The Hacktivist, Award Winning Short Film Documentary

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

you can hack the Xbox and that you can change that green light to a blue light and you can actually start to add in your own quote today I'm going to be showing you all how to change the colors on your Xbox we're going to change it so it's blue LED mod inside my Xbox got these energies changed on the front of this Xbox funny was in many ways opening the door to technological access and information which I think is really phenomenal [Music] Andrew my name is John Thomason with the Microsoft Xbox group like to chat with you a little bit concerning the ROM image you have up on your website we'd certainly like to have you remove that if you could if you have any questions please call me at area code that wrong image from the Chrome is in the Xbox One or something we really wouldn't like to have you see on your website so if you could either please give me a call also feel free to send me email my email name is at xbox.com and uh feel free to let me know when you've gotten that successfully removed I'd appreciate it thank you very much it's about 7 45 of your time what day is today it's MSB Tuesday the 20th November thanks [Music] [Laughter] [Music] we're unveiling the Xbox the new Xbox Xbox it is truly the future of video games so when bunny hacked the Xbox there was a lot of fear around this individual who ended up hacking a gaming Council so the media really LED with oh this hacker watch out things to be worried about here are the risks but really for individuals who use the Xbox this was exciting bunny essentially reverse engineered the Xbox providing code also allowing individuals to source code and then when he ended up writing hacking the Xbox giving a step-by-step tutorial of how to do it which obviously was a big No-No most companies many companies do not like they take a proprietary sort of attitude towards their technology they don't want to encourage folks to take it apart and figure out how it works because they maybe might be afraid that someone could build a competing device or another device that's compatible with it and in some way a factor interfere with their Vision or expectation of how you know the market for their product goes a hacker is someone who uses their technical knowledge to either overcome an obstacle or achieve a goal and there are various types of hackers we have black hats and black hats have malicious intent usually to exploit other individuals or systems we have white hats white hats are ethical hackers they have authority to gain unauthorized access to a system we have gray hats gray hats are neither good nor bad but they will use unauthorized attempts to penetrate systems however gray hats do not normally cause harm [Music] in 2001 I was still a graduate student at MIT as a graduate student is the first time I got to ask questions like why am I doing the things I do what's the reason for doing it that was the challenge my advisor put in front of me was it was to think that way I spent a lot of time just uh kind of searching you know for myself uh searching for things to do meeting people got a girlfriend you know going to Raves and parties a lot of these things I had really hadn't really touched before because I was just so focused in academics so as part of my thesis work I was an interested in computer architecture and my advisor was like the most amazing thing is that we now have what were these big computers in these little boxes for like a hundred bucks which are video game machines and he actually bought like one of each of the latest Generation video game console for our research group and but you bought them with no games right the point was that we were supposed to get these devices and understand how they worked and so having obviously I was like that's great I'll start taking stuff apart in in figuring out how these things worked and I was like oh to PC right and so it was just I didn't even really think about it I had all the tools I just pulled off the chip dumped it didn't even really look at it much because I was like whatever it's fine you know YOLO and then like stuck it back on the board so I could boot again confirmed a boot and went to the movies yeah I remember it was just like I think I was leaving movie theater or something with my friends and there's a voicemail on my phone I was like the heck is this and then I was like Microsoft like why why how did they get my number why are they calling me like what's going on right and so then I was like then I'll just put the voicemail online too along with the ROMs right and so I can explain to people what's going on and people would see what's what's happening right like to chat with you a little bit concerning the realm image you have up on your website certainly like to have you remove that if you could obviously Microsoft had just launched this high powered console and they had this business model built around it and part of it was getting people to buy games obviously they had done their own analysis and thought it was very secure and didn't assume someone would have done what I did and then when they found out they did something it broke part of their security assumption and so they they you know they're always polite and professional about it but they you know like you know by the way be nice if maybe you didn't post these things online I was like oh I was just doing the instinctive thing to me which was sharing my findings so that other people in the community could participate and help and discover so reverse engineering is really looking from the outside in to understand how an application a system or a device works [Music] so huh classic Xbox [Music] exceptually long screws [Music] there you go so you can see from the inside when you look at it you start with you know a regular normal hard drive and a regular normal DVD drive it's just a standard off-the-shelf hard drive no customization nothing special going on there and these guys just were in a hurry to get this thing out the door I mean it's basically a standard DVD drive with like you know an Xbox logo in the front oh this is interesting okay yeah okay uh the shop that opened this was definitely not a Microsoft shop on the inside right here this see this board here it's a different color green than the board behind it this board was not installed by Microsoft so there's a lot of already similarities you can see going on here the way it works is that this is where the the CPU is where all the computation happens the graphics processing uh these are the memory chips that would be used to store like you know intermediate data whatever it is this is the um sort of Southbridge chip which had all of the sort of smaller peripheral um functions in it and this is a very classic divide uh PCS in that era so when did that happening is I pulled out this boot code out of the ROM that's when I got the call from Microsoft right but the thing is this code was encrypted and also had uh some fake records on the inside that made you think it did one thing but it actually didn't do that thing and nothing else worked if you tried to follow that out and so people are like okay obviously there must be something else going on so either there's something inside this chip or maybe the CPU itself or maybe the Southbridge chip and then I made a circuit board that had traces that line right up to the to the wires underneath and tapped off those wires and then basically put them to a fancy recording device and so all I did was I just did a simple Window search and and then look at one comes out and if it was just white noise and I knew it was wrong I'd move by one more bite and then try from that window move move move move and then finally I got one hit where the statistics were no longer white noise and sure enough that was that was the alignment that was the key and then you know essentially we had the real code inside the ROM during the discussion we had earlier about like why Microsoft might encrypt the ROM and do these types of things it's this is the this is the the scenario the nightmare scenario they're worried about where they were like you know oh people would go ahead and mod the box and then play copy games on it or something like this as opposed to I'm going to mod the box and turn it into a PC and write you know term papers on it or something like this when bunny discovered that he could figure out how to hack the Xbox he went to one of the faculty members at MIT Hal Ableton so when he realized that there was a problem for bunny he reached out to efl and we didn't see that that was any problem but we knew that it could be because of the various federal laws such as the dmca that can make it very very challenging legally to even reverse engineer advice our goals were to allow to make sure that bunny would not get in trouble for the research that he did wasn't trying to scam anybody who wasn't trying to to cause harm in any sort of way it was good old academic research I remember after after that caller that was explained to me I was like you know what I'm a grad student I've got a crappy Toyota Corolla and 50 bucks in the bank they can you can shoot me in the head a billion times only the first bullet hurts and so and so I was like let's just go at it let's let's like like let's go public I mean of course with discussions of the lawyers I was like you know I think what we should do is not try to hide from the fact that he did it just tell her as it was we're a research project I wrote a paper and so you know I also wrote like a like you know an actual report on it and submit it to a conference all that sort of stuff right I shared the findings and it turned out that strategy basically worked only later on I found out around that time people inside Microsoft were like wait what if we just actually listened to these guys who find vulnerabilities we could learn something and so uh the response to my project was actually partially driven by some people internally who like we shouldn't throw the book at the guy like let's encourage the findings to come out and share with us so we can improve the future generations and so Microsoft even invited me on site to meet with their Chief Architect and talk about security for the Next Generation box you know my entire life I had been taking these things apart and just doing what I did like I don't understand how this even could be illegal [Music] really he he was not a very serious kid but when we decided he was gonna do something he doesn't easily give up she is into everything Andrew played around and he was the first violinist in the junior Symphony in Kalamazoo he just have all these things going on at one time and sometimes you know he was into his electronics and he gravitated toward all this uh uh uh he took it apart and he saw the things of being plugged in and he was just just amazed that these things can make a computer do whatever it does uh when I was a little kid I didn't know what was inside the computers but I'd be like wow like it's just there's so many things to look at so many bright colors like this bright green board with like the erasing color Stripes around the resistors and the capacitors had different colors and even like you know as young I would like put the chip in my mouth to see what tasted like you know because just you didn't your kitty and you didn't know the thing that probably triggered it all was the was when my dad got the Apple II computer and he and he got it I mean I didn't know this at the time but he got a pirate clone of one came as a blank circuit board and he had to put the chips on it himself that was my introduction to sort of how computers came together then my dad turned on the computer like it plays video games and the first thing my dad wanted me to do was he was like instead of playing video games write a simple program and then you can play video games he did a lot to serve instill in me the idea that it wasn't just you know a consumer electronics thing it was actually a computer which is useful for you know all kinds of other activities and you took that apart as well yeah I took apart everything good yeah no the uh evo2 was taken apart and not working anymore I was quite a bit angry at that moment too yeah he was livid and and then Andrew was was scared of course he tried to put it back but there's no way he could put it back he says I'm sorry but I was just curious you can't blame the kids for being curious so what's the big thing about taking the Xbox apart it's his Xbox he paid for it we weren't worried we just thought we just knew that he must have done something quite uh serious in the other two stir out this much commotion and you know and everything great in good hands he's in MIT and they were they're supporting him no he's he's okay he's not breaking the law he's a good kid yeah [Music] so when I was uh working at chumby a startup that did consumer electronics we were trying to figure out the manufacturing ecosystem and of course the ground zero of that is Shenzhen at the end of the day however I had also spent enough time in China that I knew I didn't want to live with me Singapore had the best support for someone who spoke language like me like I speak English primarily you can tell from my accent and also it had a good distance from China so Singapore worked out and then also there are a lot of other things I learned about along the way after sort of the structural benefits around language and travel was like you know I have gigabit fiber to my house it's amazing two gigabit fiber lines food is cheap right you know I love the hawker stalls yeah that's my my place big mess um welcome so I'm gonna look around uh this is my our server rack over here they serve some of our public web pages and they also do stuff like continuous integration you can see like some of our products here that are accessible for testing uh remotely this is my work area uh it looks like a bit of a mess but you know for me it's actually organized according to what technical people call a hash algorithm so the idea is that you know if I close my eyes and I were to think of something and put my hand on it it should be the thing that I thought it was but it's it's actually for me it's like what you know instant access right uh we have some plants we do some Hydroponics we do some potted plants some herbs and stuff and this is actually the desk where Sean said so it used to sit um before kovid we work on projects together you know basically when we have things that need to collaborate we collaborate right [Music] first impression of bunny I think I I first heard about him from the chumby days he seemed like a cool guy like the kind of everyday uh guy you'd hang out with and get a beer with in general uh bunny has been the person who designs the hardware and I have been the person who designs software and uh with this precursor project uh bunny designed the hardware and I designed the core operating system and gave bunny the tools that he needed to design the rest of the operating systems that run on top of this Hardware [Music] so this guy here is an iPhone 6. and I did a lot of iPhone 6 taking it apart because I did a project with um Ed Snowden he has a lot of operational concerns that owns in terms of like making sure phones are secure but he also works with a lot of reporters who and journalists who are um sort of existential threats to like State actors right and it's known that they will go after those reporters by bugging their phone phones themselves in addition to being these amazing devices are perfect tracking devices like microphones recording devices transmitting devices so it's it's the perfect tracking device and so uh the question was how do we keep reporters safe who have put themselves In Harm's Way this one's pretty easy to come apart there was a journalist that we know was targeted I'm going to screw up the details because I don't remember that it was she was operating the Middle East and um they were using I think they're using actually a SAT phone to transmit a story and they used the transmission from the sap phone to triangulate the artillery towards her and while they were transmitting the story they like shot her position out right at which point she was she was dead right like at the time when we're working this is a little more theoretical because the best example we saw example we had was this link and so there are a lot of people are like oh no one ever actually does this you guys are just crazy right now there's actually reports from citizen lab about malware like the Pegasus malware from NSL group where they have like you can see names of multiple journalists who are targeted by state level actors phones that were infected with the stuff so what we wanted to do was um we wanted to modify actually this is iPhone 6 this very model of phone we want to modify it so that we could know when the antenna were actually transmitting we would open up the phone and it turns out that underneath the SIM card here there's a whole bunch of diagnostic probes we were able to use those and build our own probe that would go on the phone during run time then we built a replica of the SIM card on the thing so you wouldn't lose a SIM card ability right and we had access to all the signals on the inside and then we would monitor those signals while the phone is running to see like from those signals we could tell uh which band of radio is being selected was Wi-Fi transmitting was GPS being turned on like all these from this particular signal bus we could tell all these things and so we built our own trusted piece of Hardware we understood everything on the inside to to read the signals and tell us when they were being turned on or turned off [Music] what are you looking on now like right now literally at this very moment yeah uh I am actually trying to uh implement the secure boot for uh precursor my secure phone and uh was just trying to figure out um how to get all the code to fit inside the internal boot ROM here's one of the prototypes right here is designed to be sort of trustable you know everything that's in the inside I actually designed everything in the phone uh from scratch so the case the circuit boards the screen on the inside everything is designed here actually and the idea is that every part of the design is also open source so that people can see what's inside of it they can understand all the parts of it so like the schematics and whatnot they're all published on the on the internet and so if you receive the device yourself you can have a reason to trust that it's built correctly because the problem today is that you get you know all these crazy devices that you have no idea what's on the inside of them uh and you don't know if it's real or if it's fake or if there's something malicious on the inside or not to be able to declare something as malicious or not oftentimes it's a matter of opinion so our our sort of AD tracking stuff is that malicious or is it benign right most people consider it benign but if you consider some of things that can be done with your data if it falls in the wrong hands it could also be malicious as well I've always wanted to build my own personal Communications device and and um I've always wanted to write an operating system and it's kind of an excuse for us to actually do that and also bring some good to the World by making something that is auditable that even if you don't trust us it's built to be reverse engineered so you can take it apart yourself and see that we're not saying anything nefarious in everything we're saying is what we promise hey hey what's up good morning how's it going how you been entirely too early yes yeah surprised anyways normally you're the one who's waiting for me [Music] chilling I haven't actually seen the um you have the latest build yeah this is uh that's the latest build huh I realized that we do have a fairly different way of understanding things than most people um I actually just had this conversation with him yesterday we were talking about a programming language and I find that I can explain Concepts in this programming language better by telling him what is actually going on in the hood so drilling down and understanding from the bottom up first principles how does a particular device or widget or concept actually function so by understanding first principles we get a better understanding of the toolset that we have and it gives us more power to mold that toolset into what it is we actually want to do I enjoy working with him he's smart and there's always like it's a good Synergy like from us just talking about you know he'll be even if he's not working on a project that I'm involved in he'll come by and ask questions I learned things from him as he asks questions the same thing will come to my desk what are you working on that that kind of interaction that sort of just um sort of Osmosis of knowledge so like if you would damage this one then it might be better to just leave it and not take it off if I I can completely destroy this though yeah okay then I'll then I'll do it with the um just I'm curious how you do that without ripping the pads off uh gently bunny is very much a gray hat who has a hacktivis heart he is looking to change the world and sometimes you have to do that without authorized access a friend of mine told me a saying once that you'd only know the true color of a glaze once you put it through the fire right and so up until that point I was pretty much just a green piece of clay and after that my true colors came out and I knew that I deeply care about technology and I deeply cared that people had access to technology right the whole idea that you know yeah this is this is a box of game console but it's also a PC and I paid for it and it's in my house it should not be illegal for me to do things within the you know confines of my own place with something I've lawfully Acquired and I and I am in physical possession of right it really forced me to think through all these issues and I was like you know I think actually this law is wrong like in my head I was like there are so many problems with the way this was written the way it's done and and frankly I had you know I hadn't changed the law had changed my practice is predated this law and the dmca is a is a beguilingly simple statute uh it's just a few words long and it basically says it is unlawful for you to decrypt a copyrighted work without the the permission of the owner so this is the whole thing like I just want to like you know hack my video game console so I can use it as a PC just removing the lock on the video game console to turn into a PC is still a crime even though you didn't copy any games the mere act of removing that lock became Criminal according to the statute I think that there needs to be a bit of both access for the individual to have the right to repair their systems or their Machinery as well as a check and balance with the corporation that has created that device or that system and I'll give you an example so if you have farmers who are so dependent on farm machinery and something breaks they need to be able to go in and fix it without having to be dependent on the company that they bought that Machinery from because in many ways it's exploitation and they know that they can get more dollars through having exclusive ownership around the right to repair so what we need to do is one we need to have a conversation around what are those boundaries so it really begins with this first conversation another thing that corporations really need to identify are the ways in which hacking can create business value so in many ways hackers even if they're not associated with the organization through open Innovation can help to identify new business models that the organization might not have identified otherwise new features new applications as well as whole new products that they can build upon in the future and Singapore continues to gradually reopen its economy the use of a contact tracing app or token traced together Trace together Trace together that exchanges Bluetooth signals with people nearby to identify close contacts of patients but there have been some drawbacks privacy is a concern Grove Texas so that there are two tracking systems in Singapore for the covid-19 pandemic one of which is called safe entry and one of which is called Trace together okay why did gov Tech invite us to the tear down it's because um this sort of technology is scary first off it's asking people to be tracked and then it's asking people to track themselves and it's gov text saying trust us this is for your own good we won't misuse this data and so they wanted experts to come and verify what it ended up being was four of us from the community me Bunny and two people who deal with one of the local open source conferences here we got a chance to see this actual model of device reverse engineer the hardware understand how it worked and essentially give our stamp of approval saying that yes there is nothing nefarious in here this is exactly what they say it is because if you reverse engineer something you understand how it works irrespectable of what they say bunny and I when we did this we did it under the premise under the pretense that we would never sign in NDA the fact that we've never taken any money from the fact that we've never signed an NDA I mean really we're free to say whatever we want and we would be able to tell people if this had anything nefarious in it if this had some sort of underhanded back door so it's beneficial because the hackers are kind of impartial third-party Auditors who are able to verify that the government or the corporation is who they say they are foreign of a hacker is that you see past the labels you understand the principles and the mechanisms behind it and you're no longer constrained by labels that also makes you dangerous and scary to people because you're doing unexpected things things all have labels on oh how did you do that how did you get into the door well you know the door had a you know the the lock had a little back flaw in it as you just jimmied it open like that's so scary you can do that I'm like yeah it's locked it's just a piece of metal and the mechanics right it's not it's if you you could do it too right like oh I would never do that right but you know if you just see a lock for what it is it's not the symbolic Act of sealing the door but just a latching a mechanism you can it's very clear that you can defeat a lock as well staring at something and you go how could this possibly be what is this weird I wonder what if it's this and you form a hypothesis and you test it and then it turns out to be true that shot of adrenaline just all of a sudden understanding what's going on how you might be able to use this as something else that shot of adrenaline is usually what drives me just understanding something I want to be known as somebody who enables people to use their Hardware in ways that they didn't know could be used before as a behavioral scientist we are just now exploring the cognitive effects that technology has on us and I will say that what I have so far and what I have seen so far is not good which is one of the reasons why we have to break this dependency I want people to be in control of their life and their Destiny I feel people should have agency there is no magic in this technology you know I want people to remember that we can understand these things um and this is a recurring theme over and over again but like the point at which you um sort of say like I'm just not going to understand this technology is too complicated you basically crossed the line into a religion right it's like it's just faith all these things we've talked about agency of Technology education and people knowing where things came from this open source aspect of things I'm I'm trying to distill it all into products that I make so I built my own laptop with with Sean and and I'm now building this device called precursor also known as be trusted and this thing sort of represents the academic High Water Bar of a of a of a you own it you completely control it you completely trust the device the number one thing is that can an individual can a human being still know technology well enough to produce their own technology have we gone past the Tipping Point where it's no longer possible for us to even know what's in our devices because it's gotten too complex I think I'm optimistic that technology will find its way into the right hands I'm also realistic that there are limits to this right and there will be problems and we have to address them we have to acknowledge that technology is dual use and and bad things and bad people can do bad things with it I prefer a semi-utopia where we have faith in the goodness of humans and we Empower them and then we sort of regulate when it goes wrong versus the semi-dystopia of uh we must make the decisions for you and protect you from yourself [Applause] [Music] foreign [Music] [Music] thank you [Music] [Laughter] foreign [Music]

Info

Channel: Singularity University

Views: 347,559

Rating: undefined out of 5

Keywords: Singularity University, Singularity Hub, Education, Science, leadership, technology, designing thinking, Peter Diamandis, SingularityHub, 3D printing, AI, artificial intelligence, AR, augmented reality, VR, virtual reality, automation, biotechnology, blockchain, computing, CRISPR, future, futurist, futurism, health, fintech, nanotechnology, robotics, The Hacktivist, Bunnie Haung, Microsoft, ja-nae duane, Andrew Huang, Daniel Kuan, Xbox, Award winning short film, technology film, hacker, hacktivist

Id: KyYsVeYzbik

Channel Id: undefined

Length: 35min 7sec (2107 seconds)

Published: Thu Sep 22 2022