17-Oct-2021 04:33 GMT.
UNDER CONSTRUCTION
Anonymous, there are 159 items in your selection [1 - 50] [51 - 100] [101 - 150] [151 - 159]
[News] Offensive Elbox driver and consequences for PoseidonANN.lu
Posted on 14-Nov-2002 14:43 GMT by Chris Hodges159 comments
View flat
View list
Poseidon will refuse to load the usb.device with the next update. I could verify that the offensive RDB-killer code is inside the driver version (1.2) I had here. Permission to distribute Poseidon with their software has been withdrawn. Dear Poseidon Users,

in the last few days, there were rumours posted to ann.lu, claiming that the usb.device, that is provided by Elbox Computer Inc. for the Spider USB PCI card would contain malicious code. This code was posted disassembled on various websites. This source code, if assemblied into an executable, would indeed have the ability to kill the RDB (if it was found in block 0). Code destroying data on purpose like this is illegal in most countries (including Germany) and moreover, is one of the ethically worst things I've ever seen.

As the source of this security warning was an anonymous poster and therefore was not reliable, I wanted to check for myself. So I loaded the usb.device (some friendly Mediator user sent me, as Elbox never offered me a SpiderCD to check the contents of the CD), let it decrypt itself and just searched for the 'RDSK' string in the driver (as seen on the disassembled source code on the websites). No disassembly was used. The string was found. I could therefore verify that the offensive code is at least in version 1.2 of the device, I had here to test (there is absolutely NO reason why 'RDSK' would appear in an usb hardware device driver).

I gave Elbox the chance to clear things up in public by posting an apology and removing the code. They didn't. Instead, they said that all my "doubts" would be answered in the press statement released yesterday and ignored the consequences that I already had proposed to them.

Well, my "doubts", which actually are facts, that I could see with my own eyes, remain. Any Mediator user can check this by using a memory monitor and searching for the usb.device in memory (after loading up Poseidon) and see, if there's the 'RDSK' ID string within the next 10000 bytes.

As a consequence, I have to warn Mediator users that their machine is in danger, when running the usb.device. In the non-memory protected Amiga environment it might get damaged at any time and then cause the routine that kills the RDB to become active. The next update of Poseidon will refuse to load up the usb.device, if it detects malicious code. This is to protect yourself from damage and myself from being held liable for any loss of data or damage done.

Moreover, I hereby withdraw the permission to include Poseidon in ELBOX's software distributions, until they
a) admit, that the code was in their driver,
b) admit, that they have constantly lied to the users,
d) have placed a public apology for the first time in their life,
c) and have removed any malicious code.

I don't want Poseidon to be included with third party software, that's highly illegal and whose originators don't deserve any trust.

I do understand that people try to protect their work from being hacked. I do this too, but not by risking the data of legal users and I cannot tolerate this offensive behaviour any longer (I admit, I'm again rather upset and therefore this statement is not as objective as it could have been).

The Spider users out there are adviced to confront Elbox with the demands mentioned above, so to allow Poseidon again accept the usb.device driver.

I hope that you believe the facts and my worries and understand the steps taken.

Best regards

Chris Hodges

Offensive Elbox driver and consequences for Poseidon : Comment 1 of 159ANN.lu
Posted by 4pLaY on 14-Nov-2002 13:52 GMT
Maybe people will belive it now =).
Offensive Elbox driver and consequences for Poseidon : Comment 2 of 159ANN.lu
Posted by David on 14-Nov-2002 14:00 GMT
Well prepared. It seems that now we know who stay behind this anonymous hacker.
You should signed this statement: E3B.
Offensive Elbox driver and consequences for Poseidon : Comment 3 of 159ANN.lu
Posted by Troels E on 14-Nov-2002 14:03 GMT
In reply to Comment 1 (4pLaY):
Well this post leaves no doubt in my mind, but offcourse the anonymos post did.
So ELBOX, are you just going to ignore this post?
Offensive Elbox driver and consequences for Poseidon : Comment 4 of 159ANN.lu
Posted by redrumloa on 14-Nov-2002 14:05 GMT
In reply to Comment 3 (Troels E):
Just wait for someone to question if this is really Chris Hodges, or he has an agenda;-)
Offensive Elbox driver and consequences for Poseidon : Comment 5 of 159ANN.lu
Posted by Chris Hodges on 14-Nov-2002 14:11 GMT
In reply to Comment 2 (David):
I do NOT have any PCI board, nor do I have a Spider or a compatible USB board. Same for Michael/E3B.
I never have attempted to look into the usb.device driver before. What you're trying to say is a false
and wild accusation, you should be ashamed of.
Why would I try to hack a driver and then tell that there's some malicious code
in there? I earn money by Spider registrations (obviously more than by people
buying a Highway/Subway). So this whole Elbox thing does not do me any favour.
Please think twice before trying to offend me.
Offensive Elbox driver and consequences for Poseidon : Comment 6 of 159ANN.lu
Posted by quenthal on 14-Nov-2002 14:14 GMT
And to make it even worse, it seems that pci.library has the same code included in it, as seen in previous news item and here:
http://isuq.selfhost.com/
I really, really want PCI to my A4000/PPC, but now I'm uncertain which one to buy...
G-Rex will not support AOS4 and Prometheus still seems somewhat unfinished... Is Hyperion making support for mediator busboards in OS4.0? If yes, maybe we don't have to use Elbox' own drivers anymore in OS4?
- q
Offensive Elbox driver and consequences for Poseidon : Comment 7 of 159ANN.lu
Posted by Anonymous on 14-Nov-2002 14:18 GMT
In reply to Comment 6 (quenthal):
NO ONE is getting any low-level HW-doke from Elbox not
Hyperion, not the OpenPCI or the MorphOS-team.
Offensive Elbox driver and consequences for Poseidon : Comment 8 of 159ANN.lu
Posted by Peter Gordon on 14-Nov-2002 14:26 GMT
In reply to Comment 6 (quenthal):
DAMNIT! If its in pci.library too, its on my system and I am NOT HAPPY about this... :(
Offensive Elbox driver and consequences for Poseidon : Comment 9 of 159ANN.lu
Posted by Anonymous on 14-Nov-2002 14:34 GMT
ELBOX you are great hardware-designers, noone doupts that. I have been wery happy with my Mediator. But your driver-policy really sucks !!! :P I understand you try to protect your business, but adding code like that in your drivers is NOT acceptable!! That's criminal :P I was thinking about buying that Mediator with 6 PCI-slots aomeday, but now I'm not sure anymore :P
I think it's time for Elbox to change their driver policy. they should place an publick apology, remove ALL dangerous code from all of their drivers. AND it's about time to open driver-development for 3rd party developers. That's least you can do now.
Offensive Elbox driver and consequences for Poseidon : Comment 10 of 159ANN.lu
Posted by Johan Rönnblom on 14-Nov-2002 14:35 GMT
Hmm, just a thought. I could think of a valid reason to have "RDSK" in
a USB driver: To allow booting from a USB device.
I don't know if the usb.device can handle this (probably not) but I
think that this still needs some more investigation before we can be
100% sure that the accusations are true.
However, it seems extremely suspicious that Elbox have not countered
the claims yet. It's not hard to write a post denying that they have
such code as is being mentioned. So for the moment, I think Chris
Hodges definitely did the right thing. The most probable explanation
seems to be that the usb.device indeed does contain malicious code.
Offensive Elbox driver and consequences for Poseidon : Comment 11 of 159ANN.lu
Posted by q on 14-Nov-2002 14:38 GMT
In reply to Comment 6 (quenthal):
Hmm... is the Prometheus the only PCI-solution with Linux support, as it seems?
Maybe I should buy Prometheus... there wouldn't be any doubt about this, if there were more drivers for Prometheus. It seems that they are in much better connection with Hyperion and Picasso96 team... Support for it must be in better shape from official producers then..?
Offensive Elbox driver and consequences for Poseidon : Comment 12 of 159ANN.lu
Posted by Chris Hodges on 14-Nov-2002 14:40 GMT
In reply to Comment 10 (Johan Rönnblom):
> Hmm, just a thought. I could think of a valid reason to have "RDSK" in
> a USB driver: To allow booting from a USB device.
Nope, this is a different layer. The usb.device just contains the lowlevel
driver. MassStorage.class allows booting of RDB (and therefore contains
a "RDSK" string).
Offensive Elbox driver and consequences for Poseidon : Comment 13 of 159ANN.lu
Posted by kriz on 14-Nov-2002 14:49 GMT
this is sooo stupid ya ...
Offensive Elbox driver and consequences for Poseidon : Comment 14 of 159ANN.lu
Posted by Joe "Floid" Kanowitz on 14-Nov-2002 15:12 GMT
I have to state the obvious, with applause from the peanut gallery: very upstanding of you, Chris.
It's sad to see Elbox shoot themselves in the foot again, when they had a product that could easily compete with Belkin/etc, and recoup the costs of their Amiga development time that way... but so it goes.
Offensive Elbox driver and consequences for Poseidon : Comment 15 of 159ANN.lu
Posted by Roj on 14-Nov-2002 15:18 GMT
I have cash in hand waiting to purchase a SharkPPC, Mediator, SpiderUSB...
the works, when OS4 is ready.
But, Elbox, you need to explain this if you want my money.
Offensive Elbox driver and consequences for Poseidon : Comment 16 of 159ANN.lu
Posted by Lasse Bodilsen on 14-Nov-2002 15:34 GMT
Bummer, it seems i have to admit being wrong :-)
I would like to issue a puplic apology to anyone who felt offended by me giving Elbox the benefit of the doubt. I was clearly wrong (according to chris). and can only excuse myself by saing that i couldnt believe this to be true.
And to Chris, thank you for standing out as a credible and trusted member og this community, and confirm these accusations once and for all.
Now flame away at Elbox all you want.
Offensive Elbox driver and consequences for Poseidon : Comment 17 of 159ANN.lu
Posted by Incred on 14-Nov-2002 15:42 GMT
OK,
Someone needs to stand up for Elbox here. I, for one, AM GLAD, they have included the protective code in the usb.device. If cheap pc clone pci cards could be hacked for use with the mediator pci busboard then my investment in spider pci would be ruined, and the company chiefly responsible for innovation on the amiga in recent years, and for keeping just that many more dealers from going out of business, would be ruined as well.
And besides I want my RDB to be deleted. If my hard drive were to be destroyed that would be justification for buying a new one, which would only be much bigger and even faster.
hehehehe, ok I know this whole post is lame, I'll stop now.....I really elbox, you're back to being on your own again.
Offensive Elbox driver and consequences for Poseidon : Comment 18 of 159ANN.lu
Posted by Rat on 14-Nov-2002 16:05 GMT
@Chris,
I am a MEDIATOR user for two years. I have had a SPIDER and a registered POSEIDON for over one month. I have never had any problems with Elbox software. I am satisfied with their products very much. I have read both your and their statements. It seems to me that what you are doing here making people afraid of Elbox software has nothing to do with fair play behaviour. Elbox wrote very clearly in their statement:
'Rumour: The usb.device driver has some procedures, which may damage hdd RDB if any external program accidentally damages the driver code.
'Answer: No. Elbox pays much attention to protect its drivers against any improper operation in case of accidental damage to their code by any external events. To ensure this, Elbox drivers are
encrypted. When run, they automatically decrypt themselves and verify internal checksums to guarantee the maximum security of operation. This is the best way to prevent program crash if, due to any reason, the code is damaged when read from the media.
Obviously, even such protection measures cannot protect the program against a hacking attack, that is against a program, which purposefully modifies the code to make some part of it operate in a way different from the original intention. No software available for Amiga computers, including Amiga operating systems, can be 100% protected against such hacking attacks.'
And I believe them, not you.
I have been reading all those attacks at Elbox for the last couple of days. In 99% they are instilled by people who do not have Elbox products, like you.
I was wondering what is going on here. After your post I am beginning to understand that you want to find an excuse to drop your agreement with Elbox. The reason may be that your friend, producer of other USBs, cannot agree with the fact that Elbox Spider is far above all those Highways and Subways and all those never-released USB drivers for other PCIs.
Make up your mind. Think for a while what you are doing. The ultimate result is that you are acting against us, end users. What a shame.
Offensive Elbox driver and consequences for Poseidon : Comment 19 of 159ANN.lu
Posted by Peter Gordon on 14-Nov-2002 16:11 GMT
In reply to Comment 18 (Rat):
I am a mediator user, I love Elboxes hardware, it is brilliant. But Chris is a good enough programmer to ascertain whether or not the code is in the usb.device, and right now I really think its looking bad for Elbox. Tonight I am going to attempt to see if it is in pci.library (not by decrypting the library, merely by analysing RAM).
If I find RDB trashing code in there, I am never buying another Elbox product, period. I will keep my A4000, but the AmigaONE will be the machine I will get and upgrade.
Offensive Elbox driver and consequences for Poseidon : Comment 20 of 159ANN.lu
Posted by Anonymous on 14-Nov-2002 16:11 GMT
In reply to Comment 18 (Rat):
@Rat
http://isuq.selfhost.com/ - 'nuff said.
Offensive Elbox driver and consequences for Poseidon : Comment 21 of 159ANN.lu
Posted by Anonymous on 14-Nov-2002 16:17 GMT
In reply to Comment 18 (Rat):
Elbox is talking about running the usb.device. they don't say anything about it what will happen if something trashes the device while it is already in memory.
Offensive Elbox driver and consequences for Poseidon : Comment 22 of 159ANN.lu
Posted by q on 14-Nov-2002 16:19 GMT
In reply to Comment 19 (Peter Gordon):
I have to completely agree... However, I might forgive them if this issue is discussed in a civilized manner publicly by Elbox and community.
Offensive Elbox driver and consequences for Poseidon : Comment 23 of 159ANN.lu
Posted by Sam Thomas on 14-Nov-2002 16:19 GMT
In reply to Comment 19 (Peter Gordon):
Hiya Tickly and others on this forum thingy.
I have got to say that I also shocked by all of this going on and tbh it has quite put me off expanding my current amiga system any further than it already is.
I am part way through rejigging the entire amiga-mediator site and at this present moment I am unsure as to if I will even biother continue developing it.
One the one hand, like many have said Elbox have produced and sold some great hardware for us Amiga users over the years and have released solid stable drivers.
On the other hand though, Elbox have always had the 'closed' off from the community trying to keep all that they code secret which always arrouses people suspicion.
What am I saying this post? I dont have a clue to be honest with you but I know that IF I had a Spider USB card I would refrain from using it until all of this 'mess' has been sorted out and in the open.
I guess that would mean a solid reply as Chris wants from Elbox. This morning all seemed so much brighter with the statement from Elbox and the new driver.
Now I am unsure and await to see what unfolds I guess (like many of us).
Cheerio
Sam Thomas
www.amiga-mediator.co.uk - Mediator ML moderator
Offensive Elbox driver and consequences for Poseidon : Comment 24 of 159ANN.lu
Posted by ikez on 14-Nov-2002 16:26 GMT
In reply to Comment 18 (Rat):
Er
I think that you don't understand the situation. That's fine if you are happy with Elbox
product and that's fine if they builds good product. The probs, here is they DELIBERALY
made an ILLEGAL countermeasure against ppl who aren't registered. Imagine an antivirus
companies who builtin a virus against nonregistered users (destroying all data).
They have right to protect their product but not on these way, legally speaking.
That's just not acceptable.
<FLAME>
imagine P96, er with elbox product, BANG no more RDB, sooooorry ... "elbox product
detected" nonregistered.
</FLAME>
Hope Elbox understand that GOOd Public relation is needed now.
Ikez
Offensive Elbox driver and consequences for Poseidon : Comment 25 of 159ANN.lu
Posted by q on 14-Nov-2002 16:26 GMT
In reply to Comment 23 (Sam Thomas):
>What am I saying this post? I dont have a clue to be honest with you but I >know that IF I had a Spider USB card I would refrain from using it until all >of this 'mess' has been sorted out and in the open.
What you think about this same code being in pci.library then?
I truly hope you could keep up your fantastic site, but I'm on your side, if Elbox doesn't clarify these issues properly. Then stronger statements against Elbox's attitude are required, and your opinion has then a strong part of it.
Offensive Elbox driver and consequences for Poseidon : Comment 26 of 159ANN.lu
Posted by Anonymous on 14-Nov-2002 16:34 GMT
I think someone should check to see the code surrounding the RDSK string is the same as posted. Basing judgment on the the presence of "RDSK" is a bit thin. It is NOT illegal to disassemble it to look at, provided you do not copy it into your own stuff, post it somewhere, etc.
If the code can be confirmed to be there, it should not take a genius to use a hex editor to modify the RDSK string and/or surrounding code to disable the "feature". (Note it would be illegal to distribute such a patched version!)
This doesn't detract from the fact the code was present, but would make existing users of usb.device (and now pci.device allegedly) a bit safer.
Offensive Elbox driver and consequences for Poseidon : Comment 27 of 159ANN.lu
Posted by rawveeda on 14-Nov-2002 16:35 GMT
Check out the Elbox website. The news section deals with the driver issues.
Offensive Elbox driver and consequences for Poseidon : Comment 28 of 159ANN.lu
Posted by Anders Kjeldsen on 14-Nov-2002 16:39 GMT
In reply to Comment 27 (rawveeda):
Well, they've probably removed it by now :)
Offensive Elbox driver and consequences for Poseidon : Comment 29 of 159ANN.lu
Posted by Anonymous on 14-Nov-2002 16:39 GMT
In reply to Comment 26 (Anonymous):
One easy way to protect your harddisk is to use MCP's format protection, that SHOULD help until Elbox removes that code from drivers.
Offensive Elbox driver and consequences for Poseidon : Comment 30 of 159ANN.lu
Posted by Bladerunner on 14-Nov-2002 16:40 GMT
In reply to Comment 18 (Rat):
Have you read the posting which chris made? He said that he has more registrations for
poseidon+spider than subway. So from the financial point he cut his own incoming down.
And i have an Elbox Product, ok, it`s just a mroocheck, but nevertheless, Elbox themselve
prevented me to buy further Products from them (But i was extremely interested in Elbox PCI for my A4k when i saw it first)
You will konw why? simple they have obviously broken the P96 license, they call everyone who post critical statements
a liar or something similar (ask Fabio Trotta for example, he get bad post from Elbox when he made a Test whith the Prometheus
Card and had really good result. Or Michael Boehmer who has cited an Elbox employee... first they called him a liar, and that no one has ever spoken to him. Than
they had to admit that this elbox guy actually has spoken to him, simply because there are to much photos from that Event in Austria.
And maybe you remeber the stress with Hyperion, because they don`t want to pay for a w3d license?
There where soooo many bad behaviour from Elbox that i would never never trust them again! Never!
Offensive Elbox driver and consequences for Poseidon : Comment 31 of 159ANN.lu
Posted by Anonymous on 14-Nov-2002 16:47 GMT
In reply to Comment 26 (Anonymous):
> If the code can be confirmed to be there, it should not take a genius to
> use a hex editor to modify the RDSK string and/or surrounding code to
> disable the "feature".
Not that easy. The code is encrypted on disk, so you can't use hexeditor to poke it. Even if you managed that, you'd still need to correct the checksum, too.
It's sure possible to disable this check, but you need to break the whole protection for that.
Offensive Elbox driver and consequences for Poseidon : Comment 32 of 159ANN.lu
Posted by FYI on 14-Nov-2002 16:56 GMT
-------- Original Message --------
Subject: Elbox dispels rumours about usb.device
Date: Thu, 13 Nov 2002 21:38:51 +0100
From: ELBOX <press@e...>
Organization: ELBOX COMPUTER
ELBOX COMPUTER
http://www.elbox.com
Krakow, 13 November 2002
Elbox dispels rumours about usb.device
For long years, our company has been making efforts to make users of our
hardware proud that they receive the best software support. This support is
also the most dynamically expanded in the Amiga market.
Some persons/companies do not like this situation, as they would like to
compete with Elbox. They know they cannot, though: they have no knowledge or
employees to work with or determination to provide on-going support for their
products. However, we continue receiving signals from various sources on
attempts at disassembling and hacking our drivers for the purpose of stealing
the results of our efforts and work.
In recent days the Amiga community witnessed rumours related to our latest
product: the Spider USB 2.0 card. In order to clarify this we feel obliged to
respond officially to them.
Rumour: Using the Elbox usb.device with an USB PCI card other than Spider USB
2.0 High-Speed may lead to trashing the disk RDB.
Answer: Not true.
If anyone is trying to run the Elbox usb.device with any USB PCI card other
than Spider USB 2.0 (for which this driver is dedicated), the only result is
that the driver does not work with this card and a requester window appears on
the screen: 'No Spider USB 2.0 card found.'
Rumour: Whoever has a Mediator may modify Spider drivers so that they support
USB PCI cards from other parties.
Answer: No.
The Elbox usb.device is software protected by international copyright law. Only
owners of the Spider card are licensed to use these drivers (the drivers are
bundled with the cards). The only legal way to acquire the usb.device drivers
is to buy the original Spider package. The software is always licensed for a
specific person and only that person. The licence for using the driver does not
give any right to modify the code (which is property of Elbox).
Rumour: The usb.device driver has some procedures, which may damage hdd RDB if
any external program accidentally damages the driver code.
Answer: No.
Elbox pays much attention to protect its drivers against any improper operation
in case of accidental damage to their code by any external events. To ensure
this, Elbox drivers are encrypted. When run, they automatically decrypt
themselves and verify internal checksums to guarantee the maximum security of
operation. This is the best way to prevent program crash if, due to any reason,
the code is damaged when read from the media.
Obviously, even such protection measures cannot protect the program against a
hacking attack, that is against a program, which purposefully modifies the code
to make some part of it operate in a way different from the original intention.
No software available for Amiga computers, including Amiga operating systems,
can be 100% protected against such hacking attacks.
We hope that what we have stated here explains away all the doubts for good. As
always, we stand with full guarantee for our software and our registered users
have no reasons to worry. We develop and distribute software, which is
reliable, efficient and innovative.
Mariusz Wloczysiak
ELBOX COMPUTER, Press Department
Offensive Elbox driver and consequences for Poseidon : Comment 33 of 159ANN.lu
Posted by Lizard on 14-Nov-2002 17:00 GMT
In reply to Comment 32 (FYI):
That was posted YESTERDAY, although Chris' findings where published today.
And given elbox' track record with p96 and other stuff, I tend to believe Chris more.
btw, it's funny how Elbox released a new usb driver to protect against some hacker tool, but in fact they hacked (reverse engineered) p96 drivers too.
Wanna discuss? Find me on ircnet #amiga
Lizard
Offensive Elbox driver and consequences for Poseidon : Comment 34 of 159ANN.lu
Posted by Zxc on 14-Nov-2002 17:02 GMT
i'm working on decrypting the unreg poseidon stack when it's ready i will post a link to the patch in ann
Offensive Elbox driver and consequences for Poseidon : Comment 35 of 159ANN.lu
Posted by Michael Böhmer on 14-Nov-2002 17:04 GMT
Hi David (2) and Rat (18),
I must disappoint you. I have nothing to do with this war going on.
Nice theory though.
This kind of mud war is not my style. I always post with my name and with my mail address displayed. Anonymous accusations are not my game (like you did).
To point this out clearly: Chris and I have discussed the PCI adaption of Poseidon long time ago, and I agreed - despite my doubts - that the Classic Amigas need a common attempt on USB (though I had the P96 crisis in mind and no good feeling about this cooperation).
I certainly have lost some people with this attempt to support common driver standards, but - who cares ? I think it was worth the common driver effort.
The decision to block the PCI driver in Poseidon has been made by Chris Hodges alone. I had no influence on this decision, even if it would be a nice conspiration theory in your eyes.
Michael Boehmer
Fa. E3B
Offensive Elbox driver and consequences for Poseidon : Comment 36 of 159ANN.lu
Posted by -D- on 14-Nov-2002 17:05 GMT
In reply to Comment 31 (Anonymous):
Too bad for Elbox. I'm curious to read what they have to say, but I will NOT SUPPORT THEM at all if this is true. I also have money set aside for the Shark and Mediator...but I will not install viruses on my Amiga! I can buy a PC anytime if I wanted that.
Offensive Elbox driver and consequences for Poseidon : Comment 37 of 159ANN.lu
Posted by brotheris on 14-Nov-2002 17:09 GMT
In reply to Comment 34 (Zxc):
And you think you'll find RDB destroying code there ? Bwhahahaha ;-))
Offensive Elbox driver and consequences for Poseidon : Comment 38 of 159ANN.lu
Posted by Iggy Drougge on 14-Nov-2002 17:16 GMT
I'd just like to say that I'm behind you, Chris Hodges. Elbox must have the worst track record of the post-Commodore Amiga industry when it comes to public relations, only comparable to DCE support.
Laughable is it, too, that they themselves have paid so little attention to licences and driver development procedures, yet feel the need to plant traps in their own drivers. It takes one to know one, doesn't it?
If their previous track record hasn't made me wary enough of Elbox, this debacle only serves to add fuel to the fire.
Offensive Elbox driver and consequences for Poseidon : Comment 39 of 159ANN.lu
Posted by MonkeyOS on 14-Nov-2002 17:26 GMT
In reply to Comment 30 (Bladerunner):
>And maybe you remeber the stress with Hyperion, because they don`t want to pay
>for a w3d license?
Yeah they couldn't bully Hyperion now could they? Too bad ALL of the respectable Amiga related companies cant be owned by a lawyer like Hyperion is.
@Elbox
You violently took the throne away from the MOS camp. You are the lowest, scummiest, sleaziest operation out there.
Hot damn did i just compliment those MOS monkeys? I guess i did.
Offensive Elbox driver and consequences for Poseidon : Comment 40 of 159ANN.lu
Posted by Fabio on 14-Nov-2002 17:32 GMT
In reply to Comment 35 (Michael Böhmer):
@ Michael Boehmer
Fa. E3B
It doesn't matter what you are saying here, it looks like only you can profit from this mess against Elbox. I do not believe your words.
Offensive Elbox driver and consequences for Poseidon : Comment 41 of 159ANN.lu
Posted by Alkis Tsapanidis on 14-Nov-2002 17:42 GMT
In reply to Comment 40 (Fabio):
Instead of poking anyone else, poke Elbox, THEY are responsible for this
situation...
Let me start on what they did so far:
Started a war against FM cause he granted an exclusive licence of the V3
driver to DCE, which would mean that they would have to pay in order to
get it...
Didn't pay the P96 team for the V3 drivers they developed by reverse engineering
and/or a pirated DDK.
They refused to pay Hyperion for the W3D driver for quite a long time.
They refuse to send Hyperion the SharkPPC specs and prototype to port
OS4 (this one led me to believe that the SharkPPC is the MAI Microserver S,
the same card DCE wanted to use, as Elbox claimed that OS4 will need no
changes to run on the SharkPPC).
They outright LIE to their users.
They attack everyone and everything that doesn't match their agenda.
They added malicious code in their drivers.
And the list goes on...
Offensive Elbox driver and consequences for Poseidon : Comment 42 of 159ANN.lu
Posted by Xeyes on 14-Nov-2002 17:45 GMT
In reply to Comment 40 (Fabio):
> It doesn't matter what you are saying here, it looks like only you can profit from this mess against Elbox. I do not believe your words.
Tough. Believe what you want, the evidense has been presented and proven, you're free to ignore it. It's crystal clear, check for yourself.
Honestly, the things you people defend. And then have the gall to acuse people who have done nothing.
Offensive Elbox driver and consequences for Poseidon : Comment 43 of 159ANN.lu
Posted by Michael Böhmer on 14-Nov-2002 17:46 GMT
In reply to Comment 40 (Fabio):
Hi Fabio,
I can understand your conclusion. It's not up to me to convince you.
Make your own opinion.
Believing the most obvious conclusion is easy, but not automatically true.
Michael Boehmer
Offensive Elbox driver and consequences for Poseidon : Comment 44 of 159ANN.lu
Posted by Mikael Burman on 14-Nov-2002 17:47 GMT
In reply to Comment 6 (quenthal):
"...some suspicious code that get triggered if someone attempted to modify the driver to look
for the NEC USB pci subvendor ID (which is the only difference with the Spider USB card..."
"The code is also present in pci.library and might run if someone is running a decrypted/
modified library."
Who wants to run a modified pci.library???? Not me, thats for sure! I will always use the
drivers and libraries provided by Elbox, directly in my mailbox. If, however any damage is
caused even if you use Elbox drivers, then you can hold them responsible. But I doubt that
thier drivers will ever cause any problems (I havn´t had any single problem, and I have
one of those "first batch" Mediator 1200). To those who want´s to play around with the
drivers and librarys provided by Elbox, I can only say...good luck!
Mediator rocks, and you know it!
Offensive Elbox driver and consequences for Poseidon : Comment 45 of 159ANN.lu
Posted by David on 14-Nov-2002 17:56 GMT
In reply to Comment 30 (Bladerunner):
> Or Michael Boehmer who has cited an Elbox employee... first they called him a liar, and that no one has ever spoken to him.
Where did they write that nobody had spoken to him? Prove your words.
Offensive Elbox driver and consequences for Poseidon : Comment 46 of 159ANN.lu
Posted by Grimmtooth on 14-Nov-2002 18:04 GMT
I can think of several ways that RDSK can get into a program without being used to hack the RDB.
For example: if Elbox declared a static byte array (very likely since they're doing this encryption thing) it is possible that a random bit of memory on one of thier machines made it into the executable as 'trash'. However, a lot of things have to happen for this to be the case. A LOT. They almost have to do it deliberately.
Another way is if they declare an array of bytes without zeroing (clearing) it. This is fairly unlikely to happen *every* time though.
There are others but the upshot is that the presence of RDSK in a file is not a reliable means of detecting trashing code.
So we have this decrypter at http://isuq.selfhost.com/ .... problem is that I am working from a PC (LAME!!!) and I don't think I can unpack the code. I want to look at it because it occurs to me that it would be VERY easy to create a bit of hysteria with manufactured 'results' from a progam that decrypts the device -- 'trust me.'
What I'd like to see is the source of the decryption program, then the results of that program after it was compiled on a third-party machine.
Well, in general I would have liked to see a lot more peer-review and alternative test cases. Ah well.
Offensive Elbox driver and consequences for Poseidon : Comment 47 of 159ANN.lu
Posted by Peter Gordon on 14-Nov-2002 18:21 GMT
In reply to Comment 19 (Peter Gordon):
Well, I have just examined the RAM of this A4000, and within pci.library memory space, I searched for RDSK, and there it was.
I loaded up Barfly Debugger, went to that address, and lo and behold there is RDB trashing code, identical to that already posted before, in the RAM of my computer.
Elbox, I am so disappointed in you :(
Offensive Elbox driver and consequences for Poseidon : Comment 48 of 159ANN.lu
Posted by [JC] on 14-Nov-2002 18:23 GMT
In reply to Comment 46 (Grimmtooth):
> So we have this decrypter at http://isuq.selfhost.com/ .... problem
> is that I am working from a PC (LAME!!!) and I don't think I can
> unpack the code
I'll ignore the obvious troll. It won't work on anything but an Amiga because it calls the AmigaDOS function LoadSeg(). It could easily be altered to "LoadSeg" manually using the standard ANSI file IO functions however.
The source code is in C, and doesn't add anything to the driver code at all. I think many fellow programmers will confirm this also.
Offensive Elbox driver and consequences for Poseidon : Comment 49 of 159ANN.lu
Posted by Trizt on 14-Nov-2002 18:38 GMT
In reply to Comment 18 (Rat):
It would be all okey, if the code didn't have the possibility to harm other parts, it's really bad ethics by Elbox to even think of including anthing like this, and now they have done more than just thought about it.
You could compare this with a care manufactor would install a carbomb in your car, and if you happen to change your tires to another brand, then bomb would explode next time you drive it.
I can tell you that Elbox and everyone else software coder don't take any resposibility for what happens when you run their program, which tells you just that you can't be sure that there aren't any nasty bugs in their software and in this case a such code could be ruing your RDB and you will loose a lot of data.
Offensive Elbox driver and consequences for Poseidon : Comment 50 of 159ANN.lu
Posted by Olivier on 14-Nov-2002 18:46 GMT
@Chris
From your words I see that your statement is based on your reserch in the illegaly obtained old version of the spider driver.
Chris, you wrote that elbox did not offer you the driver. What does it mean? Did you ask them and they refused? Or you did not ask Elbox at all?
I wonder how you can make such a statement on the basis of some letters in a code sent to you by someone else. It is very unprofessional.
My opinion is you should first ask Elbox to send you their original driver. All your statement does not prove your good intentions.
Anonymous, there are 159 items in your selection [1 - 50] [51 - 100] [101 - 150] [151 - 159]
Back to Top