Sign in to follow this  
Followers 0
chaostic

Sony rootkit uses?

26 posts in this topic

So, by know, I hope everybody has heard about the Sony/BMG/First4Internet rootkit scandle? Be able to hide anything using the $sys$ prefix in the filename and placing it in the system32 folder.

More info at http://www.sysinternals.com/Blog/

The blog of the guy who broke the news, and is keeping track of it. Also a great hacker in the truest sense of the word.

I can see that this can be used for both good and bad uses. Keyloggers, tojans, virii, WoW Hacking (Best use :D), etc.

So, my question is, has anyone else used this for some reason, good or bad?

Personally, I think adding a small server on one of my schools computers so that I can log in and transfer any files that I left on it while I was on there. (Nothing illegal in terms of warez or nothing since it could be traced back to me. I mean like linux distros since they don't have cd burners on the comps)

0

Share this post


Link to post
Share on other sites

Whoever approved that DRM crap at SONY should go to jail for that...

http://en.wikipedia.org/wiki/Computer_Misuse_Act"

"It an offence to make "unauthorised access to computer material"

"It is an offence to make "unauthorised modification of computer material"

I think that pretty much covers it, not to mention the flagrant breach of the EU law on privacy.

:growl: :nono: :pissed:

edit: oh, they're being sued... http://news.bbc.co.uk/1/hi/technology/4424254.stm

WTF? They should go to jail for this, not be able to buy their way out of it.

Edited by coding_monkey
0

Share this post


Link to post
Share on other sites

They should go to jail (whoever invented it). By buing their CD's (or anything) I don't let them control of my computer, or monitoring my behaviors.

But that case leads us to this - BIG companies woul rather hackers to sit in the jail. Why? Maybe, because they can know about their illegal behaviors? Or maybe they don't wan't concurrency. (and I don't wanna start again the cracker vs. hacker war. For me a hacker isn't someone bad, but he has ENOUGH knowlegde to do something illegal, and step onto the dark side of the hack. :P) But, anyway, it's good, that it has been revealed. Maybe SONY's process would make other companies more gentle towards users of their products.

EDIT: coding_monkey - try and make a googlism search for "Bill Gates". One of the results will be: "Bill Gates is Darth Vader". :P

Edited by WhatChout
0

Share this post


Link to post
Share on other sites

heh... 'the dark side of the hack.'

Annakin... Annakin!......noooooooo!

0

Share this post


Link to post
Share on other sites

Something not mentioned here is the fact that the CDs actually call home to Sony's servers when you listen to them with the custom player. It is apparantly only receiving updated artwork and so on, but it still sends to Sony *at least* the time/date and IP address of everybody who listens to the CDs whilst online.

Also, it's been proven that the software on these CDs will outright break a Windows 64 bit machine or a Windows Vista machine. 64 bit will just lose it's CD drives because there's now a 32 bit filter driver installed on them. Windows Vista apparantly is a bit more spectacular and needs a full reinstall to fix.

All in all it's a very bad thing that Sony have done, and been getting away with for months!

0

Share this post


Link to post
Share on other sites

use it to hide my pron from my mom, $sys$pron_folder woot.

0

Share this post


Link to post
Share on other sites

Virii have already been detected that use it as well.

And the call home was mentioned in the blog I linked in the first post.

That, ontop of the list of software to block and there not being any uninstaller yet... Sony will burn :D

Personally, I had to remove this from two of my clients/friends/compilliterat people' computers. I charged then my normal fee for the rest of the virii/spyware, but I'm sending SonyBMG the bill for the rootkit uninstall. 4 billable hours at 50 each. 3 hours working on their computers/my clean windows install, and 1 hour for the time it took for me to find out about the rootkit info and uninstall (500 plus comments on each of Mark's blog posts). I suspect more in the future.

edit:

My call logs:

First called sony customer service. Was given Sony/BMG's address (Was told 666 5th Ave. in NYC NY) and number.

Called Sony/BMG, was transfered to billings. Closed at call time. (was also given 550 Madison Ave as address, the same building as Main Sony HQ)

Called Sony/BMG again, asked for billings again, was asked why, explained, and was told to call Accounts Payable.

Called, and received invoice instructions and address. The account's payable is in NJ.

Will call back tomarrow to see if I can get a Fax Number to fax it to instead of mailing (Or at the same time). That way I can call to get confirmation of fax being received.

Edited by chaostic
0

Share this post


Link to post
Share on other sites

:D Nice one chaostic.

I still want to see some SONY manager or director in chains for this, I mean... why is it that when an individual breaks the law, they go straight to jail but when a company does it, they just get a fine? Aren't directors accountable for their companies actions? Someone somewhere approved this and they should go straight to jail. :angry:

0

Share this post


Link to post
Share on other sites
Virii have already been detected that use it as well.

And the call home was mentioned in the blog I linked in the first post.

That, ontop of the list of software to block and there not being any uninstaller yet... Sony will burn :D

Personally, I had to remove this from two of my clients/friends/compilliterat people' computers. I charged then my normal fee for the rest of the virii/spyware, but I'm sending SonyBMG the bill for the rootkit uninstall. 4 billable hours at 50 each. 3 hours working on their computers/my clean windows install, and 1 hour for the time it took for me to find out about the rootkit info and uninstall (500 plus comments on each of Mark's blog posts). I suspect more in the future.

edit:

My call logs:

First called sony customer service. Was given Sony/BMG's address (Was told 666 5th Ave. in NYC NY) and number.

Called Sony/BMG, was transfered to billings. Closed at call time. (was also given 550 Madison Ave as address, the same building as Main Sony HQ)

Called Sony/BMG again, asked for billings again, was asked why, explained, and was told to call Accounts Payable.

Called, and received invoice instructions and address. The account's payable is in NJ.

Will call back tomarrow to see if I can get a Fax Number to fax it to instead of mailing (Or at the same time). That way I can call to get confirmation of fax being received.

No that is the problem. They don't go to jail, nothing happens. You can steal 50 million, keep half of it and just spend 10 years in jail provided you were backed by an incorporated.

If we were to steal 50 million, we'd be shot.

What needs to happen is EVERYONE, espically the retarded 14 year old's that buy CD's, just stop buying... If they just stopped, SONY Music would go out of business.

Sorry but you fuck your customers, rape them with overpraced shit and the msuic sucks on top of it? Go fuck yourself Sony. I can only hope you end up like your music... in the trash.

0

Share this post


Link to post
Share on other sites

Quick show of hands.... who's ever going to buy from SONY again?

I'm not.

I actually had nothing against them until they did this crap. I was even thinking about buying a playstation3, not any more though.

Unless, of course, somebody from SONY goes to jail... or pigs fly.

0

Share this post


Link to post
Share on other sites

The most creepy part of all of this, is that the only way anyone found out about it is that someone broke the law. Unless someone had unlawfully reverse engineered the code, no one would really know about this. That scares the hell out of me.

0

Share this post


Link to post
Share on other sites
The most creepy part of all of this, is that the only way anyone found out about it is that someone broke the law.  Unless someone had unlawfully reverse engineered the code, no one would really know about this.  That scares the hell out of me.

Of the two people/groups who found it out, neither had any clue to who/what installed the rootkit, and what its purpose was. Plausible denyablity, plus the way the rootkit worked, if the EULA was upfront about it, do you think they would have installed it in the first place? Sony misled people into installing it when they thought removable software. They flat out lied. Plus, DMCA adds reverse engineering provisions and EULA's can't contract away your rights just as they can't contract murder.

0

Share this post


Link to post
Share on other sites

This just in fundamentalist christians have used the sony rootkit to hide evidence of darwin's theory of evolution, carbon dating, and dinosaurs. Intelligent design has no opponet and must now be taught in schools.

On another note they supposedly used lgpl'ed code. Which they will probably use the dmca to punish anyone who tries to prove other wise. So the code's copyright owner can't do anything about license violation.

In the end like a good consumer, I will just crank up the apathy and buy the ps3.

0

Share this post


Link to post
Share on other sites
This just in fundamentalist christians have used the sony rootkit to hide evidence of darwin's theory of evolution, carbon dating, and dinosaurs.  Intelligent design has no opponet and must now be taught in schools. 

On another note they supposedly used lgpl'ed code.  Which they will probably use the dmca to punish anyone who tries to prove other wise. So the code's copyright owner can't do anything about license violation.

In the end like a good consumer, I will just crank up the apathy and buy the ps3.

You can't use the dmca to prevent someone from using the dmca. If sony was using pirated software, it makes their dmca claim invalid.

0

Share this post


Link to post
Share on other sites

this thing really pissed me off... another reason to support the anti anti piracy act.

btw I also read about the WoW cheating a week or so ago? I even heard there was speed and dmg hacks, I think blizzard should sue! :P

maybe I should make an improved stealth hack LOL

0

Share this post


Link to post
Share on other sites
this thing really pissed me off... another reason to support the anti anti piracy act.

btw I also read about the WoW cheating a week or so ago? I even heard there was speed and dmg hacks, I think blizzard should sue! :P

maybe I should make an improved stealth hack LOL

They should, after all they sued people who wanted to make private servers... Damn Blizzard (Well, Vendi really)

0

Share this post


Link to post
Share on other sites

I thought the software arrived on a music CD, if so... how can they claim there was a EULA?

I don't think there even was a EULA, so reverse engineering some code that got onto my system wihtout my permisison... can't be illegal...surely.

A EULA is just a contract, when you break a contract it isn't a criminal offence, it's civil law isn't it?

but... IANAL.

0

Share this post


Link to post
Share on other sites
I thought the software arrived on a music CD, if so... how can they claim there was a EULA?

I don't think there even was a EULA, so reverse engineering some code that got onto my system wihtout my permisison... can't be illegal...surely.

A EULA is just a contract, when you break a contract it isn't a criminal offence, it's civil law isn't it?

but... IANAL.

I seem to remember that there was an EULA for the rootkit-infested software that Sony distributed on the CD. However, the EULA was actually on the Sony website so you had to go there to read it. It also didn't cover the actual rootkit DRM software at all, so even if you were able to find and read it there wouldn't be anything in there to stop you from reverse engineering it.

This is all from memory though, so I could be totally wrong :)

0

Share this post


Link to post
Share on other sites
I thought the software arrived on a music CD, if so... how can they claim there was a EULA?

I don't think there even was a EULA, so reverse engineering some code that got onto my system wihtout my permisison... can't be illegal...surely.

A EULA is just a contract, when you break a contract it isn't a criminal offence, it's civil law isn't it?

but... IANAL.

If you in any way hamper the functionality of the rootkit, you are violating the DMCA's anti-circumvention provisions. You reversed engineered it, and therefore were aware of the rootkit's installation and presence. The fact that it installed without giving you an opportunity to intervene is irrelevant: you would still have broken the law.

And ultimately, that's all that matters. This litigations with the DMCA are seperate from breaking the terms of the EULA; though by doing so you probably are violating the EULA in some way. As for the relevency of a EULA on a music CD - A EULA is a contract that comes with the data portion of the disc. The rootkit comes with the data portion of the disc. You agreed to the (data) EULA and thus the (data) rootkit. The fact that the disc can be played in CD players is irrelevant.

I'm playing the Devil's advocate here. I detest companies (Sony) that treat customers as criminals, and give half-ass CDs on account of a fictional "piracy". If I bought the CD, I'm not a pirate. Having anti-copying software won't stop the piracy of others either, only piss off customers like me.

Edited by Seal
0

Share this post


Link to post
Share on other sites
If you in any way hamper the functionality of the rootkit, you are violating the DMCA's anti-circumvention provisions. You reversed engineered it, and therefore were aware of the rootkit's installation and presence. The fact that it installed without giving you an opportunity to intervene is irrelevant: you would still have broken the law.

Is that actually the way the law works? Because if so, then I'm reading it as

"it is illegal for me to try and determine what illegal activities other people are doing on *my* personal property"

And that just sucks big time :(

0

Share this post


Link to post
Share on other sites
If you in any way hamper the functionality of the rootkit, you are violating the DMCA's anti-circumvention provisions. You reversed engineered it, and therefore were aware of the rootkit's installation and presence. The fact that it installed without giving you an opportunity to intervene is irrelevant: you would still have broken the law.

Is that actually the way the law works? Because if so, then I'm reading it as

"it is illegal for me to try and determine what illegal activities other people are doing on *my* personal property"

And that just sucks big time :(

It's not illegal for you to try to see what others do with your property, unless that in some way requires you to bypass anti-circumvention technologies. It's just illegal for you to remove that rootkit from your system; or hamper the rootkit in any way. That is unless you go with Sony's so called uninstaller, which is more of a patch. [sideeffect: you won't be able to play the music CD you bought on your computer no more] So if your determining what illegal activities that other people conduct on your computer requires you to, say, temporarily disable the rootkit, then yes you would be doing something illegal.

I wonder if a virus-coder could sue people from removing it. Technically, if the virus has some kind of anti-circumvention code, then anyone removing it would be a criminal <_< Encryption in the right context can be considered anti-circumvention.

Edited by Seal
0

Share this post


Link to post
Share on other sites
If you in any way hamper the functionality of the rootkit, you are violating the DMCA's anti-circumvention provisions. You reversed engineered it, and therefore were aware of the rootkit's installation and presence. The fact that it installed without giving you an opportunity to intervene is irrelevant: you would still have broken the law.

Is that actually the way the law works? Because if so, then I'm reading it as

"it is illegal for me to try and determine what illegal activities other people are doing on *my* personal property"

And that just sucks big time :(

It's not illegal for you to try to see what others do with your property, unless that in some way requires you to bypass anti-circumvention technologies. It's just illegal for you to remove that rootkit from your system; or hamper the rootkit in any way. That is unless you go with Sony's so called uninstaller, which is more of a patch. [sideeffect: you won't be able to play the music CD you bought on your computer no more] So if your determining what illegal activities that other people conduct on your computer requires you to, say, temporarily disable the rootkit, then yes you would be doing something illegal.

I wonder if a virus-coder could sue people from removing it. Technically, if the virus has some kind of anti-circumvention code, then anyone removing it would be a criminal <_< Encryption in the right context can be considered anti-circumvention.

First, Your an idoit. Second, your an idiot because you didn't bother researching anything about this. Sony's patch does not disable the drm or your ability to play the cd on your computer. As of such, removeing the rootkit is not in anyway circumventing the drm software and hence not illegal. If it was illegal, any anti-virus company that is providing a rootkit remover, Microsoft, the guy that found it, any blog/news station that reported it would have already been sued by sony. Third, Sony broke the eula by having the drm software call home without any way of turning it off. Finally, there is a major difference between software and rootkits, atleast a legal difference that can be argued successfully in court.

0

Share this post


Link to post
Share on other sites
If you in any way hamper the functionality of the rootkit, you are violating the DMCA's anti-circumvention provisions. You reversed engineered it, and therefore were aware of the rootkit's installation and presence. The fact that it installed without giving you an opportunity to intervene is irrelevant: you would still have broken the law.

Is that actually the way the law works? Because if so, then I'm reading it as

"it is illegal for me to try and determine what illegal activities other people are doing on *my* personal property"

And that just sucks big time :(

It's not illegal for you to try to see what others do with your property, unless that in some way requires you to bypass anti-circumvention technologies. It's just illegal for you to remove that rootkit from your system; or hamper the rootkit in any way. That is unless you go with Sony's so called uninstaller, which is more of a patch. [sideeffect: you won't be able to play the music CD you bought on your computer no more] So if your determining what illegal activities that other people conduct on your computer requires you to, say, temporarily disable the rootkit, then yes you would be doing something illegal.

I wonder if a virus-coder could sue people from removing it. Technically, if the virus has some kind of anti-circumvention code, then anyone removing it would be a criminal <_< Encryption in the right context can be considered anti-circumvention.

First, Your an idoit. Second, your an idiot because you didn't bother researching anything about this. Sony's patch does not disable the drm or your ability to play the cd on your computer. As of such, removeing the rootkit is not in anyway circumventing the drm software and hence not illegal. If it was illegal, any anti-virus company that is providing a rootkit remover, Microsoft, the guy that found it, any blog/news station that reported it would have already been sued by sony. Third, Sony broke the eula by having the drm software call home without any way of turning it off. Finally, there is a major difference between software and rootkits, atleast a legal difference that can be argued successfully in court.

If you're going to insult me, at least spell it right:

Your Way: Your an idoit

Correct Way:You're an idiot

You need the 're there. And it's spelled "idiot", not "idoit".

Sony's rootkit is an anti-circumvention device on its own. It prevents you with messing with another anti-circumvention device: the DRM. As such, it falls within the realm of the DMCA's Title I: Sec. 1201: Part A; which made it illegal to tamper with digital restrictions on purchased products. That's the law, seperate of the EULA's dictations and the functioning of the patch released by Sony. The legal difference to note here is between Sony disabling the rootkit, and you disabling the rootkit.

Obviously an anti-virus company will not get in trouble for disabling Sony's rootkit. Can you imagine the bad press that would create for Sony? But that doesn't mean that the DMCA is nullified; it just means that Sony will not pursue legal action as this all unfolds. It seems that you area the one that needs to do the research, and perhaps also ponder taking up a course in Grade 3 English.

Edited for clarity.

Edited by Seal
0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0