How To: Export Video From Your Set-Top Box To Your Mac via

5 06 2007

This hack is so simple I am humbled to stupidity in its presence.

Follow the link to see the extremely brief and easy to follow tutorial with download links!!

HERE: How To: Export Video From Your Set-Top Box To Your Mac [via]

Enjoy, you macheads you!!

Breaking News: Viri and Exploit Database is Up and Running!!!

4 06 2007

For all those who haven’t been following the progress of, lets just say that its a repository for everything hacktastic that has ever or will ever exist on the net. For those who have been following leetupload, and signed up to be a member, the viri and exploit db is ready to plunder!!!

NOTE: If you haven’t signed up for membership and you feel all left out and benchwarmery inside, follow this link:

On to the good news!!

Here’s the email I got today (with a couple edits for my sake):

The database of Virii and Exploits is finally up! This is a proud day for

If the first time you load the database is slow, just give it some time. From thereafter, it should be smooth sailing.

In other news: As of yet, we currently have 503 members, so keep them coming!

To login, click here: And then select which database you prefer; “Exploits” or “Virii.”

I thank you, the community, for supporting, and hope that all of you enjoy the database.

Oh we will more than enjoy the new database, leetupload!! We will wallow in it like a gamer wallows in their newly opened Wii or someother such person or thing that enjoys wallowing in something kewl!!

Thanks leetupload!!

For those of you who haven’t signed up to be a member, I highly suggest you do so immediately. Sign up for both the DB and the Forums so you can feel all cool an shit!! CLICKY to sign up

On, “45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2”: *THE* HD Key To Rule Them All?

31 05 2007

So, this key, the one in the title, appears to be the key to rule all hd dvd keys.  Or is it?  It was actually posted may 23rd on Freedom To Tinker in a comment?!?!?  Yeah, you can use it as the key to decrypt alot of new HD discs but will it end  any need to work further on cracking AACS craptastic codes?  (Note this is the new HD key, not the one that was widely published and all fuxxored on d!gg.)

My only other source is this forum: DOOM9

Moving on, because this key was supposedly found one day after it was “put into action” by the powers that be, I’m gonna explore how the key was so rapidly extracted.

First, I’m gonna guess, just for shits and giggles.  Perhapse someone simply brute forced a prefab “wordlist” or 16 value hex number sets?  Since I refuse to go HD (either format) I have no way of really knowing if this is even plausible, cause I can’t test it out myself.  I also don’t have an XBOX 360 with the external HD-DVD drive handy to experiment with either.  So its fair to say that my first inclination is a pure shot in the dark… or is it? (see arnezami’s method of finding a Volume ID later on in the post)

Second, I’ll ask Google.  Well … so far its not an answer but it appears that someone bought this domain: …which is funny as hell cause there is no content, its just pure net real estate hilariousness.

But lets dig deeper, shall we?  Lets plug this hint “uv=00000047”, from the comment by BtCB, into Google. (pause for effect)

Okey dokey, now we are in business.  It would appear that a curios fellow who goes by the name arnezami over at DOOM9 FORUMS has some simple instructions on how to grab a Volume ID for HD-DVD.  And it follows:

Finding the Volume ID

How did I find the Volume ID?

There are essentially two ways (now). I used the USB sniffer (with the xbox 360 HD DVD) because I knew I didn’t have to bother with the (possibly obscured/wiped) memory of the software player.

  1. Download USB sniffer 1.8 then unzip and start it.
  2. Select the “USB Mass Storage Device” (I use the xbox 360 HD DVD drive) and click install.
  3. Unplug the HD DVD drive (the usb cable) and replug it again. It will be recognized by windows and the sniffer starts logging.
  4. Insert the Disc into the drive while the sniffer is.. well sniffing. Then start WinDVD and immediatly quit when the video (even the first black screen) starts. Then click ‘Close’ on the sniffer.
  5. You now have a huge log file (60+ MB or something). Open it in WinHex (pressing F7 for ascii only) and search for the ascii string (not hex search!) “00000000: 00 22 00 00” including the spaces (but excluding the quotes of course ).
  6. There was only one occurence of this in the whole file. So it has to be the Volume ID. Tata!

Btw: I used WinDVD but the above should also work for other players.

A different method (but less reliable I think) is to use WinDVD’s memdump.

  1. Open WinDVD’s memdump in WinHex
  2. Hex search (with WinHex) for 002200004000 or alternatively 0020202020200000. **
  3. There you will (usally) find the Volume ID. But I’m not sure this will always work. There may be more than one occurance. You can check if the last 16 bytes (of the 36 beginning with 0022) are random since that would have to be the MAC. If its not random you haven’t found it yet so you should go on searching until you do.


PS. Almost forgot: make sure you remove the last 16 bytes from the Volume ID log (which is the MAC) like I did in my first post. This is because in theory they might be able to track down your drive with that part… (you don’t want that). The Volume ID itself is for everybody the same (with the same movie) so that won’t reveal anything about yourself .

Seems like a plan, but if you look further you can just use these little apps posted in the same forums by a person named ape: and for Blu Ray use

But wait there’s more…

Well here is something to play with.


For me it works with WinDVD (which is the most sensitive I believe) and the Xbox 360 HD DVD. My sweet spot is a time value between 390 and 420. I usually set it at 410 which works perfectly (btw time is measured in nr of AGID retrieval attempts counted from the moment the player accesses the drive).

Just try it and play with it a bit.

Remember: this program does not use the private key. It just “watches” the drive carefully and then pretends to be the software player.

It works for HD DVD only atm.




PS. This is experimental programming. There could be bugs in it.

And that is all she wrote folks.  Yes this is the latest key to rule them all for AACS DRM craptakery and that was a little peek into how it was uncovered.  There should be HUGE applause for anrezami et all for all the hard work they did.  Just reading everything really gave me a pretty solid grasp of how AACS Encryption/DRM works.  Congrats to all the peeps at DOOM9 who worked very hard on getting all this info together.  All credit goes to them.

Of course SOMEBODY had to make some money off of all arnezami, BtCB and the rest of DOOM9’s hard work, and it looks like slysoft has borrowed arnezami and friends cracking methods to offer AnyDVD HD that will rip allmost any HD DVD or Blu Ray Disc without you having to do a damn thing.  I wonder if at least arnezami is getting a cut of the profits?  One lives in hope.

Anyhew none of this is native to linux but you can probably run most of it in WINE or convert the c++ aps to python.  Since AnyDVD doesn’t REALLY rip any HD disc then you might even consider just using the methods used by arnezami and the apps he and his friends over at DOOM9 created.

I made a little software pack for everyone so you don’t have to download everything seperately, except the slysoft app of course: HDandBDcrakingFiles.rar

Big Ups To All That Showed Big Hollywood That DRM is Useless.

Keep information free,


As it turns out you  don’t need to do a damn thing because according to

Follow the Jump to find arnezami’s sweet description of AACS encryption, if you want to understand everything that is…

Read the rest of this entry »

Tribler: The Next Gen Bittorant Client!!

21 05 2007

Tribler looks to be a next gen version of the traditional BitTorent client like Azureus only with a shitload of extras.

Here’s what Torrent Freak had to say about it:

The latest version of the “social” BitTorrent client Tribler integrates BitTorrent with YouTube while offering the best of both worlds: ease of use, browsing with thumbnails, HDTV quality, and Video on Demand support. The client uses an recommendation system to suggest what you might enjoy.

To give you an idea of just how “social” and “next gen” Tribler is, here’s a screen shot:

Tribler Screen Shot

With features like easy YouTube ripping, autochecking for files that other tribler users are hosting at that moment, and its Tivo like “I know what you like” feature, this could be a nice alternative for those of us who religiously use the spartan uTorrent for its massive speed advantage.  AND it has cool shiny buttons and stuff.

Oh, and the kewlest thing about it?  The first download option on their home screen is for LINUX!!!  Having finally made the switch, in its entirety, myself, this seems pretty damn cool.

So if you have a few hours to spare to riffle through all the files you can shake a stick at, and we know you do or you wouldn’t be here, give Tribler a try.  Guaranteed to kill at least a handful of boredom.

Die Bordom DIE!!!!

Released for Download: PWdump6v1.5 AND FGdump1.5 via Darknet

18 05 2007

pwdump6 1.5.0 as well as fgdump 1.5.0 Released for Download via Darknet

This is just a repost for my readers who may not follow Darknet:

Version 1.5.0 of both programs takes advantage of some changes which makes them less likely to be detected by antivirus, at least as of today. This will be particularly helpful to those of you dealing with recent, more aggressive AV solutions.

If you want the download links go to the source article at Darknet.

Tutorial: Wep Cracking At Its Best and Fastest Using Aircrack-PTW (Downloads)

17 05 2007

Source: The Register

A hanfull of hackers have the fastest attack on WEP that I’ve read of so far.

Here’s are the instructions via The Register:

 Step 1: Find the enemy (this is the test-network you created in your lab, to verify our results). You can use kismet or airodump to find it.

Step 2: Generate some traffic. To generate some traffic, use aireplay-ng in ARP injection mode. Aireplay will listen to the network until it has found an encrypted ARP packet. By reinjecting this packet again and again, you will generate a lot of traffic, and you will know that most of the traffic was ARP-traffic. For an ARP-Packet, you know the first 16 Bytes of the clertext and so the first 16 bytes of the cipherstream.

Step 3: Write this traffic to disk using airodump-ng or so. This will create a tcpdump-like capture file with the traffic.

Step 4: Launch our algorithm. You need the aircrack-ptw (by the way, aircrack-ptw has been integrated in the 0.9-dev version of aircrack-ng, which is currently in svn, but not released).

From a theoretical point of view, our algorithm is based on the following ideas. Andreas Klein, a German researcher, showed that there is a correlation in RC4 between Keybytes 1 to i-1, the keystream and the keybyte i. If the keybytes 1 to i-1 and the keystream are known, it is possible to guess the next unknown keybyte with a probability of about 1.36/256 which is a little bit higher than 1/256. We were able to show that it is also possible to guess the sum of keybytes i to i+k with a probability of more thatn 1.24/256.

In a WEP environment, the first three bytes of a packet key are always known and are called IV. Our tool tries to guess the sum of the next 1, 2, 3, … to 13 keybytes for every packet. If enough packets have been captured, the most guessed value for a sum is usually the right one. If not, the correct value is most times one of the most guessed ones.

Aircrack-ptw try to find the key, using this idea described above. If you have about 40,000 to 85,000 packets, your success probability is somewhere between 50 per cent and 95 per cent.

Sounds like fun!!

Big ups to The Register on the sweet article with the interview.  Please read the WHOLE article, the interview contains more information than the quick tutorial that I re-posted.  Reading the whole article will help you understand what this attack is really doing and how safe WEP really isn’t.

As for the attack itself, you can try to do it all in Windows using aircrack ported into cygwin.  However, I would suggest updating your BackTrack 2.0 disc or partition with the latest modules from the latest aircrack suite.

Happy Hacking!!

Line Rider Screen Saver!! (Download)

9 05 2007

The official line rider site, by inXile, has a free download of the Line Rider Screen Saver!!  Its a free download but you have to register to get it.

Here’s what inXile says about the download:

Freeload,…er, …Free Download

The Line Rider Theater screen saver is offered as a free incentive (i.e. bribe) for you to tell us a bit about yourself by registering as an Official Line Rider Fan. If you are indeed a fan, or if you’re unscrupulous enough to impersonate one just to get some free “swag”, then read the information below and then click on the “Register Now” button at the bottom. Wait! Don’t just jump to the button or you’ll miss the bit below about how to win a Free Line Rider T-Shirt!

Oooooh, free T-Shirt possibility.  Anyways, here’s the link to go straight to the download: The Line Rider Theater