Sagacious Himself — brevity in circumlocution: never blague — suffering genius

June 20, 2020

Filed under: circumvention,privacy — Sagacious Himself @ 5:43 pm

DNS filter

platforms other than firetv





white for firetv

black amazon — because when not voice searching there is still frequent traffic — ibid
firefox on amazontv – because apparently firefox likes to run always


For my DNS filtering needs I use NextDNS and pfBlockerNG


Unfortunately the nice people who maintain Tasker no longer like money all that much as they require gapps to purchase.

Zero android device I use has gapps. the first live trump 2020 06 20 rally for freedom




February 6, 2020

brazen mozilla foundation lies: “Firefox browser collects so little data about you”

Filed under: BULLSHIT,circumvention — Sagacious Himself @ 7:54 pm

mozilla lies through firefox teeth.

Riiiiiigght.. that’s why all the telemetry “features” of privacy raping have ZERO exposed controls to the average user?

DO NOT use a firefox profile without at least the fiddley bits of user.js tweaks from GHack’s github project for user.js

mozilla foundation is a predator



user_pref(“toolkit.telemetry.coverage.opt-out”, true); // [HIDDEN PREF]
user_pref(“toolkit.coverage.opt-out”, true); // [FF64+] [HIDDEN PREF]

all your base all also belong to mozilla


Sure, sure there is a “data privacy principles” and while it’s nice to “have principles” it is another ballgame to behave righteously.


how are firefox hidden preferences compatible with mozilla data privacy principles 1 and 2


How are firefox HIDDEN PREFERENCES compatible with Mozilla Data Privacy Principles 1 & 2 ?


View at

View at

be a good maoist by surrendering yourself to guiltiness

Normandy, as in the beach landing of a war to stop out Socialism in the word.  Here, the axis powers are played by Mozilla, F-Book, and Google.


Hypocrisy masquerading as freedom fighters.

#StopPrivacyRaping #StopRape






December 25, 2016

Merry Holy Christmas: the end of third party interweb ads forever

Filed under: adblock,CIO,circumvention — Sagacious Himself @ 12:26 pm
Tags: , , ,

I have been keeping this to myself for some time.  Blocking ads.  It is a right by extension from privacy itself derived from dignity — granted by God.

  • reduce data costs
  • speed page load
  • sacrosanct privacy


problem: Sneaky platforms use wildcards or psuedo-random domains.

solution:  RegEx DNSMASQ

IP addresses

problem: seemingly innumerable

solution: netblock


The final solution: ASN

If an IP address is like a house, then ASN is like a plot of land in which neighborhoods of houses may be built.  I can eliminate ads before/as an ad platform builds out sneaky architecture.

bad guy SHORT term solution:  create one-off IP addresses outside know ASN

arms race solution:  by attrition a new ASN is identified and blocked

I win.  I win again.  More winning for everyone.


September 8, 2016

good fun with fingerprint scanner on my Note4 developer edition — removing backup password

Filed under: circumvention,Geeky goodness — Sagacious Himself @ 1:19 am

I still run 4.4.4 because all the tools I want play nicely on it; I’m not missing out on “updates” with ota crippled and #PrivacyRape removed.

Last night the phone inexplicably didn’t show fingerprint option on lock screen after sitting on about a week which is nothing unusual instead prompting for a ‘backup password’ that while I remembered it the phone did not agree I was correct.

Short version fix assumes root and adb enabled

while booted to recovery

remove from /data/system





Long version fix involves explanations, reading lists, backups.


March 10, 2014

no moral crime protecting privacy or Effecting free claims

Filed under: BULLSHIT,circumvention,DIY,interweb — Sagacious Himself @ 10:01 pm

BS revocation


there is still a better way, an elegant way, a my privacy is paramount solution [not listed here]

piracy is a moral crime.  removing license checks from duly licensed apps is not.



adblock licit extension of privacy right; do be sure to understand that privacy is a right not merely something desirable.  there is no right to contraception for example contrast.

adblocking licit extension of privacy right



lucky pacher to remove ads








February 17, 2014

GIMP circuity vs photoshop: stroking layer N pixels larger than layer

Filed under: art,circumvention,GIMP — Sagacious Himself @ 8:19 pm


  • start gimp
  • open screenshot, rename layer “target”
  • create new layer, transparent, “base”
  • move to bottom of layer stack
    • gimp advanced stroking preview layers two of them
  • select “target” layer, visibility off
  • select “base” layer
  • Image > Canvas Size
    • linked increase 80 pixels or so
    • offset: center
    • resize layers: All Visible **
    • resize
      • gimp advanced stroking canvas size layer boundary shell gaming 1
  • “target” layer, visibility on
  • create new layer, transparent, “over”
  • move “over” to top of layer stack
  • select “target” layer
  • Layer > Transparency > Alpha to Selection
    • optionally disable: View > Show Layer Boundary
    • gimp advanced stroking canvas size layer boundary shell gaming 2
  • Select > Grow > 8 pixels
  • select “over” layer
  • set foreground color to red
  • Edit > Stroke Selection >  solid 6 pixels

gimp advanced stroking canvas size layer boundary cutout to transparency and not background color

Now there’s a transparent gap between stroke and “target” layer


this has the effect of  changing “Layer Bounding Size”.  After resizing canvas need I also change Layer Bounding Size?  Why doesn’t it suffice that the top layer “over” has a larger Bounding Size (matching image size)?


January 9, 2014

ICANN to verify numbers and email address: verifiable profit for privacy advocates

ICANN creates profitability for privacy advocates

to ensure successful verification

  • ICANN [policy] will advise you of imminent [registrar] call- or email
  • ICANN [policy] will advise you of [registrar] calling number[s]- or sender’s email address


(for the slow: you’ll know which numbers and CNAM, and email address to allow, rejecting all others)

icann halfassed sought public comment in narrow window neither did registrars during 18 months of negotiation contact customers

Do remember to

  • participate in  public icann discussions
  • participate in  icann calls for comment:
    • with FOUR individual comments one might think ICANN didn’t want anyone to know about pending changes
      • do email your registrar to ask why they intentionally chose not to involve you in this hegemonic shift
    • those “great” americans at General Electric said: proxy and privacy services should be allowed only in “rare
    • General Electric “requested mandatory suspension of domain names for the willful provision of false or inaccurate Whois information.”
    • General Electric’s particular brand of fascism linked in comment review was unavailable for direct review, web server reporting 404 for:
      • fortunately I found a copy: ,
        • “Please contact” Sean Merrill, Ph 203 373 3328, fax 203 373-2181, “with any questions”
        • or Kathryn Barrett Park who penned the comments: , Ph 203-373-2655 , fax 203-373-2181
          • who notes the policy will “only serve to drive more Registered Name Holders to proxy and privacy services” therefore people must not be allowed to maintain privacy but be subjected to intense registrar scrutiny prior to domain activation
          • Kathryn wants the penalty be strengthened to mandatory domain suspension [hoping for immediate cancellation for those who mock her eremmm those who mock General Electric’s progressivism or other folly]
          • icann ocr renders her name as Kathryn Pork
            Kathryn Barrett Pork

DEMAND whois contacts to be able to use SIP URI instead of PSTN accessible values, DEMAND non-suspension if email communicant cannot  VERIFY they are a person via industry accepted Challenge Response system

Paying to receive spam/spin/calls is more imbecilic than sms texting or f*booking.

Free market enthusiasts and aspiring small business owners:

  • ICANN has unwittingly created a new market for whois data management:
    • processing whois email
    • processing whois calls
    • processing whois snail mail

in a way whois privacy scam-services have implied but never fulfilled let alone explicitly offered.

ICANN ought demand accredited registrars publish APIs for whois management as it’s to the public benefit (see first purple highlight above image)

  • presenting unique whois contact information for every inquirer
  • allowing whois privacy management firms to change underlying information based on firm’s privacy strategies
    • undesirable feckless caller volume
    • undesirable email volume
    • challenge response solved too quickly
    • DCC style patters across client base
      • publishing hashes licensed to other firms

Hopefully someone else will create such a service in the now accelerated arms race to personal privacy

Thank you, ICANN and the Registrar Whois Validation Working Group, for creating a new- and profitable use for 900 numbers and other toll calling!

With toll numbers people will likely “report” themselves ‘guilty’ of inaccuracy to generate revenue — delightful godaddy comeuppance:

900-sagacious + 976-himself

December 20, 2013

SneakerVncNet: willfully effecting lan or internet multiplayer for “hotseat” multiplayer games

Filed under: circumvention,DARPA,SneakerVncNet,Word Coined by Himself — Sagacious Himself @ 1:31 pm


[screen shots]

Overkill use of VNC or similar to allow multiplayer over LAN or internets for games without actual-social aspect.


January 29, 2013

VZW prepaid daily not a bargain if using recycled numbers

Filed under: BULLSHIT,verizon circumvention,verizon sucks — Sagacious Himself @ 6:48 pm

VZW prepaid daily seems like a good plan for CL or other cloak and dagger operations.  However “new” activations are issued heavily abused numbers from a small recycled pool 😦

$2/day prepaid quickly loses value when DebtCollectorLucifer calls for Bob Smith from several different obviously spoofed numbers several times per day.

fortunately TXT is not billed until opened.  And much akin to TracFone some VZW non-sim prepaid phones offer better TXT windows if you’re not outright blocking TXT.  Combine with voip sms to sip/xmpp/fwd for less poor results.

mobile carrier really REALLY OUGHT to provide customers server side PBX finesse powers for TXT- and call filtration!

provide a better number with the GOTCHA that VZW policy prevents incoming calls during port-in process!!

If you need a phone and need inbound calling now you DON’T WANT VERIZON WIRELESS directly; you want a VZW MNVO like TracFone, StriaghtTalk, etc who allow incoming calls during port-in process

Himself 130129 Sagacious

December 12, 2012

bypass youtube blocking filters with googleapis or how to view ONLY video content on youtube

Filed under: All Your Base,circumvention,DARPA — Sagacious Himself @ 2:29 pm

While tinkering with to play a slideshow about Raspberry Pi cases


x4 Observe the following creative use of googleapis domain to circumvent DNS interweb filtration.  Alternatively this is a fantastic way to receive ONLY video content from youtube.

in lieu of

yup, merely insert “.googleapis” between “youtube” and “.com”

almost no thinking required (unfortunately slightly more complicated than mashing buttons on a mouse)

to avoid having to type altogether simply REMOVE “watch?”, copy “/” to clipboard, highlight “=” and paste in the “/”

^ however that’ll likely trip the filter, but this also EASILY bypasses youtube age check

drug abusing porn obsessed teen mafia whoremonger reprobate: Father Calloway’s conversion story:



while on the topic of Raspberry Pi today December 11th might not be the best day to view the site with filter circumvention in mind as they targets of the device, middle school- and high school students would then be exposed to softcore pornography (topless eve in adam & eve) |

March 13, 2012

circumventing norton online family: info provided by public online norton help

Filed under: All Your Base,circumvention — Sagacious Himself @ 11:37 pm

here are some entertaining gems

* children who can create their own windows users now have accounts that are not monitored

“If your child uses Windows 7 in XP Mode, the Internet activities are not monitored. Your child can visit blocked Web sites and send instant messages to blocked IM friends.”


savvy children will simply boot an alternative environment.  loop back proxy [service] with admin rights is another entertaining circumvention.

[ disable norton online family , beat norton online family , stop norton online family, defeat norton family ] |

November 22, 2011

PDroid, adds awesome spoofing POWER to android privacy permissions management

edit 2014:  still good XPrivacy Pro [license supports crowdsourced knowledge], but also evolving quickly from the developer of PDroid 2.0 (not svyat) is DonkeyGuard (CollegeDev | github).  DO absolutely combine  AFwall+ firewall  [in whitelist mode] with LightningWall, and UnbelovedHosts, AND BootManager.  To that end do also donate to defim for the combo license: DefimDonator  [$14 is well worth it] — important: make a note of the name in which you want the license issued. LightningWall does not appear to have a whitelist mode starting from everything blocked, but can function independent of your iptables manager (AFwall+).


DonkeyGuard android privacy enforcement logo

(DonkeyGuard requires CydiaFramework… seems to be abandoning XposedFramework in favor, but uses both now)

DonkeyGuard defaults to ultimate privacy

DonkeyGuard has a better UI style than XPrivacy Pro

DonkeyGuard better interface design than XPrivacy sterile checkbox columns

vs XPrivacy Pro

 XPrivacy Pro app UI

XPrivacy Pro summary UI


edit 2013:  better is XPrivacy extension of XPosed framework for android.  zero malware market access needed; download only via XDA forums or soon *hub for free OpenSource possibly “You can use an XPrivacy Pro license for all the devices you personally own.”

XPrivacy FAQ#50 also recommends Xmpp Texting [Xabber]


original post:

picks up where LBE Privacy Guard leaves off… they play well together.  However PDroid claims no need of background service.. still requires root. It requires root to boot into CWM to apply the patch, but does not require root to run the management app.


PDroid allows blocking access for any installed application to the following data separately:

  • Device ID (IMEI/MEID/ESN)
  • Subscriber ID (IMSI)
  • SIM serial (ICCID)
  • Phone and mailbox number
  • Incoming call number
  • Outgoing call number
  • GPS location
  • Network location
  • List of accounts (including your google e-mail address)
  • Account auth tokens
  • Contacts
  • Call logs
  • Calendar
  • SMS
  • MMS
  • Browser bookmarks and history
  • System logs
  • SIM info (operator, country)
  • Network info (operator, country)

For device ID, phone and mailbox number, SIM serial, subscriber ID and device location it also allows supplying custom or random values.


easy access to APKs from memorable url:

PDroid 2.3.4 source; patches build, frameworks and libcore

cites interesting article on blockery leakiness.

[ ]

October 27, 2011

new English version of LBE Privacy Guard available Halloween? Renamed to LBE Security Master

Filed under: AdNoyances,android,circumvention,Justice,privacy — Sagacious Himself @ 1:49 pm
Tags: , , ,

edit 2014:  better alternatives to LBE

edit: a MUCH better, more elegant solution is the PDroid patch

Ask your ROM builder to bake-in PDroid.  There are PDroid aditions and versions for ICS.  It will likely be ported to EVERY subsequent versison of android.  MY hardware, MY data: MY terms.

English LBE Security Master lite from LBE now available


I have been using the new LBE Security Master in Chinese.  With the exception of a few features all the functionality can be intuited based on prior app experience.

[insert: LBE PG backgrounder]

New to this version is a name change.  This better than fantastic app has been dubbed LBE Security Master.  The Guard icon is a dial whereas the Master icon is a shield.  Go figure.

While denial of permissions is an option I much prefer playing integrity challenged applications at their own game: data poisoning.

I had been working on a screen shot based tutorial but it seems that will be of little value for the Chinese-only upgrade as the English version of LBE Security Master (version 2.1.x) will be available Halloween or possibly All Souls Day.  Chinese APK.

I am hoping in addition to unique id spoofing [UDID] LBE Privacy Guard data services will also be able to spoof MAC addresses and spoof non-radio IMEI/MEID.

New must-have features include:

  • new permissions visualization,
  • bandwidth monitoring per app (a starred feature req of DroidWall)
  • battery preservation,
  • communication filtering [some twits label this sms firewall]
  • fractional functionality for non-root users

Missing is finer grained control of permissions.   Some permissions such as send SMS, receive SMS are grouped into one tickbox.  GPS location and network location are deemed one permission.   ‘Get TASKS’, a permission abused by google maps, seems to be MIA as well.

The new Chinese version of LBE Privacy Guard is fully functional under Cyanogenmod 7: good news for users of non-stable releases of CM7 who are unable to use the current English version. While garbage collection frequency has been a blight for some using cm4dx the dev cm4dx-gb has almost entirely addressed the problem; LBE Security Master can increase garbage collection frequency at user request.

Keep an eye on the LBE Security Master change log and LBE dev blog for more speculation fodder.  Though big fans of QQ they are not big on XMPP.


[ | ]

May 17, 2011

Open Garden and EFF Open Wireless movement : cirvumventing verizon wireless 3G fraudulent enticement ?

Filed under: DARPA,Geeky goodness,verizon circumvention — Sagacious Himself @ 1:43 pm


“openness” is great and all but if I am to share my internets with strange unknown persons I will want to prevent them visiting unsavory sites on MY connection.  (Yes, I have read footnote number one in the EFF article.)

  • no “adult” sites
  • no eye patch sites
  • nothing that would earn me a visit from the FBI

What open garden has no plans to incorporate RADIUS? Hosted style as in dd-wrt?

And yes it requires root but wait..  tutorials and videos for adding root permissions [SuperOneClick] is conveniently provided for windoze users.  Rooting still requires windoze piracy in VM… unless you want to buy a windows license to run in vm on *nix for a one time use.  Also a video on using z4root

EFF footnote two pitches a disturbing use of geoiplocation!  Now more than ever ISPs should offer opt-out from netblocks with fine grained geo location information.




April 1, 2011

malware-foss contradiction reedemed by fdroid community .. as drm fosters piracy.. or re-engineering.. so does malware-foss foster fixing

Sick of the malware dominated “freeware” section of android market?  Irked by “malware-foss” contradiction?  F-droid to the rescue.  A fine group of programmatically inclined heros edit away malware infecting f/OSS and compile actual-freeware for the educated. Kudos to CiaranG and those who want no spotlight.

Sadly the vast majority of android market users in their gross ignorance WRONGLY tolerate malware.

Sure ads can be easily blocked (root et al) but why trust an intellectually dishonest developer?  What other evil lurks in that black heart?  What other nefarious ends await the use of the malware?  Yes, malware: undesired code that harms the user or abuses his resources [for profit].


“But programmers gotta eat”

Yes, they do.  But if eating is unlikely daily perhaps said programmer should ply skills commercially and not futter away hours on a f/OSS project.  You can’t eat a cake you don’t have.  People don’t owe you cake.. nor do you have the right to another’s food. When you have enough food THEN worry about baking a cake.  Let them eat your cake or sell it!  You ought not pillage food from gift recipients.

When you give your cake away it’s irrational to whine that no one bought it.

Beware of cake indian givers!




[ ]

August 17, 2010

free unlimited data on any smart phone with unlimited sms texting plan: using OLD sms texting to circumvent mobile data caps

Do you have “free” unlimited old slow sms texting on your smart mobile plan?

first:  unlimited sms texting is not free.  Plans without old slow sms texting cost less than those otherwise equivalent with it.

  • smart phone app to
    • UUencode data
    • send UUencoded data via sms texting
    • collect multipage sms texts (not mms)
    • decode UUencode
    • save decoded binaries
    • option to create par2 volumes
    • option to encrypt files prior to UUencoding
    • option to intentionally send pages out of order or amongst other sms file texts
  • sms file texting to
    • backup all your photos without using mobile data
    • backup android apps without using mobile data
    • operate as a ‘modem’ to transfer files between computers without invoking mobile data
      • sms file texting tethering
    • stream music to phone without using mobile data

Will work for iOS and android.

Not much unlike my prior post using UUencode to attach binaries to a blog post for blogs either without binary hosting or having exceeded free storage quota

old slow sms file texting

That’s about the only reason to retain old slow sms texting.  On a smart phone you’ve already paid for the mandatory data….. so…. use

xmpp texting

xmpp texting is zero cost:  no money, no privacy rape

xmpp texting is an Open Standard WIDELY used


Sip Simple Texting

sip simple texting or sip texting is zero cost: no money, no privacy rape

sip texting is an Open Standard soon to be WIDELY used

presence: sip texting doesn’t provide presence.  I use xmpp texting alongside sip/sip texting.

contacts:  xmpp texting has a roster,  sip texting uses XCAP or local client

encryption:  xmpp texting can be made 100% private with OTR (Off The Record encryption), sip texting could use otr but no clients afaik do this, sip calling can be encrypted with sRTP with key exchange via zRTP

nat traversal:  xmpp jingle in lieu of sip, but conversation in RTP


For extra points use old slow sms texting to convey xmpp texting stanzas!

  • How providers can help clients
    • expose phone switch power
      • smart phone app to control account AS if IP-PBX
      • actually REJECT calls instead of silencing them, or diverting them, or pickup hangup
      • reduce customer service calls
        • spending less money
        • building infrastructure instead
        • lower service prices for consumers
      • pass/capture CallDivert info
        • OCN available to users no matter which mobile carrier
        • ease customer use of SIP integration
      • customer control of RingBack tones
        • instead of retarded “service” verizon offers
    • real-time access to one’s own [CDR] call history
      • especially for those calls not delivered to the handset
    • customer app control of features currently available only by dial string





January 3, 2010

ah facebook, warnings, good times.. warms the cockles of hearts in many lands

Filed under: All Your Base,circumvention,social engineering — Sagacious Himself @ 9:33 am

look at how many people are catching on how to game facebook or simple game facebook gaming

the even lazier ones building on- or simply using the less lazy

remember that one email: ought not ..  flash .. xml .. etc

the myspace response to security related emails is to mash delete related buttons which is not surprising given that their ‘mail’ system allows party A to flag party B for spam in a party A initiated conversation.

@ cheaters: up your skill set when cheating flash games with Cheat Engine — read up on rings, IOS and IDS, too, but don’t become a pediaphile.  And when you have mastered Cheat Engine (extraordinarily unlikely) move onward to WPE Pro.  [AMD fanbois stay home]

don’t, worry, facebook, there are still plenty of cretins who embrace internet voyeurism/exhibitionism for you and your puppet masters to profit in both your short- and long term plans — game if you will.

few seem the have the intellectual capacity to realize the crosslinked nature of exercise of liberty and privacy much less to see the long term consequences of their “I’m not addicted to the interweb” habits.  They’ll probably have the same indifference to their cable/satellite/fttp television provider’s policy for datamining channel watching AND guide use.

Maybe one small upside is the pressure to properly implement mobile tower designs in six-gang instead of cheaping out in four-gang…. another I told you so waiting to crash down on some people your masters would adore meeting.

When you do eventually “lose” your job there’ll be an openining in verizon’s ministry of truthiness, at least in the moca propaganda subdivision for a few years.

Transparency, eh?  It seems very greatleader obama style.  you have covered some of the how but ZERO of the why.  How much trust can you build; it’s not trust you have with the itards.. that’s sometimes else entirely different.  You can haz trusts when you disclose datamining BETWEEN properties… on second thought that might be antithetical to your conditioning.

I wonder how many people would submit TOS/EULA scans to a site documenting the home equivalent of rights atrocities or privacy genocide…

October 2, 2009

Hazaa! how to disable SIP ALG on Westell 9100

Filed under: CIO,Hackery,How To,social engineering,verizon circumvention,voip — Sagacious Himself @ 4:26 pm

Hazaa how to disable SIP ALG on Westell 9100em

ZERO help from verizon on this topic: ZERO help via phone, ZERO help via email, ZERO help via live chat, ZERO help via forum, ZERO help via paper mail.  All verizon avenues assert it is not possible to disable the SIP ALG in the 9100em westell.  Errrn! wrong.

Export conf, edit file, load conf, reboot.

configuration file
save configuration file

remove ONE line: (alg(sip_udp))
save changes to file

configuration file
load configuration file

For a little more sanity modify the 9100em SIP service definition from only ONE UDP port, 5060, to include expected defaults-  or YOUR SIP and RTP ports.. you’ll be redefining the 9100 SIP service to be voip service as creating your own voip service definition will not suffice — thanks verizon for making “open” RG “better”.

Yes, delightfully you will be making multiple modifications in several locations in the config file: service, meh why ruin your fun you can find the rest right?  protocol(17) = UDP  protocol(6) = TCP.  For a little more joy craft some advanced filters (firewall settings, yes, advanced filtering) to allow traffic in, Initial Rules, from your ITSP server(s) or otherwise with the SIP/RTP ports you use. Enable rules logging to verify, syslog daemon preferred, but do not leave enabled.

Tested against
9100em hardware revision A
9100em hardware revision D

Only functional SIP ALG exists with Cisco (not linksys) and Juniper networks.  By default every NAT’ing device sold in a big box store has similar piss poor NAT.  PFsense for everyone!

@ verizon fios

Now that I have your attention.. I would like an option to receive an IPA lease from a netblock without correlation to my geographic position.  (this is not challenging for you to implement).  GeoIP location violates privacy and deters confident exercise of freedom of speech.

It would also be super to buy an additional IPA since this device was designed with that in mind.  That’d be easier than the solution for multi IPA I employ now which I won’t outline.

* 2010 update: the least painful way to escape fios cpe SIP ALG is to use SIP ports _other_ than 5060 on server (or proxy).  DEMAND your ITSP/VSP offer such ports or upgrade to one that does [viatalk].  DEMAND your VSP support SIP TCP & TLS.

* Sept 26 2010:  actual Cisco NAT & ALG
NAT Optimized SIP Media Path with SDP


[ ]

May 31, 2009

CableCard joy: OSFRLoader

Filed under: circumvention — Sagacious Himself @ 1:37 pm

CableCard: I can has eaten my cake?

OSFRLoader @ The Green Button (090506)

.an evolution of (090206)

I bought all the hardware, software, and TV feed/services… I SHALL be using them as I please.

nvmarino writes: (090403)

OEMs use the same, “bulk”, digital cable PID on all systems. The key is pre-loaded in the registry for convenience so the user doesn’t have to type it in. The key on the sticker is necessary in case the bulk PID is ever revoked or if, for some reason, the bulk key is not in the registry (i.e. a fresh OS install). You can find the digital cable PID in the registry here:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\Content Security


apparently see also: “OCUR Deployment Guidelines” (Vista OEM Pre-installation kit)

– and (080328)

.the darkside lingers


[ ]

HDCP moxy and moxi HD

Filed under: All Your Base,bookmarkified,circumvention — Sagacious Himself @ 10:26 am

DTCP moxy.. master matrix sifting

Date: Mon, 11 Apr 2005 01:25:17 +0200 (CEST)

DTV Content Protection

Two content protection systems are in use to protect digital television
(DTV) signals on the wires of American home video systems: HDCP and DTCP.
HDCP is used for the most common digital cable connection to HD monitors,
HDMI, which is a variant of DVI.  DTCP is used for digital connections
to video equipment, especially digital VCRs.  It was originally designed
for Firewire (aka iLink, aka IEEE-1394) but has been extended to USB-2
and Bluetooth, with IP in the works.  Apparently monitors with both HDMI
and Firewire connections would have to implement both.

HDCP is described at and DTCP at  The full DTCP spec is still secret unless you
are a licensee [[OhNoes... money outlay? where ever would a
 nefarious type acquire that??]] and the site has only limited

The two systems are very different cryptographically.  HDCP uses a
56-bit keyed stream cipher based on LFSRs.  DTCP uses block ciphers,
either a 56-bit key proprietary block cipher from Hitachi called M6,
or AES with 128-bit keys.  M6 is the default that all devices must
implement.  M6 uses an odd chaining mode called "converted CBC" which
seems to chain the ciphertext into the next block's key material rather
than the plaintext, possibly with an abbreviated key schedule.


Here I want to focus on the key agreement protocol.  Both systems use a
similar approach which has never been formally presented or documented.
For convenience I will call it SKDH, for Symmetric Key Diffie Hellman.
SKDH has some properties of Diffie Hellman key exchange, but it uses
simple addition operations rather than public key functions.  It also has
some properties of identity-based encryption, in that there is a master
key center that issues the private keys to each device.  However it
is not secure against collusion by users who know their private keys,
so would not be suitable for a true IBE system.

DTCP has two key agreement protocols. There is a full protocol which is
EC-DH (elliptic curve Diffie Hellman) and is mandatory for "copy never"
content, ie. pay per view content.  It also specifies a restricted
protocol which is acceptable for "copy once" and "copy no more" content,
that uses the SKDH technique described below.  This will be much cheaper
to implement for manufacturers and is probably used by typical recording

DHCP has just one key agreement protocol and it is of this new type
as well.

SKDH key agreement has not been published but it is presumed that it
works as follows.  There is a secret matrix which is known only to
the agency that issues keys.  Let us call this the Master Matrix, MM.
The system is based on matrix algebra as follows:

Pub1 * MM * Pub2 = shared key.

Pub1 and Pub2 are vectors of 1's and 0's which are the "public keys"
of the two devices, called "key selection vectors" or KSVs.  Each device
is issued such a vector, along with its private keys, which are defined
as follows:

Priv1 = Pub1 * MM

Priv2 = MM * Pub2

Priv1 and Priv2 are vectors of numbers whose size depends on the values
in MM.  Details for the two known implementations are described below.

By associativity, we have:

Pub1 * MM * Pub2 = Priv1 * Pub2 = Pub1 * Priv1 = shared key.

The two parties do a key exchange by giving each other their KSVs,
the public Pub1 and Pub2 values.  Each one then multiples the vector
of 1's and 0's they received from the other side times their vector of
Priv values.  This amounts to simply adding the Priv values selected
by the 1's received from the other side.  Because of the relationship
between the public and private values, this insures that both sides
receive the same shared key.

The analogy to Diffie Hellman which motivated the name SKDH should now
be clear.  Each side receives a public value from the other, combines
it with its own private data, and creates a shared secret.

In HDCP, the MM matrix is 40 by 40, and entries are 56 bits long.  In
DTCP, the MM matrix is 12 by 12, and entries are 64 bits long.

The weakness of this system is that if the the private key vectors are
published, they leak information about the MM matrix.  In principle as
few as 40 private/public key pairs could fully reveal MM in the case of
HDCP, and as few as 12 in the case of DTCP.  This makes the cryptographic
scheme unsuitable for any widespread identity based encryption scheme;
it will only work in a closed system like these, where manufacturers
must take great pains to keep their private keys secret.

Attacks on HDCP

Several attacks have been published and unpublished on HDCP.  The most
famous is from Niels Ferguson, who has announced an attack but will not
publish it for the reasons described at  According to Ferguson:

"HDCP is fatally flawed. My results show that an experienced IT person
can recover the HDCP master key in about 2 weeks using four computers
and 50 HDCP displays. Once you know the master key, you can decrypt any
movie, impersonate any HDCP device, and even create new HDCP devices
that will work with the 'official' ones. This is really, really bad
news for a security system. If this master key is ever published, HDCP
will provide no protection whatsoever. The flaws in HDCP are not hard
to find. As I like to say: 'I was just reading it and it broke.'"

Keith Irwin has published four (actually five) attacks on HDCP at [090531_HDCP-Attacks-Irwin].  His last one
is perhaps along the lines that Ferguson envisioned, and I will say more
about it below.

Similar concepts are presented in by
Scott Crosby, Ian Goldberg, Robert Johnson, Dawn Song and David Wagner
This paper assumes (unlike Irwin) that attackers have access to the
private keys of chosen devices.  This is a questionable assumption as
it will take very expensive laboratory equipment to extract sensitive
key material from today's protected chips.

Irwin's fifth attack is presented in an addendum.  It involves presenting
random KSVs to a display and using a birthday trick to find the "shared
key" values relatively quickly, which could lead to a break in about
a month.  However Irwin is more pessimistic about the number of displays
and assumes that 74 will be needed to have a good chance of spanning the
whole matrix.  If 50 properly chosen displays are enough then Irwin's
attack would be pretty close to Ferguson's two week time frame.

All of these attacks focus on finding the master secret MM value; once
that is found, the security of the system collapses.  Given a KSV it is
immediately possible to deduce the corresponding private key if you know
the MM.  Although both HDCP and DTCP have mechanisms for revocations of
cracked keys, a total break like this cannot be rescued by revocation.

Attacks on DTCP

DTCP seems not have gotten as much attention from cryptographers, in
part because the details are secret.  But its restricted authentication
handshake uses the same SKDH algorithm as HDCP.  DTCP requires the two
sides to have certificates, but it appears that the receiver of the
data does not check them, so Irwin's random-KSV birthday attack should
still work.  It may take a little longer due to the key size being 64
rather than 56 bits, but this will be somewhat compensated by the fact
that the matrix size is 12 rather than 40.

The time will depend crucially on how quickly a handshake can be
completed with a device, and the DTCP spec is somewhat vague about this.
It's possible that the handshake could be much faster, and then the attack
could complete even more quickly than HDCP.  Since DTCP has only a 12 bit
public key there are only 2^12 possibilities, so these keys will not be
distinct between different devices, but rather will be common across a
model or even across a manufacturer.  This could make it harder to find
12-15 devices with different keys that will span the MM matrix.

The M6 cipher used in DTCP is actually a family of ciphers, and some of
them are attacked in by John
Kelsey, Bruce Schneier and David Wagner.  However that attack depends
crucially on the use of addition in a certain phase of the algorithm, and
M6 is also documented to use XOR there in some variants.  The specific
version of M6 used in DTCP is not known, and even if the attackable
version is used it's not clear if this would weaken the cipher enough
to make it the weakest link in the chain.


Both HDCP and DTCP use cryptographic mechanisms for which published
attacks have existed for several years, yet deployment proceeds unabated.
Almost all new HDTV equipment in the U.S. implements one or both of
these cryptographic protocols.  As discussed above, if enough private
keys leak or are scraped out, or if Irwin's attack works, the security
of these systems will collapse.

DTCP has a fallback in is its certificate protected, EC-DH based
full authentication mode, using AES-128 to avoid any weaknesses in M6.
It would take years though before existing equipment could be obsoleted
by ceasing to support the restricted authentication mode that uses SKDH.
HDCP has no fallback and it would be necessary to redesign the handshake,
again with a several year lag time for deployment of the updated system.

It will be interesting to see whether these theoretical attacks can
be successfully mounted now that HDTV equipment is widely available.
As the cost continues to drop over the next couple of years it should
soon be practical for hobbyists to begin experimenting with Irwin's
attack and start collecting KSV + private key pairs.  DTCP would be an
even more attractive target as it would allow easy computer recording
of protected data via Firewire, USB2, or IP.  However its reliance on
the much-maligned principle of security through obscurity (keeping the
details secret) may in practice give it a greater degree of protection.


All your liberty are belong to the “peoples republic” ..

May 23, 2009

moca fios and E300-DPH548 or pay third party for cat5e runs?

Filed under: circumvention,DARPA — Sagacious Himself @ 7:42 pm

fios moca?  this millennium meets last millennium

choose your pain.. either way fios support is as cretinous as TWC… but both are better than commiecast.  wireless-N is great, like 802.11a, until all your neighbors have it, too

let the coax ethernet bridge fun commence.. at my expense as usual

March 30, 2009

Protected: circumvent hulu geoip location filter

Filed under: circumvention,DARPA — Sagacious Himself @ 10:32 am

This content is password protected. To view it please enter your password below:

hulu certainly does NOT need to store flash shared objects (SOL : flash cookies)

Filed under: CIO,circumvention,DARPA — Sagacious Himself @ 9:38 am

DENY hulu the privilege of storing flash shared objects (SOL) in your Local Storage

DENY the privilege of using local storage for flash



Flash settings manager is NOT capable enough.  flash player hack?  Currently it only sports a whitelist:.



DRM urinates on the American way.  STOP hollyfascism in its tracks at hulu.  Thankfully no elaborate tools are required.  Obviously, though not to the cretins, my objective is not piracy.

[105% NoSquint zoom had been in effect prior to all screen captures]

block ALL hulu ads with ONE adblock plus filter

March 29, 2009

Protected: block ALL hulu ads with ONE adblock plus filter

Filed under: circumvention,DARPA — Sagacious Himself @ 5:04 am

This content is password protected. To view it please enter your password below:

blocking ALL hulu ads with merely FOUR adblock plus filters

Filed under: CIO,circumvention,DARPA — Sagacious Himself @ 4:30 am

yes, only four filters will kill all interstitial hulu ads.. mwahaha

configurable security policy joy

.. taking advantage of the hollywoodifizing of browser technology 😉

Circumventing hollyfascism is trivial. The hollyfascists will never win.

February 16, 2009

making Corel Painter X.1 suck less (bye drm)

Filed under: circumvention,How To — Sagacious Himself @ 1:07 am

bye corel drm resource hog


Since version XI of PSP, “Protexis” drm software (PIS service.exe) is installed with the software. Even removing PSPXI does not take it out. This drm software is also installed with PaintShop Pro X2 (PSPX2), CorelDrawX3 (CDX3) and CorelMediaOne 2 (CMO2).

For some users, this PIS Sevice.exe eats up so much CPU usage on their PC that they give up and never upgrade their software to newer versions.

The following post gives a step-by-step guide to remove Protexis (i.e. reduce CPU usage) and at the same time ensure the new version of PSPX2 functions normally.

I have extended the step-by-step guide to CDX3 and CMO2 too.

1. Install Program  (do not run it)

2. Goto the install program files folder
%programfiles%\Corel\[corel product]

3. Delete PsiClient.dll from the program files folder (back it up first or rename if you might want to reverse this procedure)

[Repeat Step 3 for all three programs before go to Step 4]

4. Goto C:\Windows\System32 and find PSIKey.dll

5. Copy PSIKey.dll to the install program files folder in Step 2.
5. Rename PSIKey.dll to PsiClient.dll
[Repeat Step 5 for all three programs before go to Step 6]

6. Click Start->Run and enter: services.msc
6. Find the ProtexistLicensing service, stop the service, and disable it

7. Click Start-> Run and enter: sc delete ProtexisLicensing
to remove ProtexisLicensing from Services list

8. Go back to C:\Windows\System32

9. Delete the files: PSIService.exe and PSIKey.dll

pretty easy….and works. Of course if you add service pack to program later this protexsis will be installed again. Re-do the above steps again to get rid of Protexis.

update: for PaintShopPro the directions vary slightly (untested) as I have a licese for photoshop

  • stop- and disable  the Protexis Licensing V2 sevice
  • open directory C:\Program Files\Common Files\Protexis\License Service
  • Rename PsiService_2.exe to PsiService_2.byteme
  • Copy PSIKey_2.dll to C:\Program Files\Corel\Corel Paint Shop Pro Photo X2
  • Rename PsiClient.dll to PsiClient.byteme
  • Rename PSIKey_2.dll to PsiClient.dll

January 29, 2009

how to download all the mp3 music you want from project playlist beta

Filed under: circumvention,Download,download music,How To — Sagacious Himself @ 5:51 am

how to download all the mp3 music you want from project playlist beta


This script allows you to download ALL SONGS on by using a different method than all those other scripts that just use the visible url. Now provides links to download entire playlists!!!
Version: 2.2.1

free signup is *optional* but will allow you to build a favorites list

must use beta search

in results click new “Download song” link.

cost of free: filename is string of numbers

Say for whatever reason you wanted music from MTV toplist

so in a moment of insanity you desire Kanye West “Heartless”

search heartless: 090129-project-playlist-beta-search-to-download-mp3


because you’re still insane you click the first download link instead


if you’ve opted not to install the userscript as directed, or if you’re greasemonkey is disable then no download link for you




if you’re OCD or an iTard: kill yourself. The file contains ID3 tags. You can use foobar to rename the file to your liking


right click file(s)


click the dot dot dot


pick the appropriate naming scheme


click run

click close

repeat as desired

NEVER pay for mp3s.  Pay only for FLAC, audio CD, or audio DVD.  Money must fetch fidelity.  mp3s are only acceptable when free.

* large groups of mp3s are best batch renamed via ID3 with den4b’s ReNamer


January 2, 2009

how to lookup a friend’s road runner email address and upgrade his account or cancel it out from under him

Filed under: All Your Base,circumvention,DARPA,social engineering — Sagacious Himself @ 1:09 am

edit 2013:  viatalk is NOT anymore recommended (below) .. instead Vitelity or Anveo.



how to lookup a friend’s road runner email address and upgrade his account or cancel it out from under him

requires victim.. err friend’s phone number


(2) enter phone number

(3) call local road runner division

(4) enter phone number

(5) proceed to tech menu for internet service outage

(6) write down mac address the system foolishly volunteers

(7) return to tab

(8) enter mac address from step 6

* if prompted to answer a security question enter any short string of letters

tada.. your friend’s email address.


with all three pieces of information you can have friend’s master account password reset and login to Self Care and find account number. Now you can call and request upgrades for your friend at his expense or cancel his account.  Or  you can use his 500 meg SafeStorage account

thanks time warner!

(be sure to ask them how their propaganda “any three services [qualify for our] triple play discount” does not apply to either ‘cable box, cable box, internet’ or ‘internet, internet, cable box’.  Last I check each of those respective groups comprised three services — neatly falling within ‘any three’)

Time Warner digital phone (voip) is abysmal in everyway other than network structure (ultra low latency and hops):  it’s akin to ma bell from 1960.  Either roll your own with Asterisk or upgrade to ViaTalk ($17/mo + taxes), or ($1/mo + $0.0115/min), or ($2/mo inc 60 minutes + $0.015/min, no free SIP in/out)

[ ]

December 5, 2008

SMS to yahoo chat : sms phone out format to yahoo inbox popup

Filed under: CIO,circumvention,DARPA,Geeky goodness — Sagacious Himself @ 2:33 pm

compose new text message (not email)


TO:  92466502

  • message MUST begin with the full yahoo ID (email address)
  • immediately a colon (no space after TLD)
  • (optionally a space) then the text message

message should be received and stored for delivery even if recipient in not logged in currently.

IF the message is not received try sending to 92466501 instead


[ ]


March 21, 2008

fun with deezer

Filed under: circumvention,DARPA — Sagacious Himself @ 10:48 pm



[ ]


March 12, 2008

playable “encrypted” videos — Steganography for video inside playable container

Filed under: circumvention,DARPA,Geeky goodness — Sagacious Himself @ 9:07 pm

It would be entertaining to have an application that would twist a video and its sound into noise in such a way that the file could still be played in any media player, and be “decrypted” with that application.  Steganography for video I suppose.  … Preferably without the loss of transcoding / recoding.

This technology could be further extended to real time transforms of in home wireless video systems like x10, or 2GHz video relay kits.  Keep an eye on your home without anyone else peering in.

Here’s an interesting paper on a similar tangent:

But that doesn’t get us any closer to posting crypted video to the myriad of free video hosting sites :\

This MSU VirtualDub Filter hides other data in video:

I don’t want to hide data in video, I want to render the video unwatchable until decrypted inside its respective container.

[ ]

March 10, 2008

I want a steganography tool to host non-image files in blog provider’s free image hosting

Filed under: circumvention,Concept — Sagacious Himself @ 4:05 am

It would need to generate a noise image large enough for whatever file, and as part of the image contain the file name, and optionally date stamp, and MD5 hash of the contained file.  Not to be used to “hide” files, but encapsulate them for easy retrieval.

Preferable output is PNG because most image hosts do not try to resample or recompress PNG.

[ ]


Next Page »

Create a free website or blog at