The impressive Black Sunday Hack

Posted on by
Reply

I read about the Black Sunday Hack for the first time on Coding Horror and has remained one of my all time favorite reads. Jeff Atwood has his own style of writing and rarely quotes articles the way they are unless the original article is impressive enough. He quoted the original Slashdot article entirely. Let me too do the same.

This article about the Black Sunday Hack, still remains to date as one of the most impressive hacks i have ever come to know. Here is the original Slashdot article:

“Allow me to give you some background.

“One of the original smart cards, entitled ‘H’ cards for Hughes, had design flaws which were discovered by the hacking community. These flaws enabled the extremely bright hacking community to reverse engineer their design, and to create smart card writers. The writers enabled the hackers to read and write to the smart card, and allowed them to change their subscription model to receive all the channels. Since the technology of satellite television is broadcast only, meaning you cannot send information TO the satellite, the system requires a phone line to communicate with DirecTV. The hackers could re-write their smart cards and receive all the channels, and unplug their phone lines leaving no way for DirecTV to track the abuse. DirecTV had built a mechanism into their system that allowed the updating of these smart cards through the satellite stream. Every receiver was designed to ‘apply’ these updates when it received them to the cards. DirecTV applied updates that looked for hacked cards, and then attempted to destroy the cards by writing updates that disabled them. The hacking community replied with yet another piece of hardware, an ‘unlooper,’ that repaired the damage. The hacker community then designed software that trojanized the card, and removed the capability of the receivers to update the card. DirecTV could only send updates to the cards, and then require the updates be present in order to receive video. Each month or so, DirecTV would send an update. 10 or 15 minutes later, the hacking community would update the software to work around the latest fixes. This was the status quo for almost two years. ‘H’ cards regularly sold on eBay for over $400.00. It was apparent that DirecTV had lost this battle, relegating DirecTV to hunting down Web sites that discussed their product and using their legal team to sue and intimidate them into submission.

“Four months ago, however, DirecTV began sending several updates at a time, breaking their pattern. While the hacking community was able to bypass these batches, they did not understand the reasoning behind them. Never before had DirecTV sent 4 and 5 updates at a time, yet alone send these batches every week. Many postulated they were simply trying to annoy the community into submission. The updates contained useless pieces of computer code that were then required to be present on the card in order to receive the transmission. The hacking community accommodated this in their software, applying these updates in their hacking software. Not until the final batch of updates were sent through the stream did the hacking community understand DirecTV. Like a final piece of a puzzle allowing the entire picture, the final updates made all the useless bits of computer code join into a dynamic program, existing on the card itself. This dynamic program changed the entire way the older technology worked. In a masterful, planned, and orchestrated manner, DirecTV had updated the old and ailing technology. The hacking community responded, but cautiously, understanding that this new ability for DirecTV to apply more advanced logic in the receiver was a dangerous new weapon. It was still possible to bypass the protections and receive the programming, but DirecTV had not pulled the trigger of this new weapon.

“Last Sunday night, at 8:30 pm est, DirecTV fired their new gun. One week before the Super Bowl, DirecTV launched a series of attacks against the hackers of their product. DirecTV sent programmatic code in the stream, using their new dynamic code ally, that hunted down hacked smart cards and destroyed them. The IRC DirecTV channels overflowed with thousands of people who had lost the ability to watch their stolen TV. The hacking community by and large lost not only their ability to watch TV, but the cards themselves were likely permanently destroyed. Some estimate that in one evening, 100,000 smart cards were destroyed, removing 98% of the hacking communities’ ability to steal their signal. To add a little pizzazz to the operation, DirecTV personally “signed” the anti-hacker attack. The first 8 computer bytes of all hacked cards were rewritten to read “GAME OVER”.  

The hacker Christopher Tarnovsky was the man behind the whole counter-attack. Also watch the impressive video.

0

Story of the Most Menacing Malware in History

Posted on by
Reply

I always believe that a true passionate hacker will go to the end of the world (or /dev/null ) just to understand why something is happening or to find a good explanation.

These engineers did exactly the same. They went beyond what they did everyday just to put a logical reason to something.

“…What the inspectors didn’t know was that the answer they were seeking was hidden all around them, buried in the disk space and memory of Natanz’s computers. Months earlier, in June 2009, someone had silently unleashed a sophisticated and destructive digital worm that had been slithering its way through computers in Iran with just one aim — to sabotage the country’s uranium enrichment program and prevent President Mahmoud Ahmadinejad from building a nuclear weapon…”

Read Wired article: How Digital Detectives Deciphered Stuxnet, the Most Menacing Malware in History

This is the most captivating article since the article about the Black Sunday Hack and the hacker, Christopher Tarnovsky, who was behind it. About that in my next post.

0

Samsung Galaxy S running Darky’s ROM

Posted on by
Reply

After Allajunaki decided not to leave my ass unless and until i flash my Galaxy S, i decided to give it a go.

Finally after almost 16hrs of nonstop flashing, reflashing, getting into reboot cycles and testing couple of ROMs, i settled with Darky’s ROM. Here are my phone running Darky’s ROM.

Here are the steps - [ODIN] Darky’s Resurrection Edition 10.1 (GT-I9000 ONLY for now)

Now waiting for my wife’s android phone to arrive… so that i can flash that too muhaha

0

We might have to explain these to our kids!

Gallery

Posted on by
vhs

This gallery contains 10 photos.

.. or might have to explain it to them that these things existed!     Got any more? Let me know… 0

0

What should be my Language?

Posted on by
Reply

I have never been an average user of computers. I wanted to program and the primary reason for that was to make the system do things the way i wanted it to. With time i realized that some programming languages fits your need better than others.

Gradually, we will all begin to prefer one language or a set of languages over the others. We all get into that comfort zone and start to call them our favorite programming language.

I realized that it largely depends on what you want to do with a language and how long one has been ‘stuck’ with it. It has nothing to do with speed or features. The interesting part about this is that, many of us have our favorites because we use it at work and the lucky few find a job that lets them use their existing skills.

These programming languages are just as similar to the spoken ones. With repeated use one gets proficient, there is grammar, there is a way to go about with it and yet the very basics of all of it remains the same. But there is a major difference. Learning programming languages with a similar abstraction level is easy. But if you want to be good in language that has an entirely different way to doing things, then be ready to lose some of your existing skills.

We can argue that a person can be good in multiple programming languages. Yes, i agree to that. But that’s why i mentioned about abstraction levels. I’m good at Perl and Python. I’m bad at C and Java. The first two are high level programming langues compared to C and Java. The level of abstraction provided by them is greater. I was good at C in college. But as soon as i picked up Perl and got comfortable at it, i went bad with C.

For me, typing mattered and that meant i was quite comfortable when i was able to do something in 5 lines against 15.

I must say that i have been lucky at my profession too. I’m into QA and that meant a lot of scripting. Basically a lot of Perl or Python. Even though i’m working for a company that builds majority of its products in Java, I really never had to possess any deep Java skills.

So, the question is -why is it so? Why? Why can’t one be really good in any programming language that one needs irrespective of the whether it’s a low level or high level?

I think the answer is the that it ‘spoils’ you! By letting you do anything you want to, it simply makes life easier. Hence we pick the languages that we want to for the things we want to do. Let’s look at it this way, you wouldn’t write a REST client in C and you wouldn’t want to do PIC programming in Python. Technically you can, but you got to be really crazy enough to do it.

Usage of strings are a better way to demonstrate this. Let me just give some examples as a closing note.

String Additon: “Hello” + “World” = “HelloWorld” being the logic

In C :

[c]
#include <stdio.h>
#include <string.h>
main() {
char str1[] = “Hello”;
char str2[] = “World”;
strcat(str1, str2);
printf(“%s\n”, str1);
return 0;
}[/c]

In Java:

[java]

class stringAddition {
public static void main(String[] args){
String str1 = “Hello”;
String str2 = “World”;
System.out.println(str1+str2);
}
}

[/java]

In Python:

[python]
#!/usr/bin/python
str1 = “Hello”
str2 = “World”
print(str1+str2)
[/python]

String Comparison: “hello” is the same as “hello”

In C :

[c]
#include <stdio.h>
#include <string.h>
main()
{
char str1[] = “hello”;
char str2[] = “hello”;
if(strcmp(str1, str2)==0){printf(“Strings Match\n”);}
else {printf(“Strings Don’t Match\n”);}
return 0;
}
[/c]

In Java:

[java]
class stringComparison {
public static void main(String[] args){
String str1 = “hello”;
String str2 = “hello”;
if(str1.equals(“hello”)){System.out.println(“Strings Match”);}
else {System.out.println(“Strings Don’t Match”);}
}
}

[/java]

In Python:

[python]
#!/usr/bin/python
str1 = “hello”
str2 = “hello”
if(str1==str2):
print(“Strings Match”)
else:
print(“Strings Don’t Match”)
[/python]

Let me know your thoughts…

0