimate ones.  I know of nobody who's interested in stealing DRM-licensed material using this technique.

I know of a lot of people, here and elsewhere, who are interested in using it for the perfectly legal purpose of upgrading their hardware or replacing a blown disk drive.

Second, I know of nobody who is talking about selling DMS replacements. One of the collateral means of attack by a company is based on unfair competitive actions  (theft of trade secrets does not apply here, since to be liable for that you have to have been under an agreement to treat the material in confidence - none of us is.)  That mode of attack presumes commercial intent.  Again, I see nobody here talking about trying to sell replacement DMS cartridges.  I do see people wanting to enhance their own hardware.  No commerce, no means of attack there (ie: Sue me, but there are no damages.  Go ahead and win, get a $0 judgement!  Have a nice day and a huge lawyer bill sucker!)

Anyone can sue anyone in this nation.  However, to get content removed and people stopped prior to a trial you need an injunction, and to get THAT you need to show likelihood of success at trial, that the balance of harms favors you (that is, the harm to the person who is doing whatever is less than the harm to you if what's happening continues) AND that a money judgement later doesn't "fix" whatever is being broken by the alleged action.

Those are the basic elements.  They're not easy to prove; this is a VERY high bar, and with good reason.

In this case, I don't believe there is a case.  

Certainly not based around the DCMA, since there is no argument to be made that the intent and desire is to steal licensed music (or audible content.)  I don't own any content with DRM tags on it that can play on a Phatbox (DVDs, of which I own many, don't qualify, since the Phat is audio only.)  Certainly not around some claimed license, since nobody was ever presented with one; all that showed up in MY box was the hardware and a sales receipt.  We're not hacking their PC code (which could arguably have a "shink-wrap" license, and might even be enforceable); we're hacking the equipment, which is not sold subject to acceptance of any kind of terms at all.

Now what we MIGHT provoke is a change in the Phat's software to close that hole.  However, the existence of the CURRENT code is a given, along with PAST loads, so all this really does is either foreclose us from future releases or force us to reverse-engineer it once again.

BTW Phat's official forum is offline.....anyone know why?

Offline judb

  • Administrator
  • Veteran.
  • *****
  • Posts: 1329
  • ph4t l3wtz
Re: How to protect our precious Phatbox? Do we've
« Reply #13 on: June 06, 2005, 08:35:58 pm »
phats fourm AND the unix.phatnoise.com are down.  go figure. :)

so anyhow... I am not a lawyer so its hard to say for sure if your right but the logic is sound.

the only issue I see is how do we prove we are not after stealing audible content?  

The other major issue is the MPAA has oh lets say 6 billion possible people stealing their stuff.. phatnoise on the other hand has a pretty good idea who owns their gear and where they live since we all have bought drives or software or SOMETHING. :(

Offline para

  • Senior Member
  • Veteran.
  • *****
  • Posts: 181
Re: How to protect our precious Phatbox? Do we've
« Reply #14 on: June 06, 2005, 09:12:02 pm »
I absolutely agree with Genesis. Thanks for that, although none of us can take that (being save) for granted right now. But as it seems it was right to start a thread about this issue...

Para

Offline Genesis

  • Getting the hang of things.
  • **
  • Posts: 83
  • Bite Me
Re: How to protect our precious Phatbox? Do we've
« Reply #15 on: June 06, 2005, 09:14:39 pm »
Quote
phats fourm AND the unix.phatnoise.com are down.  go figure. :)

so anyhow... I am not a lawyer so its hard to say for sure if your right but the logic is sound.

the only issue I see is how do we prove we are not after stealing audible content?  

The other major issue is the MPAA has oh lets say 6 billion possible people stealing their stuff.. phatnoise on the other hand has a pretty good idea who owns their gear and where they live since we all have bought drives or software or SOMETHING. :(


Its not about us proving anything. Its about them proving that the intent is to steal DRM content.  Very, very difficult to do - I'd go so far as to say impossible in this case, since there's simply nothing available in terms of evidence to show that there's any interest whatsoever in doing that.

Indeed, the driving force behind this, from the first day, all of which is subject to discovery (off THEIR forums!) is the DMS compatability and cost issues.  NOT digital rights.

That's where the anti-SLAPP provisions come into play - filing a suit in bad faith can get you in a LOT of trouble in California.....

Offline spin

  • A few posts under my belt.
  • *
  • Posts: 23
Re: How to protect our precious Phatbox? Do we've
« Reply #16 on: June 06, 2005, 10:27:21 pm »
The unix.phatnoise.com page no redirects to www.phatnoise.com. Looks like one of our PN friends (/me waves to Ryan et al) decided to kill access to plsign. The plsign utility *IS* under EULA, but now that we have a signed shell script, its too late to do anything about it... Bastards all the same.

Offline bushing

  • Senior Member
  • Needs to get outside.
  • *****
  • Posts: 119
  • props to my peeps
DRM has nothing to do with drive signing
« Reply #17 on: June 06, 2005, 11:06:34 pm »
DRM has nothing whatsoever to do with drive signing.

I assume that Audible files are encrypted somehow, and that the program that plays them decrypts them based on the cpu ID.  The encryption is what maintains the DRM integrity, nothing else.

And even if I'm wrong about that ... then maybe they need to make sure we run signed binaries.  That requirement has nothing to do with the drive signing.

Think about it ... if you were to make a bit-by-bit copy of your drive onto a bigger drive, and put it in your phatbox, and magically, it worked ... you would have absolutely NO advantage as far as breaking into protected content, or playing unprotected content, or what-have-you.  

The only thing that the drive signing accomplishes is  forcing you to buy the drive from PhatNoise.

Put another way, there are 4 seperate places digital signatures are used, and we can choose to hack any combination of these:

* Drive signing
* Kernel signing
* Ramdisk signing
* Phatd / 51d / etc signing

If we were to patch the boot rom to only break the first, then we would have the above scenario, without changing the way any of the actual software ran one bit.

Ben