Elbox have spoken

[seer]

all you have written is besides the point. elbox (or anyone else for that matter) is not the authority with legal right to mess with your HD. they can sue you if they know you hacked / pirated their stuff but thats all there is to it.

Just try to keep things a little fair. Looks like Elbox is the only bad party here. I'll never trust a anom. Hacker, even if what he said seems to be true for some part.

I do agree that such should never be in any driver or other OS stuff... Mind, I have yet to see from both sides any proof of what the code does or doesn't do. (The "hacker" -> Driver destroys RDB and data when something goes wrong; Elbox -> driver destroys unimportant bit of RDB no data is ever lost.)

[platon42]

> Yes, and as I said in an earlier post, I agree with your position and
> stance protecting your software and/or reputation. I don't blame you at all
> in that aspect. I probably would have done the same

Okay, thanks.

> I just don't agree with of obtaining the driver by piracy- that is
> illegal.

I admit, you've got a point there. But  the  archive  was  sent  in  by  an
meditator  user  on  my  request. I just looked at the archive contents and
that's it. No distribution, no other use. As I said, I wanted  to  be  sure
the CD contents were okay, as Elbox didn't send me a reference copy.

> As I said, how were the end-users to be aware that the driver you
> tested been hacked/cracked?

First, the driver was sent in months before the illegal  code  claims  were
made  first  (1.2).  Second,  why  should the same code be in two different
versions, moreover with the  hacker/cracker  needing  to  re-establish  the
encryption? But yes, I could not be 100% sure, but only 99,999%.

> I certainly understand you wouldn't want to reveal 'where' you got the
> driver, but it doesn't look good to the outsider.

See above.

> I just don't understand why you had to take that step. Why not just
> discontinue support for "usb.device" until Elbox answered up about the RDB
> code?

Okay, this is the mail I sent to Elbox in  the  night  from  12th  to  13th
November:

> Dear Elbox,
>
> after the 'rumors' on ANN.lu about your driver containing a  code  section,
> which  will  destroy  the  RDB  on  purpose,  I  was very worried. After no
> clarification was made by you until yet, I verified, if the code was really
> in  your  driver,  or if it was just a hoax (which I hoped for). A Mediator
> user sent me the contents of the Spider CD some weeks ago  and  I  let  the
> usb.device  1.2  decode  itself  and searched for the "RDSK" keyword in the
> decoded driver in memory (no disassembly was being done).
>
> To my terror, I could find the string, as well as the "SYS" string that was
> also mentionend in the disassembled code formerly posted on ANN.lu.
>
> I cannot tolerate that people risk the loss of data (i.e. by the code being
> triggered  by  accident,  which can happen at any time due to the Amiga not
> having memory protection) and this destruction being  done  on  purpose  by
> your  driver  (which  is  highly  illegal here in Germany and in most other
> countries aswell). Therefore, I ask you to immediately remove this kind  of
> code  of  the  usb.device  and  release  an update to the registered users.
> Posting a public apology to the users out there, who risked their  data  by
> using your code, is also demanded.
>
> Otherwise, to protect myself from being held liable for  potential  damages
> done,  resulting  in  the use of Poseidon together with your driver, I will
> have to protect the usb.device from  being  executed  in  the  next  update
> (which  will  be  available  right  away)  and  will  have  to withdraw the
> permission to include Poseidon on your software distributions. Moreover,  I
> will state in public that I also was able to find the malicious code in the
> driver, and I'm sure, that people will believe me.
>
> I ask you to  respond  to  this  mail  until  14.  November  2002,  12:00h,
> otherwise the things stated above will be initiated. It's your decision.

To this mail, Elbox responded on 14th November 11:48 with:

> You will find answers to all your doubts in our official statement:
> http://www.elbox.com/news_02_11_13a.html

... which was completly and utterly ignoring every word I wrote.  Moreover,
they denied the existance of the code.

You see, I actually had given them a fair chance to do the right thing, but
they decided to deny it.

> If there was/is a dispute with Elbox over having the driver,

Nope. I didn't ask them (unfortunately) for it.

> why didn't you refuse to allow the "usb.device" to work with Poseidon
> in the first place?

Was there a reason to do this before?

> I just don't see pirating the driver as a necessary
> step towards protecting users of Poseidon, that's all.

Now pirating implicates that I would have acquired a copy of the driver  to
actually  use it, (crack/hack it?) or distribute it to other users. Neither
of this is case. I just obtained a copy for reference purposes. I'd  rather
call it obtaining it through an inofficial channel.

[Elektro]

ikir: yeah i read it so?

seer: elbox is the only bad party here, they put that code into the driver and not hackers or pirates. even if it writes only one zero its still wrong.

[Tigger]

seer wrote:

I do agree that such should never be in any driver or other OS stuff... Mind, I have yet to see from both sides any proof of what the code does or doesn't do. (The "hacker" -> Driver destroys RDB and data when something goes wrong; Elbox -> driver destroys unimportant bit of RDB no data is ever lost.)

You overright the RDB on your boot drive, the computer doesnt boot, how on earth can this be thought of as doing something unimportant.
       -Tig

[seer]

@Tiger,

You overright the RDB on your boot drive, the computer doesnt boot, how on earth can this be thought of as doing something unimportant.

Read the statement from Elbox, the code doesn't do that (according to Elbox, sorry, can't test this for myself. I would have done that by now if I could. Plenty of HD's here to screw over if need be). Again from Elbox;

RDB FACTS

How does it relate to the cracked USB driver in question? The only result of activation of the anti-piracy safeguard in the cracked code is overwriting the first RDB sector of the booting hard disk. This first RDB sector, named RDSK, does not contain ANY user data. This sector does not contain ANY information about disk partitioning, either. What is stored in this sector is only information about the model and parameters of the hard disk and technical information available in another part of the RDB. When the RDSK sector content is overwritten, recovering is quite simple. No backup copies of this RDB sector are necessary. All the information to be included in the RDSK sector can be read from the hard disk with HDToolBox software, even if this sector is completely overwritten. The five minutes of work needed to restore the RDSK sector does not seem to be a heavy punishment for stealing and/or cracking software...

I allready commented about this part, so I'm not going to again.

However, like I said no proof from either, both questionable, side, only that said code exists in one form or another...

[Piru]

> However, like I said no proof

proof

Email the guy if you think the post is a fake.

[seer]

proof

Email the guy if you think the post is a fake.

I know that the code is there, still Chris doesn't say if the code destroyes the RDB or the "only" the RDSK part of the RDB. I doubt Chris is going to risk loosing his valuable data by trying it out, but he is the only creditable source so far to give some answers in this whole debate; there is RDB code inside the driver.

The proof I want; a creditable person stating that he tried to hack said driver and as a result lost all partions and data on his main HD, or that it doesn't do anything worse at all.

 So far, the only thing people showed is some code that does something to the RDB when an uncertain event does something. We don't even know for sure when the code is triggered at all. Send me a working Amiga and a mediator and I will risk one of my old drives for ya :-)..

[Tigger]

seer wrote:
@Tiger,

You overright the RDB on your boot drive, the computer doesnt boot, how on earth can this be thought of as doing something unimportant.

Read the statement from Elbox, the code doesn't do that

I'm sorry the code mangles the first block of the RDB, they admit it does that, their response is that it only takes 5 minutes with HDTOOLBOX for that info to be read from other places in the RDB and restore it.  Thats great except the drive wont boot without said block and if that drive is the boot one for your computer your computer wont boot without that block.   So when you computer doesnt boot because of this issue, are you going to see it as a problem or a non-problem???

RDB FACTS
....
the RDSK sector content is overwritten, recovering is quite simple. No backup copies of this RDB sector are necessary. All the information to be included in the RDSK sector can be read from the hard disk with HDToolBox software, even if this sector is completely overwritten. The five minutes of work needed to restore the RDSK sector does not seem to be a heavy punishment for stealing and/or cracking software...

See, read from Harddisk and restored with 5 minutes of work.  Thats great except 90+% of the amiga people arent going to realize that gee I could fix this with HDTOOLBOX and instead are going to lose their data when they reformat or throw away their drive.  They are also likely to replace their drive because its failed on them now.  Or are digging around in their floppies right now looking for a 3.1 install disk so they can boot up with hdtoolbox so they can fix a problem they wouldnt have with their drive if it wasnt for Elbox.  I'm sorry this is a trojan of the worst sort and is being sent ON PURPOSE to elbox's customers.
    -Tig

[seer]

@Tiger

How easy must it be to ommit or ignore this part This first RDB sector, named RDSK, does not contain ANY user data. This sector does not contain ANY information about disk partitioning, either. [/b]

The HD doesn't know about partitions, that's the vital info in the RDB, destroy that and only special tools, not HD-toolbox, can help you. Elbox clearly states this part of the RDB isn't affected.

What elbox describes, wether this is true or not, is that their codes overwrites a part of the RDB called RDSK  in which hardware info is stored, the number of cylinders, numbers of drive heads etc, non vital info to boot the drive. This can be easily restored with HD-toolbox, and AFAIK is not even needed to boot from the drive, or at worse see and use the drive when booting from the WB disk.

Formatting the drive is not going to restore the RDB. IF the RDB is destroyed, use a specialized tool to read the lost partitions on the drive or HD-toolbox to repartition the drive as you can't even format a drive if the vital part of the RDB is destroyed. (How can you format if you don't have partitions ?)

[platon42]

> I know that the code is there, still Chris doesn't say if the code
> destroyes the RDB or the "only" the RDSK part of the RDB.

It kills the four byte 'RDSK' ID of the RDSK block.

> I doubt Chris is going to risk loosing his valuable data by trying
> it out, but he is the only creditable source so far to give some
> answers in this whole debate; there is RDB code inside the driver.

I deleted the RDSK ID in the first block of my bootable USB ZIP drive (just
like  the  Elbox code would have done). On the next startup, it didn't boot
from it and no partitions were found.

I loaded up HDToolBox (OS3.1), it said "Unknown" at the ZIP drive line.
I called up "Change Drive Type", clicked on "Define New", "Read Configuration", then on "Ok"
I pressed "Save Changes to Drive". I did NOT call up "Partition Drive".

After this, the old partition data (PART  block)  had  been  erased.  Gone.
Finito. There was the default "IDH0" partition, but my former SFS partition
was gone. If I had more partitions on my ZIP, they would be gone aswell. In
case  I  could /remember/ the *exact* values for each partition, I might be
able to reconstruct the partitions without loss of data. But who has  these
numbers written down somewhere?

Anyway, a normal user without an disk monitor and  the  required  knowledge
has  to  reconstruct  *all*  the rigid disk blocks. HDToolBox (at least the
OS3.1 one -- that's the only one I've got here) does NOT help  at  all  (so
the things stated by Elbox in their press release is bullshit again).

> The proof I want; a creditable person stating that he tried to hack said
> driver and as a result lost all partions and data on his main HD, or that
> it doesn't do anything worse at all.

Is this enough for a proof? It effectivly kills all the partitioning  data,
inhibiting  the  user to boot again from his harddisk by killing the 'root'
of the amiga autobooting and partitioning system, the RDSK block.

A really advanced user with  lots  of  internal  knowledge  would  have  no
problems to fix the changes, but a novice/normal user? NO chance.

> So far, the only thing people showed is some code that  does  something  to
> the RDB when an uncertain event does something. We don't even know for sure
> when the code is triggered at all.

Read the whole thread on ann.lu. There are a few people who  have  actually
triggered  the  code  by a programm 'accidentially' overwriting one byte in
the driver.

[seer]

@platon42

ThanX, at least some proof.. About ANN, any "troll" can post there, on A.org this is a little more difficult as at least here only one can use a certain nick (Well most of the time.. Sometimes Bobson isn't Bobson  :-P )..

Still, I did do awfull stuff to the RDB just for "fun" but never had the problems you described when destroying only the drivetype info that "should" reside in the RDSK.. Then again, I only did that on FFS drives, never did it when I got SFS or on a ZIP disk and hardly used HD-toolbox for the "advanced" stuff . Is it possible there are some diffrences on a ZIP RDB ? (Willing to risk your real IDE HD :-D;-))

Strange that your SFS partition was bey bey.. I know the filesystem is written to the RDB, but I thought it wasn't anywhere "near" the RDSK ?

Is this enough for a proof?

Would be better if you had a higher post count
  ;-)  or if it came from Redrumloa, Kronos or Coder, but your post does give some good details to give sme credit. You know, it's not like the average "I did it" or "my source told me" type of posting without any backing of facts.

Read the whole thread on ann.lu. There are a few people who have actually
triggered the code by a programm 'accidentially' overwriting one byte in
the driver.

Like I said, ANN poster could be anyone. If I saw a post there from say Red, I take it with a grain of salt. If I see it here, I know almost 100% for sure it's Red.

Offcourse I could still say; you didn't use the driver and some hacking, just some self editing of the RDB but I'll let this pass by  :-D

[Temal]

I can assure you that I havn´t had a SINGLE problem with my
Amiga and I have both the PowerFlyer and one of the
"first-batch" Mediator A1200. I´m more worried about
running an old scene-demo than using Elbox stuff.

Not that I think they did the right thing, but seriously,
somewhere I can see why they did this. Too many companies
has gone down because they´ve been ripped off, and if
Elbox writes drivers that others will use with other PCI-
solutions and/or other PCI-cards than intended, Elbox would
not earn any money they invested in developing the driver.

I don´t always agree with what they do, but I have alot of
confidence when it comes to their hardware and software, and
I´m happy when I find something I can buy that they have
produced.

Roll on, SharkPPC+

[redrumloa]

Would be better if you had a higher post count

Umm..actually that is Chris Hodges who wrote the Poseidon stack which the Spider uses....

[redrumloa]

Like I said, ANN poster could be anyone. If I saw a post there from say Red, I take it with a grain of salt. If I see it here, I know almost 100% for sure it's Red.

LOL I see my name mentioned alot in your post, I am sooo flattered:-D

[seer]

Umm..actually that is Chris Hodges who wrote the Poseidon stack which the Spider uses....

Well... Yes, it does say so in the signature, but with "only 7" post it's a little hard to give him that real credit. I do take his word that this is the real Chris Hodges (Edit:Tho I could email him offcourse, just noticed the Email addy), and if you are backing his / this post as comming from Chris then I'll take you're word for it. You have proven yourself as a reliable poster.

Anyway, that maybe one of the biggest problem of the Internet. Anybody can claim to be or know anybody, and it's hard to proof it either way. That's why I asked all the question about this in the first place anyway. No real proof from a reliable source (untill now hopefully)..

[seer]

LOL I see my name mentioned alot in your post, I am sooo flattered

You're welcome. But with close to 2500 posts, I think we can safely say you are one of the better known A-Orgers here...