PDA

View Full Version : The TrojanKIT conspiracy


xtc
August 31st, 2007, 18:21
In the recent release of the game BioShock, the net was swarming with rumors that SecuROM, the copy protection used, was nothing less than a rootkit.
Having been relatively outspoken in debunking these claims, I was invited into the forum of the New Cyber Army. For the purpose of discussing what SecuROM supposedly was doing to subvert your system.

Here's a link to the rather long-winded discussion: http://www.r-force.org/modules.php?name=Forums&file=viewtopic&t=489&start=90&postdays=0&postorder=asc&highlight=

Basically they're a group collecting "evidence" that various DRM schemes do all sorts of bad things to ones system.
They even made up a term, TrojanKIT, to describe such activitiy.
If you check on slashdot, you'll see the type of fud they've previously "published".

At any rate, I figured that most of you would get some laughs out of this character.
I'd advise against posting there, his responses are fully consistent with his previous ventures into charters he doesn't understand: http://killdevilhill.com/physicschat/messages2/3746.html (The most flawed solution to: x + 8 = 5 ever!)


Anyway, I've picked out the most hilarious statements (yeah, there's a lot):

"There is another way of circumventing the Ring 0 access, Obviously I am reluctant to mention this because of the security issues it involves. Bios level injection. This would be where the OS is set up to inject code into bios function calls. Effectively rendering non physical drives inoperable whilst the app is running. "

"It is no secret around here, I was the original Zero CooL the so called King of Inet. No I did not crash Wall Street, or get banned from owning a PC or using a Touch tone phone, that was Just Hollywood."

"As for rootKIT arguments, would it not have been easier to say the definition of rootKIT is so restricted of a Frame work that it would need to be almost a carbon copy if Sony's Previous offering to be classicfied as one. "

"Yes SecuROM installs drivers, it also installs virtual devices. The first communicates from run level 3 into 2 and 1. That is what drivers do. However the latter is an illusion of device, which exists in Ring 0. "

"As peeps are aware, my reputation and credibility precedes me, I only ever say something if I am sure about it, and when I am not I make it very clear I am speculating."

"Legally you cannot say, this DRM has been exploited, otherwise you get sued (even if you have the data to support it), Yes I know this stinks, however what you do is create your own virtual device to protect against Ring 0 viri/trojans."

"Ring 0 is and area used for communications with Hardware."

"Well given the uninformed nature of your reply your are looking at the Kernel Stack, which holds up to three pages of data and yes signature references of associated registers are sent to the Kernel stack."

"Windows API's stink, they do not function correctly, you just can't rely upon the information it returns.

(Before you ask, I am bound by confidentiality agreement with Senior Staff at Microsoft Redmond not to go into specifics of that) "

"I would advise you, that our technical information is so accurate that we where approached by the same legal team that Sued Sony over the rootKIT."

"Dude seriously, http://www.crownedanarchist.com/timedensitymass.htm I wrote the only existing conjecture which allows you to plot infinite space time. I am not blowing my own trumpet when I say you are out of your league."

"So simple OS structure is breeze compared to the complexity of infinite space time."

"But these are drivers what exactly have this got to do with Virtual Hardware?

Drivers are applications which allow your operating system to have dedicated data channels to your hardware. Yes SecuROM uses drivers, but nobody has ever claimed they sit in Ring 0."

"The reason why I say this, is how many times do you have to be told. An emulation of Hardware is not a driver. "

"To repeat yet again, A virtual Device is an emulation of hardware which exist in the kernel and Run level 1 and 2. At no point does this actually make it a driver."

"Another problem with off the shelf debuggers, sniffers and loggers, the DRM companies mostly have access to the same thing (Getting it yet?), so they just force higher priority in the stack. Normally done by deliberately over loading the 3 Pages of the Kernel Stack, causing it to refresh (but this can also cause the OS to lock up so not recommended tactic but since when have DRM companies listened to common sense?)."

"btw the fact you are running 4 rootKIT revealers, just shows you do not know what a rootKIT is, it's a DRM which Mark set a very confined definition of.

Thus any variation to is that would be required to block it from Mark's software, it is not longer a rootKIT, but instead another Ring 0 Virtual device. "

"You are the one trying to present very simple processes as being complex. To me it is just box of switches, switch the right ones off or odd and read the results, nothing complicated in that."

"Just because Windows is heavy GUI based OS does not mean that ability has disappeared for TOS apps (Terminate and stay Resident)."

"Notice the term Driver? instead of Virtual Hardware/Device.

I will give him that, it's a clever smoke screen that most people would fall for, as our brains fill in the missing details and make us think we are talking about the same subject."

"This guy is playing games.

What I find more fascinating is where he learned this from?

Because this is not your script kiddie or hacker stuff. It is Social Engineering, back in the day I got Mitnik onto that. "

"If your golden nugget is that I was once one of the most famous hacker/Cracker/Phreakers on the planet. Then you are on a non starter there as I have never hidden this from the industry."

"As for me being a founder of Social Engineering techniques, this is no secret, neither is me knowing Mitnik back in the day, everybody in scene knew each other online."

Silver
September 1st, 2007, 10:17
Quote:
"It is no secret around here, I was the original Zero CooL the so called King of Inet. No I did not crash Wall Street, or get banned from owning a PC or using a Touch tone phone, that was Just Hollywood."


I AM SPARTACUS!

And this Cyber Army rubbish appears to be yet another pointless online "gang" of "l33t" children with too much time and not enough knowledge... Off to the great bit bucket in the sky, the lot of them.

rendari
September 2nd, 2007, 12:24
One question: Why did you even bother posting there? I thought the New Cyber Army's reputation as a board for pre teen children with superiority complexes, coupled with the fact that no intelligent entries have been made in its SQL database for the past decade, are a good enough reason for anyone with an IQ greater than that of my down syndrome stricken neighbor to avoid even contemplate viewing that black hole of the internet, let alone post on it.

xtc
September 2nd, 2007, 16:46
In retrospect it was clearly poor judgement on my part.
I came in not knowing anything about them, except they were grossly mistaken about the severity of SecuROM. I figured that I could maybe enlighten their resident guru and end their attempts to stir up a commotion in the gaming community (which is surprisingly easy; just say ring-0 in every sentence).
As I got deeper into the argument, I became somewhat fascinated by his obvious mental defect. I've met some weirdo's in my time, but none like him.
I tried to plant some incorrect information in my arguments, to discern how deep his understanding was. If he had been able to understand it, he would easily have been able to point out the subtle flaws.
However, the more information I posted, the further he went off into his own reality. At the end I had completely lost track of his pattern of thought and decided to call it quits before he had a meltdown.
But yeah, what a waste of time.

disavowed
September 3rd, 2007, 22:52
Quote:
"(Before you ask, I am bound by confidentiality agreement with Senior Staff at Microsoft Redmond not to go into specifics of that)"

wow.. that one made me literally "lol"

Aimless
September 4th, 2007, 02:00
Quote:
[Originally Posted by xtc;68264]

(Before you ask, I am bound by confidentiality agreement with Senior Staff at Microsoft Redmond not to go into specifics of that) "



Actually, all of you mis-read that.

What the guy was simply trying to say was: My reality is so bad, that Microsoft made me sign a confidentiality agreement so as not to go out there and expose the poor public to my theories... lest the threat becomes very real of all you people beginning to understand my implementations of space-time continuity theories. duh!

xtc, maybe you should have put in a few words of the drivers being triple ECC encrypted with a 4028 bit key, then with a Sony DRM local encryption (whatever the heck that is!) and secret formulas ripped off from Stephen Hawkins' string theory of rotating black holes, and then watched the fun. :P

Have Phun,

Woodmann
September 4th, 2007, 16:20
Quote:
xtc, maybe you should have put in a few words of the drivers being triple ECC encrypted with a 4028 bit key, then with a Sony DRM local encryption (whatever the heck that is!) and secret formulas ripped off from Stephen Hawkins' string theory of rotating black holes, and then watched the fun. :P

Have Phun,



I'll do it.

Woodmann


Oh wait, you guys need to give me some other big names to drop and a fake national security agency name so I can further boast of my skillz.

JMI
September 4th, 2007, 17:09
Woody:

Welcome back.

I'd give you those names, but then I'd have to kill you.

I have it on reliable sources, as in "from the horse's mouth", that +SplAj has sent you a greeting by PM. He was "in the house" a day or so ago for a visit.

Regards,