Elbox have spoken

[platon42]

> Well, it's hard to really judge evils based on where your perspective is
> on this issue, but Chris Hodges (Poseidon author) illegally obtained Elbox
> drivers

I do think that I've got the  right  to  obtain  a  copy  of  the  material
distributed  (which  also  contains  /my/  stuff, therefore legally being a
co-copyright holder) to see, if Elbox conformed to my proposed distribution
terms (to which they actually didn't right to the detail, but who cares).

> and championed the campaign against Elbox in public forums.

Did you read my posting? The driver was a  trojan.  This  is  illegal.  The
driver  is  used together with my software (and currently only my software,
as there is no other usb stack which is compatible with the hardware driver
system  so  far) I have to take care of the legal status and users possibly
being harmed.

> While I
> fully understand those who LEGALLY owned Mediator drivers and verified the
> RDB problem themselves, the fact is that I think Mr. Hodge's behaviour was
> rather unwarranted.

You're free to have your opinion and I that's okay. I just don't think that
my behaviour was not appropriate.

[platon42]

> Yes, and as I said in an earlier post, I agree with your position and
> stance protecting your software and/or reputation. I don't blame you at all
> in that aspect. I probably would have done the same

Okay, thanks.

> I just don't agree with of obtaining the driver by piracy- that is
> illegal.

I admit, you've got a point there. But  the  archive  was  sent  in  by  an
meditator  user  on  my  request. I just looked at the archive contents and
that's it. No distribution, no other use. As I said, I wanted  to  be  sure
the CD contents were okay, as Elbox didn't send me a reference copy.

> As I said, how were the end-users to be aware that the driver you
> tested been hacked/cracked?

First, the driver was sent in months before the illegal  code  claims  were
made  first  (1.2).  Second,  why  should the same code be in two different
versions, moreover with the  hacker/cracker  needing  to  re-establish  the
encryption? But yes, I could not be 100% sure, but only 99,999%.

> I certainly understand you wouldn't want to reveal 'where' you got the
> driver, but it doesn't look good to the outsider.

See above.

> I just don't understand why you had to take that step. Why not just
> discontinue support for "usb.device" until Elbox answered up about the RDB
> code?

Okay, this is the mail I sent to Elbox in  the  night  from  12th  to  13th
November:

> Dear Elbox,
>
> after the 'rumors' on ANN.lu about your driver containing a  code  section,
> which  will  destroy  the  RDB  on  purpose,  I  was very worried. After no
> clarification was made by you until yet, I verified, if the code was really
> in  your  driver,  or if it was just a hoax (which I hoped for). A Mediator
> user sent me the contents of the Spider CD some weeks ago  and  I  let  the
> usb.device  1.2  decode  itself  and searched for the "RDSK" keyword in the
> decoded driver in memory (no disassembly was being done).
>
> To my terror, I could find the string, as well as the "SYS" string that was
> also mentionend in the disassembled code formerly posted on ANN.lu.
>
> I cannot tolerate that people risk the loss of data (i.e. by the code being
> triggered  by  accident,  which can happen at any time due to the Amiga not
> having memory protection) and this destruction being  done  on  purpose  by
> your  driver  (which  is  highly  illegal here in Germany and in most other
> countries aswell). Therefore, I ask you to immediately remove this kind  of
> code  of  the  usb.device  and  release  an update to the registered users.
> Posting a public apology to the users out there, who risked their  data  by
> using your code, is also demanded.
>
> Otherwise, to protect myself from being held liable for  potential  damages
> done,  resulting  in  the use of Poseidon together with your driver, I will
> have to protect the usb.device from  being  executed  in  the  next  update
> (which  will  be  available  right  away)  and  will  have  to withdraw the
> permission to include Poseidon on your software distributions. Moreover,  I
> will state in public that I also was able to find the malicious code in the
> driver, and I'm sure, that people will believe me.
>
> I ask you to  respond  to  this  mail  until  14.  November  2002,  12:00h,
> otherwise the things stated above will be initiated. It's your decision.

To this mail, Elbox responded on 14th November 11:48 with:

> You will find answers to all your doubts in our official statement:
> http://www.elbox.com/news_02_11_13a.html

... which was completly and utterly ignoring every word I wrote.  Moreover,
they denied the existance of the code.

You see, I actually had given them a fair chance to do the right thing, but
they decided to deny it.

> If there was/is a dispute with Elbox over having the driver,

Nope. I didn't ask them (unfortunately) for it.

> why didn't you refuse to allow the "usb.device" to work with Poseidon
> in the first place?

Was there a reason to do this before?

> I just don't see pirating the driver as a necessary
> step towards protecting users of Poseidon, that's all.

Now pirating implicates that I would have acquired a copy of the driver  to
actually  use it, (crack/hack it?) or distribute it to other users. Neither
of this is case. I just obtained a copy for reference purposes. I'd  rather
call it obtaining it through an inofficial channel.

[platon42]

> I know that the code is there, still Chris doesn't say if the code
> destroyes the RDB or the "only" the RDSK part of the RDB.

It kills the four byte 'RDSK' ID of the RDSK block.

> I doubt Chris is going to risk loosing his valuable data by trying
> it out, but he is the only creditable source so far to give some
> answers in this whole debate; there is RDB code inside the driver.

I deleted the RDSK ID in the first block of my bootable USB ZIP drive (just
like  the  Elbox code would have done). On the next startup, it didn't boot
from it and no partitions were found.

I loaded up HDToolBox (OS3.1), it said "Unknown" at the ZIP drive line.
I called up "Change Drive Type", clicked on "Define New", "Read Configuration", then on "Ok"
I pressed "Save Changes to Drive". I did NOT call up "Partition Drive".

After this, the old partition data (PART  block)  had  been  erased.  Gone.
Finito. There was the default "IDH0" partition, but my former SFS partition
was gone. If I had more partitions on my ZIP, they would be gone aswell. In
case  I  could /remember/ the *exact* values for each partition, I might be
able to reconstruct the partitions without loss of data. But who has  these
numbers written down somewhere?

Anyway, a normal user without an disk monitor and  the  required  knowledge
has  to  reconstruct  *all*  the rigid disk blocks. HDToolBox (at least the
OS3.1 one -- that's the only one I've got here) does NOT help  at  all  (so
the things stated by Elbox in their press release is bullshit again).

> The proof I want; a creditable person stating that he tried to hack said
> driver and as a result lost all partions and data on his main HD, or that
> it doesn't do anything worse at all.

Is this enough for a proof? It effectivly kills all the partitioning  data,
inhibiting  the  user to boot again from his harddisk by killing the 'root'
of the amiga autobooting and partitioning system, the RDSK block.

A really advanced user with  lots  of  internal  knowledge  would  have  no
problems to fix the changes, but a novice/normal user? NO chance.

> So far, the only thing people showed is some code that  does  something  to
> the RDB when an uncertain event does something. We don't even know for sure
> when the code is triggered at all.

Read the whole thread on ann.lu. There are a few people who  have  actually
triggered  the  code  by a programm 'accidentially' overwriting one byte in
the driver.

[platon42]

@seer:
>ThanX, at least some proof..

Sigh. You rather believe Elbox with their "facts", which again obviously are *wrong* again.

>About ANN, any "troll" can post there,

Sigh. If you are that sceptic, why don't you are this with the statements of Elbox aswell, instead of repeatedly posting their statements as dogmatic truth?

>Still, I did do awfull stuff to the RDB just for "fun"

How did you do this? With a disk monitor? Or with
HDToolbox? With the latter, changing the RDSK geometry information does not harm the partitioning data.

>but never had the problems you described when destroying only the drivetype info that "should" reside in the RDSK.

How did you "destroy only the drivetype info"?

>Is it possible there are some diffrences on a ZIP RDB ? (Willing to risk your real IDE HD )

No, there is NO difference.

>Strange that your SFS partition was bey bey.. I know the filesystem is written to the RDB, but I thought it wasn't anywhere "near" the RDSK ?

The PART-blocks, which hold the information about where partitions start and all the filesystem parameters, is stored directly after the RDSK.

>>Is this enough for a proof?
>Would be better if you had a higher post count

Now, excuse me, that's stupid. You really think that if this account was faked, the "real" Chris Hodges wouldn't immediately cry out and tell Wayne that there's a fake account of him? Argh.

>Offcourse I could still say; you didn't use the driver and some hacking, just some self editing of the RDB but I'll let this pass by

I really cannot help you then. I'll give it up. Believe whatever is easier for you to believe.

[platon42]

@seer

> Like I said, neither party suplied any proof that what they said was
> true, that means that neither the original poster nor Elbox gave any proof.

Well, Qwe released a tool to decode the driver and see for yourself.

>> Now, excuse me, that's stupid. You really think that if this account was faked, the "real" Chris Hodges wouldn't immediately cry out and tell Wayne that there's a fake account of him?
>
>It's not that. AFAIK, I never spoken with you before, so I don't know you. If you had more posts (and if I read them offcourse) I could make a judgement on wheter I would just take your word for it or not.

Normally, I don't take much part in these news forums -- most of it is a lot of time wasted.

> People like Coder, Redrumloa Kronos have a somewhat high post count and everybody here knows them and in a way how they think about certain thinks.

Sure. I do post to amiga-news.de or ann.lu a bit more often than on amiga.org.

>> I really cannot help you then. I'll give it up. Believe whatever is easier for you to believe.
>
> It wasn't meant as an offensive.

Neither from me. I didn't feel offended, rather just... well, like talking
to a wall that's always in doubt. I feel a bit exhausted, you see. Like all
this discussion leading nowhere (because we both have our opions and won't
let us persuade or deceive ourselfs -- which is actually a GoodThing(TM) ).

> But to conclude. If you say the RDB is thrashed after the Elbox code is triggered then I'll take your word for it. Enough typed about this I think.

I hope so. Going on much too long now

> On a different but not OT note; are you giving Elbox the rights back to
> distribute your software now they claim the offensive code is taken out ?

usb.device version with the offending code removed will remain working, but
no, distibution rights will not be regained by denying having done
something wrong and illegal and not apologizing, or offending me and
calling me a cracker or pirate. You see, I do not trust Elbox anymore and
co-operation has to be based on trust first.