HD-TIVO exploit bounty

[rc3105]

THE CHALLENGE: - sw only exploit providing bash access

THE DEADLINE: - Jan 1st, 2005


the details:

clueless hordes - vote on how much you're willing to contribute, then paypal your donation (pm for details). if there's no hack by the deadline funds will be returned

multiple votes allowed and they're public. this thread will reflect who's voted / donated / tried to weasel out (weasels will be BANNED)


developers - submit what you have via pm or e-mail. the hack must boot a hd unit to the bash prompt such that an initrd nulled kernel can be used

candidate exploits will be evaluated by qualified community members


to be eligible for the bounty the exploit must be freely available to ddb members for personal noncommercial use. redistribution / resale license restrictions to prevent ebay / hero abuse are acceptable


on Jan 1 the bounty collected will be either:

1) awarded to the first developer that provided a working exploit

2) returned to the contributors


if a working exploit surfaces before Jan 1 the challenge may be closed & the bounty awarded

[rc3105]

notabe contributors

$100, almontebarnes - first person to part with a significant chunk of change

$250, ntesla - largest single donation from a tivo geek

$85 - non-ddb / non-tivo people (thanks slashdot)

~$200 - anonymous, folks willing to donate w/o recieving credit ( allthough some voted in the poll )

if I've left you out PLEASE don't take it as an insult - my inbox is mess at the moment. I'll update as things normalize & am able to verify direct EFF donations

when the dust settles I believe we may top $2k!!!

-----

the challenge donation paypal is jc3105@hotmail.com (no transaction fees) credit card donations should to go rc3105@hotmail.com

please include your ddb handle so I know who donated what. if you're not a ddb member or want to remain anonymous just say so in the paypal comments.

anyone interested in donating hardware please pm

[tivomaster]

I don't have an HD and don't intend on getting one so I voted the $0.. I think you need to change the wording on the $0 to something like "don't care"...

[rc3105]

this isn't a is anybody interested thread

this is a LETS GET THIS DONE thread

presumably anybody that doesn't care won't bother to read/post/vote in the first place


I'd bet $$$ at least 1 of the elder gods has this worked out allready, if not, maybe a tivo insider will leak a signed kernel we can use


just gotta give 'em a reason to share their toys


edit:

bash allows for PLENTY of legit uses like tivoweb, TCS, dailymail, etc

if you want to debate this particular bounty, do so in the sewer

[fixn278]

My vote is more about having options than being afraid to void my warranty.

[MudShark]

Anyone working on the PROM hack? Come 2006, we are gonna need it

As for the warranty, not to worry too much. Just do it fast; like right after it sets itself up and get the latested SW update. If it dies, the tech can make it look like nothing happened. Bring it back to best buy, and exchange for 'a good one this time'

[fixn278]

1) $100 - almontebarnes
2) $5 - rc3105
3) $5 - jjbliss


pledged but not recieved yet - updated daily

$10 - Lattis2003
$100 - fixn278
$20 - jodell

OK, I see confirmation of donations, but no donation account or link...

[JJBliss]

OK, I see confirmation of donations, but no donation account or link...

It says to PM rc3105 for details in the first post.

[fixn278]

It says to PM rc3105 for details in the first post.

Grrrr.... I hate it when that happens....

[SledgeHammer]

$250 - ntesla

Damn dude! Thats pretty generous... I dunno if you can deduct "Tivo Hack" on your taxes though .

[JJBliss]

"...and if anybody else were smart/experienced enough something similiar would allready be public."

smart enough? "allready" is spelled already.

I'm going to delete your post since it's useless BS.

But I'd first like to point out how smart you're NOT you didn't even pick up on the misspelling of similar. You looking for spellers or hackers? Apparently neither can be found on slashdot.

[rc3105]

"HD TeAm" has submitted a sw only exploit for evaluation

the license is restricted distribution - but only to prevent resale / hero abuse

the HD TeAm position:

"HD TeAm has a solution prepared and authorizes it's distribution via ddb once $1,000 has been collected. We request that all proceeds be donated to the EFF so that research of this nature remains legal in the future."

"It is our position that if the community, particularly the minority with the disposable income for hd-units, is unwilling to come together & donate this token sum to a worthy organization the hack is probably better kept private"


OK, lets open the floor to discussion

[tivomaster]

"HD TeAm" has submitted a sw only exploit for evaluation

the license is restricted distribution - but only to prevent resale / hero abuse

the HD TeAm position:

"HD TeAm has a solution prepared and authorizes it's distribution via ddb once $1,000 has been collected. We request that all proceeds be donated to the EFF so that research of this nature remains legal in the future."

"It is our position that if the community, particularly the minority with the disposable income for hd-units, is unwilling to come together & donate this token sum to a worthy organization the hack is probably better kept private"


OK, lets open the floor to discussion

I want to change my vote. If the proceeds go to the EFF I will gladly donate $10 to the cause even though I do not have an HD unit nor the current means to get one..... Can one of the mods either delete my original vote and I will cast a new one or change it for me?

BTW. What about a bounty to get 4.X running on a RID unit? I would reallly like to see that.

[rc3105]

ok, here's where we're at

got the source this morning & was so excited I couldn't wait to try it out. unfortunatly the s2 compiler box was spread all over the workbench so I ended up compiling the util natively in one of the s1 dtivos (isn't life bizarre sometimes?)

installation requires pulling the drive (duh) + a grand total of about 30 seconds to apply the hack & add bash to rc.sysinit

the 2.4.20 - 3.1.5 kernel boots bash / networking / tivoweb & such with a stock prom!!!

[rc3105]

per HD TeAm's request, I'll be setting up a ddb memership with EFF tomorrow

once we reach the goal EFF gets the bounty & the util, source, instructions & donation transaction details get posted here