Winner, Name That Ware December 2010

February 7th, 2011

The ware for December 2010 is an Inmarsat receiver board. According to the submitter, the ware has notable a history:

This is the Inmarsat receiver used during the round-the-world balloon flight attempts by Steve Fossett and Richard Branson. It was located on the ground along with a whole rack full of related equipment. Some time ago a friend of a friend bought the whole lot on eBay, not really expecting to win. It took up a lot of space in his flat for a while, before being donated to the Dorkbot Alba electronics group. It is currently all taking up space in the Edinburgh Hacklab, if anybody wants it…

Here is the uncensored image of the board, along with a picture of the rack of equipment that went along with it:

For the first time in the history of Name that Ware, I do not have a clear winner. After the 70 MHz IF hint was posted, many homed in on it being a kind of satellite receiver front end. Many of the answers were also very thorough, so much that I couldn’t really declare a winner based solely upon quality and depth of analysis (which is my typical tie-breaking factor). As a result, I’m going to declare the reader who submitted this ware the winner — Martin Ling gets the prize this month for stumping the readers!

A schematic for M. pneumoniae metabolism

January 17th, 2011

With the madness of CES over and the Chinese New Year holiday coming up, I finally found some time to catch up on some back issues of Science. I came across a beautiful diagram of the metabolic pathways of one of the smallest bacteria, Mycoplasma Pneumoniae. It’s part of an article by Eva Yus et al (Science 326, 1263-1271 (2009)).

Looking at this metabolic pathway reminds me of when I was less than a decade old, staring at the schematic of an Apple II. Back then, I knew that this fascinatingly complex mass of lines was a map to this machine in front of me, but I didn’t know quite enough to do anything with the map. However, the key was that a map existed, so despite its imposing appearance it represented a hope for fully unraveling such complexities.

The analogy isn’t quite precise, but at a 10,000 foot level the complexity and detail of the two diagrams feels similar. The metabolic schematic is detailed enough for me to trace a path from glucose to ethanol, and the Apple II schematic is detailed enough for me to trace a path from the CPU to the speaker.

And just as a biologist wouldn’t make much of a box with 74LS74 attached to it, an electrical engineer wouldn’t make much of a box with ADH inside it (fwiw, a 74LS74 (datasheet) is a synchronous storage device with two storage elements, and ADH is alcohol deydrogenase, an enzyme coded by gene MPN564 (sequence data) that can turn acetaldehyde into ethanol).

In the supplemental material, the authors of the paper included what reads like a BOM (bill of materials) for M. pneumoniae. Every enzyme (pentagonal boxes in the schematic) is listed in the BOM with its functional description, along with a reference that allows you to find its sequence source code. At the very end is a table of uncharacterized genes — those who do a bit of reverse engineering would be very familiar with such tables of “hmm I sort of know what it should do but I’m not sure yet” parts or function calls.

Name that Ware December 2010

December 31st, 2010

The Ware for December 2010 is shown below, click on the image for a much larger version.

This is a reader-submitted ware; thanks to Martin Ling of the Edinburgh Hacklab for the submission!

Happy New Year to everyone!

[edit: Nobody’s guessed the ware yet — first time this has happened — so I’ll add a hint. The silver box on the top left hand corner whose label has been blocked out is a precision 70 MHz oscillator by Vectron. Hope that helps!]

Winner, Name that Ware November 2010

December 31st, 2010

It’s impressive how much was deduced from just a tiny portion of a circuit board.

The ware for November 2010 is a Kingston KVR667DS2S5/2G DDR2 SO-DIMM. It’s a zoom in of the area between two DDR2 memory chips, where an I2C EEPROM would sit to help with module identification.

Picking a winner was difficult, but ultimately I’ll say it’s Paul Roukema for having the first mostly-correct answer. Congrats, email me for your prize!

USA v. Crippen — A Retrospective

December 4th, 2010

Some readers may be aware that I was called upon to perform as an expert witness in a landmark case, USA v. Crippen, where for the first time an individual, Mr. Crippen, was charged with an alleged violation of the criminal portion of the DMCA statute. There have been numerous civil cases over the same statute, but this is the first time that a felony conviction could result from a court case.

As reported by numerous sources, the case was dismissed after the first witness’ testimony. This would be as if two armies brought all their artillery and troops to a border, fired a single shot, and then one side surrendered, realizing that there is no point incurring casualties for a war they cannot win. And thanks to double-jeopardy provision of the US constitution, Mr. Crippen cannot be tried again, since a jury was assembled for his trial. It is a remarkable victory for Mr. Crippen’s defense: as Sun Tzu said in The Art of War, “The best victory is when the opponent surrenders of its own accord before there are any actual hostilities”.

On the surface, it’s hard to appreciate how unique this case is. Not only is it the first of its kind, it’s rare for a US prosecutor to dismiss their case. I’m told that typically, the US government does not go to trial unless they are sure to win the case — they win 90+ % of their cases, with a typical outcome resulting in a plea bargain because of the strong evidence they prepare prior to filing the case. I’m also told that despite the prosecutor’s alleged misbehavior in the case, his pedigree is prestigious (UCLA is a top-15 law school) and his career trajectory is toward a top spot as a judge or politician. And, as I’m learning, neither the prosecution nor the defense leave much to chance in the court of law — so kudos to the defense for educating the judge on terms such as “fair use” and “homebrew”, and applying overwhelming pressure to “crack” the prosecution: a job well done. To be fair, the case was without precedent, so the prosecutor was unaware of basic things, such as the US government’s own guidelines for evidence in prosecuting crimes related to the DMCA. In this case, the US government had to demonstrate that Crippen knew he was violating the DMCA, an element missing from the original evidence but introduced in a surprise statement by the first witness.

However, in a broader legal sense, the trial is a cliffhanger. In some respects, it’s a setup for prosecutors to prepare a stronger, more informed case in the future. Before a case goes to trial, each side must disclose all their evidence and facts to the opposition (and, in fact, part of the reason the prosecution had to dismiss was because they had failed to do just that — it is improper to withhold both exculpatory, and in this instance, impeaching evidence (Giglio v United states)).

As a corollary, the prosecution has a full copy of my prepared testimony. My role as an expert witness is to testify, as an unbiased expert, upon the facts of the case. By dismissing the case before a public hearing of all testimony, the prosecution gets to see the entire roadmap (of which my testimony is a small part) for a defense without its disclosure to the public.

A problem with technology-related cases is that they are never as simple as they seem. The evidence presented by the US government included 150 non-original games in Crippen’s possession, along with two Xboxes that prior to Crippen’s modification, did not play copied games; but, after such modification, they did. As I mentioned earlier in this post, the US government does not go to trial unprepared.

While the true facts are not as simple, raw facts are essentially useless to a jury. The real challenge for me personally was to take a world of technical jargon full of one-way hashes, modular exponentiation, prime numbers, finite fields of characteristic two, stealth sectors, lead-ins, lead-outs, and reflectivity measurements using a laser and a four-quadrant photodetector and boil it down into a set of factually correct statements that any lay jury could not only understand, but feel confident enough to use to decide upon two felony counts.

So, for the purpose of encouraging discussion, criticism, and education, here are some of the key concepts I was to present in the case.

First, it’s important to clarify some basic cryptography terms (click on all images for larger, more readable versions).

The common use of “encryption” or “scambling” is tantamount to an “access control” insofar as a work is scrambled, using the authority imbued via a key, so that any attempt to read the work after the scrambling reveals gibberish. Only through the authority granted by that key, either legitimately or illegitimately obtained, can one again access the original work.

However, in the case of the Xbox360, two technically different systems are required to secure the authenticity of the content, without hampering access to the content: digital signatures, and watermarks (to be complete, the game developer may still apply traditional encryption but this is not a requirement by Microsoft: remember, Microsoft is in the business of typically selling you someone else’s copyrighted material printed on authentic pieces of plastic; in other words, they incur no loss if you can read the material on the disk; instead, they incur a loss if you can fake the disk or modify the disk contents to cheat or further exploit the system).

Simply put:

  • Digital signatures leave a document’s body completely readable, but attach an unforgeable signature that is irrevocably tied to an unmodifiable version of the document.
  • Watermarks leave a document’s body completely readable, but attach an unforgeable physical mark that is irrevocably tied to the physical disk itself.
  • Relating this back to the DMCA statute:

    1201(a)(1)(A) No person shall circumvent a technological measure that effectively controls access to a work protected under this title.

    1201(a)(3)(B) a technological measure “effectively controls access to a work” if the measure, in the ordinary course of its operation, requires the application of information, or a process or a treatment, with the authority of the copyright owner, to gain access to the work.

    So the first question upon which a jury must deliberate is: given that the document is entirely readable despite anti-counterfeit measures, do these anti-counterfeit measures constitute an effective access control that requires the application of information, or a process or a treatment, with the authority of the copyright owner, to gain access to the work?

    To further educate upon that question, it’s important to demonstrate an example of a system where data cannot be accessed, and contrast it to one where it is. The image below compares and contrasts a CSS-protected DVD to the systems used in the Xbox360.

    As one can see, on the left, I could access all kinds of images, text, etc. on an Xbox360 DVD. On the right, on the other hand, an authentic DVD secured with a fairly established access control, such as CSS, reads back as gibberish until I can circumvent the scrambling with either a legitimate or illegitimate key.

    Now, per the DMCA statute:

    1201(a)(1)(A) No person shall circumvent a technological measure that effectively controls access to a work protected under this title.

    1201(a)(3)(A) to “circumvent a technological measure” means to descramble a scrambled work, to decrypt an encrypted work, or otherwise to avoid, bypass, remove, deactivate, or impair a technological measure…

    So the next question the jury must deliberate upon is, does an Xbox360 optical disk drive (ODD) modification descramble a scrambled work, decrypt an encrypted work, or otherwise avoid, bypass, remove, deactivate, or impair a technological measure?

    To further education upon that question, it’s important to understand what an Xbox360 ODD modification does; the requisite background to this is “how does an Xbox360 ODD work in the first place?”. Below is a diagram that outlines, in simplified terms, the flow of authenticating an Xbox360 game disk.

    As you can see, the ODD is responsible for returning measurements of watermark features (such as reflectivity) that are not burnable by a regular DVD burner.

    What the ODD modification does is redirect these requests to verify the watermark to an “answer table” contained in what amounts to a few files on the copied disk:

    The most important fact to be cognizant of in this system is that the “answer table” is not contained anywhere within the Xbox360 ODD mod applied by Mr. Crippen. Without the user of the modification also contributing the “answer table”, the mod is entirely incapable of performing any function. This is demonstrated by what happens if, for example, the “answer table” is missing or damaged:

    In the case that the “answer table” is lacking from the disk inserted into the ODD, the disk will not play. Thus, the question is: given that the user of the modified Xbox360 (in this case, the private investigators and agents that the government hired) must also materially participate in the “process” by providing an “answer table”, is the mod alone sufficient to justify felonious conduct?

    Unfortunately, the answer is: “we don’t know”. Since the case was dismissed, the answer to this question is a cliffhanger; and the prosecution, now educated, should have a clearer roadmap for future actions under the criminal provision of the DMCA; I wouldn’t count on them making the same mistakes twice. Technical facts, such as the ones outlined in this post, and disclosed to the prosecution, don’t change from case to case … but the individuals, specific evidence, and overall angle of the case can change.