Folks,

The new TCD540 and R10 "series 2.5" boxes have been out for over
six months and the only way to enable hacking is a hardware
change. For myself, I am willing to do all kinds of software
changes from instructions. But I don't have the skills to
replace a surface mount prom, and it seems risky to ship off my
motherboard and $50 to somebody to do it for me. The brand new
TCD540 I just bought to play with is now a doorstop. Granted,
with "enough" research here I could have avoided the buying
mistake and bought a used series 2 box instead.

I bet many of the people in this community are in the same boat:
unable to make use of the newest hardware and tivo software
releases. Being "stuck" on the previous generation hardware
doesn't seem like a good long term solution; as their boxes die,
software people will leave the community.

Poll: what percentage of people here are willing to do hardware
changes to get started?

If the percentage is low, tivo hacking seems to have a dismal
future.

Would a bounty for a series 2.5 software change help?

Would a bounty for a series 2.5 software change help?If there is a chain-of-trust loophole for the series 2.5 machines, I doubt that anyone will be willing to release a hack that exploits it until the loophole has already been closed in new hardware. Once the loophole is known, it's closed pretty quickly. As long as it is relatively unknown, it stays open.

I haven't been here for long enough to know the timeline, but I believe
the series 2 initially required a hardware change, and then a software
change was found, and that software change remained current until
the series 2.5 was released. It seems to me that the hardware to
software transition period for series 2 was shorter than 6 months, and
the useful software period for series 2 was at least two years. That
kind of ratio seems much less dismal.

I haven't been here for long enough to know the timeline, ...Look at the timing of the release of killhdinitrd and the availability of Series 2.5 units.

If there is a chain-of-trust loophole for the series 2.5 machines, I doubt that anyone will be willing to release a hack that exploits it until the loophole has already been closed in new hardware. Once the loophole is known, it's closed pretty quickly. As long as it is relatively unknown, it stays open.But isn't that how it is with everything? Hardware modification to me doesn't faze me... If that's what has to be done so be it.

bustedlx wrote:

> Hardware modification to me doesn't faze me

OK, one vote for software only changes (me), one vote for hardware (you).
I think as this thread collects more votes, it will be clear that the majority of
the community will die off without software only changes for the new boxes.

7.1 wrote:

> Look at the timing of the release of killhdinitrd and the availability of
> Series 2.5 units.

I don't think killhdinitrd was the first software only change for series 2.
Easier than monte, yes, but not the first.

I don't think killhdinitrd was the first software only change for series 2.
Easier than monte, yes, but not the first.
True, as the name says...it was born of the need to find a software hack for the HD units. Just happened that it also worked on S2s.

ew

bustedlx wrote:

> Hardware modification to me doesn't faze me

I wrote:

> OK, one vote for software only changes (me), one vote for hardware (you).

I should clarify. I'm not concerned about replacing or upgrading
disk drives. Anybody with a screwdriver can do that.

The hardware-only change I mean is unsoldering a chip from the
tivo motherboard and replacing it in order to be able to add
custom software. To add custom software to a series 2, all you
have to do is replace some files on the tivo disk, which to me
is a software-only change.

If you have added custom software to your tivo, would you have done
it if you were required to unsolder and replace a chip first?

I wrote:

> I don't think killhdinitrd was the first software only change for series 2.
> Easier than monte, yes, but not the first.

eastwind wrote:

> True, as the name says...it was born of the need to find a software hack
> for the HD units. Just happened that it also worked on S2s.

Thanks. Can you help fill in the timeline? When was S2 released? When
was the first software only hack for S2?

The new 7.1 software was rushed out to market (in general terms) as is evident by several minor point releases. The new code loads up lots of new stuff, like a web server.

So what do you think are the chances that somewhere in all that new code is a hole that will give you control over the box? I'm betting its there just like all the buffer exploites that you see in other code.

Will that break the chain of trust, no but it may let you have control of the box at a later state and still allow you to do somethings that you can't do with a stock Tivo.

Just my thoughts

Thanks. Can you help fill in the timeline? When was S2 released? When was the first software only hack for S2?Here's a very rough timeline I've pieced together.
Feb 2002 Series 2 release link (http://www.dealdatabase.com/forum/showthread.php?t=7525&highlight=Series2).

Oct 2002 First BASH_ENV mention? link (http://archive.tivocommunity.com/tivo-vb/showthread.php?postid=744410&highlight=BASHENV#post744410)."Also, now that I've posted this, I fully expect it to be patched in next software release, as would I with any security exploit based hack. So do not stop trying to find alternate ways to do this, cause otherwise whatever hacks you install will stop working next software version."
Jan 2003 "TiVoGuardTM" link (http://www.dealdatabase.com/forum/showthread.php?t=20932&highlight=Series2).
I believe TiVoGuardTM was part of the 4.x software release, which also closes the BASH_ENV exploit (though you could still use it with older software versions)
May 2003 Monte released. link (http://alt.org/forum/index.php?t=msg&th=74&start=0&rid=0&S=c1172d9a7457936e6ef79d0f6e26cdba).
April 2004 HD TiVo release link (http://www.dealdatabase.com/forum/attachment.php?attachmentid=3252). Closes previous software exploits.

August 2004 killhdinitrd released.
August 2004 Series 2.5 released. Closes previous software exploits.
I don't know if this makes my case or not, but it does seem clear that TiVo is more serious about security than it was in the early days, and hackers expect exploits to be closed once they are revealed. What is the motivation to release something, if by releasing it you render it useless?

I do not mind having to use my solder station in order to reach my goal. That makes the hobby more intresting. I do this because it gives me something to do and gives me great satisfaction when done right.

Ultimately if the only way to reach the desired goal will require a hardware modification then lots of people who have neither the skill or confidence to do such a mod will bother doing it. So security updates will be less frequent.

The reason securtiy updates are made are to keep EVERYONE from doing something. If they make it so hard that only a small percentage will bother then from a company stand point it could be considered an acceptable loss.

So basically Tivo hacking will not go away... but maybe large EASY public hacks will... hackers will always hack... it's what they do, It's the satisfaction of knowing what you accomplished.

7.1 wrote:

> Here's a very rough timeline I've pieced together.
> * Feb 2002 Series 2 release link.
> * Oct 2002 First BASH_ENV mention? link.
> * Jan 2003 "TiVoGuardTM" link.
> * May 2003 Monte released. link.
> * April 2004 HD TiVo release link. Closes previous software exploits.
> * August 2004 Series 2.5 released. Closes previous software exploits.

Thanks for the research. My interpretation of those dates is 8
months from release to software exploit, which remained viable
for 1 yr 10 months. Since the hardware did not change, TivoGuard
and HD Tivo did not change the playing field the way the series
2.5 release did.

> What is the motivation to release something, if by releasing it you
> render it useless?

Well, BASH_ENV, monte and killhdinitrd were all released here. Of course
it is possible that a series 2.5 software exploit exists somewhere, but if
there is any site more up-to-date than this one, I'd like to know.
(Really. I would like to know :-)

I still believe that the number of hackers willing to make a hardware
change is much smaller than the current community size. So the
trend is downwards without a software exploit.

The only issue for me, really, is re-programming the PROM, as I don't have a programmer, nor can justifty the expense, nor want to potentially sacrifice a motherboard using it as an EPROM reader/writer.

The new TCD540 and R10 "series 2.5" boxes have been out for over six months

Closer to a year for the "540" series.

For myself, I am willing to do all kinds of software changes from instructions.

A situation in which fewer people might come here to take and use what is freely offered, without creating anything of their own, is hardly a "dismal future." The PROM socketing option remains open to anybody with $50 in their wallet.

What would be a real problem is if development slowed down because of the security on the new boxes. But if you wanted to gauge this, you'd have to exclude most people from your poll.

Poll: what percentage of people here are willing to do hardware changes to get started?

Why didn't you attach a real poll to this thread?

BTW: this isn't a newsgroup or a mailing list. Don't break your lines by hand, and use [quote] to quote.

A situation in which fewer people might come here to take and use what is freely offered, without creating anything of their own, is hardly a "dismal future."

I don't think it is quite fair to assume I will not contribute anything of my own. I have started one thread about a new idea I wanted to pursue, and I have several other ideas.

The PROM socketing option remains open to anybody with $50 in their wallet.

I have $50. But I am a little concerned about shipping my motherboard to a relative stranger. And with a software approach, I have more confidence that I will be able to do future upgrades myself instead of having to send off the motherboard again.

What would be a real problem is if development slowed down because of the security on the new boxes. But if you wanted to gauge this, you'd have to exclude most people from your poll.

True. Based on your experience, are all the contributing developers capable of socketing their own proms? Stated another way, is socketing a prom a requirement to be a contributing developer?

I don't think it is quite fair to assume I will not contribute anything of my own. I have started one thread about a new idea I wanted to pursue, and I have several other ideas.

My assumption is that most people who are interested in "[doing] all kinds of software changes from instructions" will produce little or nothing original. Whether or not you prove to be an exception will not determine the fate of the community.

I have $50. But I am a little concerned about shipping my motherboard to a relative stranger. And with a software approach, I have more confidence that I will be able to do future upgrades myself instead of having to send off the motherboard again.

Under what circumstances would you need to modify the board more than once?

True. Based on your experience, are all the contributing developers capable of socketing their own proms? Stated another way, is socketing a prom a requirement to be a contributing developer?

Yes, everybody I know (developers included) is capable of either modifying it themselves, or of putting it in a box and sending it to somebody qualified, or of developing their own software exploit.

If you've got a hang-up about option #2 for whatever reason, it's probably time to explore option #1 or option #3.

Under what circumstances would you need to modify the board more than once?

Hardware failure of this board, or buying a new machine in the future, would require a new board and another $50. It also seems possible (to me :-) that a tivo software upgrade on my existing unit might obsolete the prom exploit.

Yes, everybody I know (developers included) is capable of either modifying it themselves, or of putting it in a box and sending it to somebody qualified, or of developing their own software exploit.

That is self-evident, since anybody is capable of #2. And since the series 2.5 software exploit has eluded the experts here so far, #3 seems unlikely. I hardly feel that concern about sending my motherboard to a relative stranger is a "hangup", but I guess that is the option I will explore.

Slightly off-topic: how can I quote a quote? In newsgroups and mailing lists, I can use "> >" and ">" to provide slightly more context to my reply. Is there a way to do that with this forum software? If there are several conversations in one thread, it can be difficult to scroll through the posts to find all the context.

Hardware failure of this board, or buying a new machine in the future, would require a new board and another $50. It also seems possible (to me :-) that a tivo software upgrade on my existing unit might obsolete the prom exploit.

That is self-evident, since anybody is capable of #2. And since the series 2.5 software exploit has eluded the experts here so far, #3 seems unlikely. I hardly feel that concern about sending my motherboard to a relative stranger is a "hangup", but I guess that is the option I will explore.

Slightly off-topic: how can I quote a quote? In newsgroups and mailing lists, I can use "> >" and ">" to provide slightly more context to my reply. Is there a way to do that with this forum software? If there are several conversations in one thread, it can be difficult to scroll through the posts to find all the context.
Just because the series 2.5 software exploit hasn't been posted, don't assume that it hasn't been found. Once it gets posted and too many people are taking advantage of it, that door would close as well.

ew

Hardware failure of this board, or buying a new machine in the future, would require a new board and another $50. It also seems possible (to me :-) that a tivo software upgrade on my existing unit might obsolete the prom exploit.
Assuming the modder knows their stuff, you won't get a dead board back. Anyhow, there is little to no circumstances where you would send off an already modded board. And if further down the road the PROM exploit is cured, and the prom thes re-programmed, you simply send off the PROM chip, not the entire system.

Slightly off-topic: how can I quote a quote? In newsgroups and mailing lists, I can use "> >" and ">" to provide slightly more context to my reply. Is there a way to do that with this forum software? If there are several conversations in one thread, it can be difficult to scroll through the posts to find all the context.

You begin Quoted text with Left Square BracketquoteRight square Bracket
You end it with the same, but with a forward slash / between the left bracket anf first letter of the command.

It also seems possible (to me :-) that a tivo software upgrade on my existing unit might obsolete the prom exploit.

At that point you will already have control of the box, so you would be able to defeat the countermeasure through software.

Regardless, once you have a socket installed, you can switch to an in-circuit flashable device like the SST39VF010 and modify the image whenever you want.

And since the series 2.5 software exploit has eluded the experts here so far, #3 seems unlikely.
Where did you read that a software exploit for the Series 2.5 has eluded the experts on this board? In fact, there seems to be an allusion to the fact that if it does exist, it won't be made public until after the hole is closed, if it does exist at all.

Just because the series 2.5 software exploit hasn't been posted, don't assume that it hasn't been found. Once it gets posted and too many people are taking advantage of it, that door would close as well.


Where did you read that a software exploit for the Series 2.5 has eluded the experts on this board? In fact, there seems to be an allusion to the fact that if it does exist, it won't be made public until after the hole is closed, if it does exist at all.

It has been pointed out that killhdinitrd was released within a few days of the announcement of series 2.5. That may or may not be a coincidence. However, BASH_ENV and monte were announced here more than a year before their doors were closed by the release of series 2.5. What is different now?

It has been pointed out that killhdinitrd was released within a few days of the announcement of series 2.5. That may or may not be a coincidence. However, BASH_ENV and monte were announced here more than a year before their doors were closed by the release of series 2.5. What is different now?

People have become wary of teaching TiVo how to lock us out.

People have become wary of teaching TiVo how to lock us out.

If locking folks out of the box was their overall intent then could they not ship down a piece of code that does a simple checksum on the PROM image and if its wrong then they could shutdown the box ... Not that I am trying to give them any ideas.

If locking folks out of the box was their overall intent then could they not ship down a piece of code that does a simple checksum on the PROM image and if its wrong then they could shutdown the box ... Not that I am trying to give them any ideas.I'm not familiar with the extent of their capabilities but other companies in the past have been known to do that. The problem with that though is often times there is colateral damage and often cause more problems then they care to deal with such as increased call volumes at their call centers which costs companies lots of money in toll free number fees as well as employee payroll.

If they do have that ability it would be left as a last resort... meaning everyone and their mother is tring to cut into their profit margin in the wrong manor.

I hope directv and tivo see this as just don't try to steal service and hack all you want. Of course you have a few bone-heads out there who probably is screwing it up for all of us..

I really dont get threads like this...they really are pointless. Are software exploits great? yeah, its nice that we dont have to risk hardware so much. however, the bottom line is that tivo hacking is not for everyone. I am sure there will be a lot of people thumping the accessability for all type thing reading this, but its a fact.

Whether you like the options or not, every available tivo has AN exploit that allows arbitrary code to be run. Many units have a software expoit, as has been discussed. To date, some do not. However, nobody should feel entitled to having a software exploit, regardless of what you bought. While you can feel bad for the little guy who doesnt have much money and bought the wrong unit...TS. Seriously, this is a hobby, and some investment of time, knowledge, and skill is involved. If you don't like the fact that unit X doesnt have a software exploit, dont buy it. If you dont like that unit Y doesnt support feature Z, dont buy it. Of course, if you figure out how to get that stuff working, by all means share that knowledge with people on this forum.

In the end, nobody cares that you just had triplets, you work three jobs, you only make $50 a month in a sweatshop, or whatever. Do the research and make an educated buying decision. If you screw up man (or woman) up to it, and deal with the end results. If you dont like the risk of hardware exploits...well, enjoy your stock tivo or come up with a software exploit and share it.

edit: if it weren't easy to get rid of a tivo, then my outlook would be different. however, while there is some overhead, there really isnt much reason why you can't sell it and buy a different one on ebay or something.

If you screw up man (or woman) up to it, and deal with the end results. If you dont like the risk of hardware exploits...well, enjoy your stock tivo or come up with a software exploit and share it.


I guess that's the end of the thread then. I should have read the TCD540 entry in the newbie mini-faq before buying. Only hardware hackers can play anymore. Hopefully somebody will reply to my posting to buy the prom hack.

Folks,
But I don't have the skills to
replace a surface mount prom, and it seems risky to ship off my
motherboard and $50 to somebody to do it for me.

You might try this stuff. I got a sample sent to me but have not tried it yet. Looks interesting and a whole lot cheaper than a professional soldering station.

ChipQuick (http://chipquik.com/)

FWIW, I just noticed that fry's electronics now sells the chipquik stuff.

I don't know if I would call this thread "dismal future for TiVo hackin" It's more like "The Death of TiVo Hacking".

TiVo is in it's last days. We will finally be able to replace this antiquated TiVo box that requires a monthly fee with a more state of the art Media Center PC that is capable of so much more (Music, Movies, Pictures, Recording TV, wireless networking etc...) right out of the box with no montly fee, and will fit right in with your audio components.

Here is an example of the future;

http://www.tigerdirect.com/applications/SearchTools/item-details.asp?EdpNo=1227541&CatId=1344

Yes the price is high but we all know that will change over the next 12 months.

But my greatest joy will be demise of the DealDatabase Forum with so many holier than thou members who feel they are better than everyone else. I have been on here for a couple of years (under a different ID) and have been royally treated like SH*T and I have witnessed others get the same treatment. It's sad because it could have been a great forum but it never had a chance especially with the likes of JJPISS as the Boss Hog of all of the GODS in this forum.

So get ready for the end little boys because the future is upon us. Enjoy the final days in the KINGDOM known as DealDatabase.

The truth has been spoken..... CAN YOU HANDLE THE TRUTH?

But my greatest joy will be demise of the DealDatabase Forum with so many holier than thou members who feel they are better than everyone else. I have been on here for a couple of years (under a different ID) and have been royally treated like SH*T and I have witnessed others get the same treatment. It's sad because it could have been a great forum but it never had a chance especially with the likes of JJPISS as the Boss Hog of all of the GODS in this forum.

So get ready for the end little boys because the future is upon us. Enjoy the final days in the KINGDOM known as DealDatabase.

The truth has been spoken..... CAN YOU HANDLE THE TRUTH?
OK, let's see:

You're banned (bet you're not shocked) for the following reason:

- Multiple Accounts (thanks for letting me know)

You will be missed, I'm sure you would have been an asset. :rolleyes:

Edit:
For good measure, I banned your sbradford account as well.

Enjoy your new PC Cinema Media Center.

We will finally be able to replace this antiquated TiVo box that requires a monthly fee with a more state of the art Media Center PC that is capable of so much more (Music, Movies, Pictures, Recording TV, wireless networking etc...) right out of the box with no montly fee, and will fit right in with your audio components

Interestingly, my experience is exactly the opposite. Two years ago, I assembled my own media center PC and wrote my own software for it. But, I bought a tivo with the plan to replace that PC with something that already had the hardware integrated with the user interface. There are a few additions I would like to make to the tivo interface, which is why I came to this forum.


I have been on here for a couple of years (under a different ID) and have been royally treated like SH*T and I have witnessed others get the same treatment.

Yes, the forum is rough on people who don't carefully research before posting. I have recent experience with this as a newcomer myself :-) But, I find it interesting that you chose to make this post under a new ID. That means I can't investigate whether you asked good questions, did your own research, and dealt maturely with feedback. I can only draw conclusions about you from this one post.

I can see the moderator reached the same conclusions I did, before I even finished writing this reply.

We will finally be able to replace this antiquated TiVo box that requires a monthly fee with a more state of the art Media Center PC that is capable of so much more (Music, Movies, Pictures, Recording TV, wireless networking etc...) right out of the box with no montly fee, and will fit right in with your audio componentsMy 2 cents on this statement is that it is incorrect. I am a MUCH bigger fan of the separation of my computer from my DVR. I have never once had the desire to surf the net on my TV, edit any recorded shows from my TV, or to do anything else other than watch and record TV for that matter. I like having a specialized unit which is geared specifically toward DVR functions, and has the flexibility to get my shows off for editing and burning if I feel like it. Nor do I want all my components in one unit. I like being able to upgrade just certain components when I feel like it.

I also think that as the best-in-breed DVR, Tivo makes the best interface and has been the best to respond with the features that most people want. Interestingly enough, the few things listed in the post by meesh0617 are all supported out of the box with any S2SA tivo. Also, the media centers came out over 2 years ago, and tivos are still going strong, and their stock is doing well. Comcast (the biggest cable provider) also made Tivo their cable box of choice, so you'll be seeing more, not less tivos out there as time goes by.

But my greatest joy will be demise of the DealDatabase Forum with so many holier than thou members who feel they are better than everyone elseI too was very overwhelmed and had difficulty in the beginning, but that's part of learning. Either you accept the challenge and conquer it, or you go somewhere else. I've seen some mean posts, but no more than at other forums, and actually, a whole lot less than at other forums now that I think about it.

I ,for one ,am not scared of a little soldering as I have a degree in electronics engineering. It's the software stuff that I am trying to learn. Yes, the forum is rough if you don't try to help yourself first but, I've even received help from annoyed members.