| I was once on a team that had a product with some crypto features that was under attack. There was a hackers forum where daily discoveries were discussed. It was indeed exhilarating, and exactly that way you describe it: on one hand, we didn't really want the thing to be cracked, but on the other it was impossible not to be rooting for those scrappy hackers going down the wrong path at first before figuring out the right one, one step at a time. Every morning, we'd log in to that forum to check their overnight progress. Still, we were confident that our bank-strength crypto algorithm would prevail. It did not. :-) While we had done our due diligence, an external implementation partner had decided to change the audited code later in the process, which broke things completely, in the most embarrassing way. In the end, it didn't matter, and we probably sold a few more units that what we would have sold without the broken crypto. Fun times. |
It was summer 2001. The 3Com Audrey internet appliance wasn't quite canceled yet, but it wasn't thriving in the marketplace, either. I picked one up for $50 from uBid and started poking at it, blogging about my discoveries along the way. I figured out that the OTA image checksum was relatively simple to generate (something like two's-complement addition of running 32-bit integers that needed to sum to a specific constant). This enabled me to alter the next OTA image that came off the wire, which allowed me to begin replacing resources and binary components in the system.
By this point people were following the blog, occasionally linking to it on Slashdot. But then something strange happened: I started receiving anonymous emails from individuals who knew a lot about the Audrey OS's internals. They gave me hints about where the more vulnerably coded parts of the system were; they suggested hard-to-stumble-upon but valuable URLs in the Marimba OTA system; and one day when I foolishly overwrote the bootloader with a malformed image, just a couple days later a brand-new Audrey motherboard mysteriously appeared on my doorstep (at the time I didn't live very far from 3Com, and this was an age of the internet when nobody had much reason to hide their identities).
Thus, with the help of numerous knowledgeable individuals, I was able to bootstrap the Audrey modding community. The focus of the world changed soon thereafter, one Tuesday in September, but it was otherwise a similarly exhilarating experience to the one TomVDB describes. The difference was that I was the hacker, and the opposing team -- the one that had built this amazing machine (which I still have two of, by the way, both unopened) -- actually wanted me to succeed, hopefully giving the Audrey a better chance than it got during its initial, ill-fated, mid-dot-com-bust launch.