Ritz Disposable Digital Camera Hacked 542
morgue-ann writes "The $10.99 Dakota reusable digital camera announced in July was usefully hacked on November 6. First attempts to extract picture data took 10 hours to read out 16MB, but new code for Linux and Mac and Windows lets you get pictures quickly over USB and view or print them without Ritz's help (and with fewer of your $$)."
What... (Score:4, Funny)
I want my money back.
Can't ,,,re,,sist (Score:5, Funny)
Beware the DMCA..... (Score:4, Insightful)
As silly as the law is let's hope that it's repealed/reformed and soon.
Funny (Score:5, Interesting)
Re:Funny (Score:4, Insightful)
Actually, it doesn't prevent you, but if you find a way to do it, it prevents you from publishing/sharing it.
So no, it is not funny.
Re:Funny (Score:2)
The grand-parent post meant "funny weird" not "funny, laugh".
And it is most certainly funny/weird.
Re:Funny (Score:4, Interesting)
Re:Funny (Score:5, Insightful)
MacroVision is not added to consumer-created tapes, just like CSS isn't used by consumer-created DVD Video. There is no copy protection that would prevent you from duping your own copyrighted material from VHS to VHS, or DVD-R to DVD-R.
The original message was dead-on - it'll be interesting to see Ritz use DMCA to prevent users access to their own copyrighted photos.
Re:Funny (Score:3, Informative)
The DMCA is vague on that point. It says that it is illegal to circumvent the technological measures used to protect a copyrighted work. It seems to be assumed that you do not own the copyright to the work in question, but this isn't explicitly stated from what I remember.
Re:Funny (Score:4, Informative)
DVD producers are only allowed to set that flag on the DVDs they produce if they have paid a fee to Macrovision.
Any DVD you produce at home, will not have the flag set and will not have Macrovision added to the output signal when played on a DVD player.
With VCRs, the Macrovision signal is on the tape itself, it is not generated by the VCR.
Re:Funny (Score:3, Interesting)
Re:Funny (Score:3, Interesting)
In all honesty, I think you've hit on a very good moniker there. It conveys just the right sense of the ridiculous nature of these companies' existences.
Re:Funny (Score:5, Interesting)
No, the copyrighted work being "violated" here is the camera firmware.
Lawyers will argue that, in order to use the copyrighted firmware in the camera, you must be licensed to do so. (This is false, but that hasn't stopped them so far.) Thus, by cracking open the camera and pulling the data out, you have made use of the camera firmware in an unlicensed manner. This constitutes copyright infringement.
Also, since the protection racket... er, mechanism in place to keep you from yanking the photos out is probably also the same mechanism that protects the firmware itself. Thus, by circumventing the method that "protects" your photos, you have also circumvented the method that protects the firmware. This is illegal under the DMCA.
Note that it is in no way whatsoever immoral, unethical, harmful, or wrong. It's merely illegal.
Schwab
Re:Funny (Score:3, Interesting)
The camera just has a normal FLASH part, so you could re-flash the chip, and all is good!
Re:Funny (Score:3, Insightful)
Lawyers will argue that, in order to use the copyrighted firmware in the camera, you must be licensed to do so.
Just like you need a license to read a copyrighted book. How they can use the above argument is beyond me.
Nobody signs an "EULA" before buying one of these cameras, so any argument about its usage is just a bunch of babies whining because their business model had a flaw it - one that the market has found and used to its advantage. And I think it's important to keep in mind is that people are bu
Re:Funny... Not so funny at all (Score:3, Interesting)
Re:Funny... Not so funny at all (Score:3, Interesting)
Re:Funny (Score:4, Insightful)
This is key.
Being able to capture, retain, and download pictures is my own DRM system. An encryption scheme that forces me to take my pictures to Ritz is a circumvention of my DRM.
Therefore Ritz is in violation of the DMCA for forcing a circumvention of my DRM, extorting money from the rightful and noble copyright holder.
What, you say Ritz never agreed to my EULA? Sure they did, when it was the first photo I took with the camera. And let's not even think about the violations if they keep a copy of the file.
Re:Beware the DMCA..... (Score:3, Insightful)
So a camera costing hundreds of dollars and provided on a rent and return basis can effectively be stolen and the company goes bust?
Get a clue buddy, digital cameras don't cost $10.99 to make, and if you try and abuse this, this will stop!
Re:Beware the DMCA..... (Score:4, Insightful)
MOD PARENT UP (Score:3, Insightful)
Even if using the DMCA to combat this is morally wrong, so is downloading your own pictures, in this case.
Certainly you have to sign a contract to rent the camera?
Of course, you could place your own favorite pics on the camera, and send it in.
Re:(DON'T) MOD PARENT UP (Score:4, Insightful)
Well, go ahead and mod the parent up because it is a legit argument, but... if the business model falls apart because someone is "circumventing" an idiotic law that shouldn't exist to begin with, the business model is the problem, not the person who was savvy enough to figure out the work on their own.
Any company who's business relies on a shaky, ambiguous, morally (and quite probably legally) reprehensible law that a bunch of big business suits bought with some extra cash they had lying around isn't going to make it and doesn't deserve to.
Re:(DON'T) MOD PARENT UP (Score:3, Insightful)
Re:(DON'T) MOD PARENT UP (Score:4, Interesting)
All business is based on some assumption of law. For example, you can't just beat up your competitors. Is it moral that the law protects the weak from the strong? I think so, but there is a case to be made for the opposite.
In this case, we're the strong, and it's the artists, writers, programmers who are the weak. The DMCA is an effort to protect them. Is it therefore a shaky, ambiguous, and morally reprehensible law? Or just inconvenient to us?
Re:(DON'T) MOD PARENT UP (Score:5, Interesting)
Here's some food for thought (and I admit that this may be a philosophically weak argument, but I've yet to find anybody to help debate this and make it better), and in particular, this is a basis for some sort of morality (yes, an attempt at a universal right and wrong, good and evil, etc).
When a person is born into this world, that person has a fixed amount of time until death. That person is then able to trade their time (eventually) for stuff which is either desired or needed, such as food, shelter, entertainment, etc. In our society, we tend to use money to represent the value of said time (quite literally, time is money). Yes, there is much more to this, and I need to write it all down someday, but this summary will do for this discussion.
Now, where does this idea tie in with the discussion? Well, anything which takes time from me without giving me back something that I value equally could be considered to be wrong or evil. For instance, if somebody steals $20 from me, then I have lost the time it took me to earn that $20, and it cannot be recovered. Hence, stealing is wrong in this system.
Now, put it in terms of the DMCA and the limitations which are placed on those subject to its rule. I buy a DVD with the expectation that I will be able to enjoy the contents on that DVD. I have equipment which is sufficient to allow me to do so (to wit: A computer equipped with a DVD-ROM drive), and so this would seem to be a reasonable expectation. I bring it home, pop it in, and find out that, for no better reason than I choose to use Linux (instead of Windows), I am unable to play the contents of this media.
Now, nobody will give me a refund on this opened DVD. The best I can do is exchange it for
Under the DMCA, it is very possible for me to find myself out the money for a DVD which I might actually enjoy. Somebody has stolen some time from me, and I have no recourse. Now, before you tell me to use Windows, keep in mind that I must buy Windows, somehow, some way. Which means that I am out even more time. Or a stand-alone DVD player, which has the same issue.
The DMCA steals from me the ability to help others make use of the items which they have rightfully purchased with their time.
Now, for the counter-argument: The DMCA is meant to stop mass copyright infringement as has been enabled by the internet. I'll simply point out that mass infringers are already convictable under other laws. The DMCA gives no other benefits to help prevent actual infringment. None. It only allows producers of content to steal from me (and yes, they are stealing my time, by virtue of requiring potentially pricy extras that I may not already have to enjoy what they produce).
Gah, it's getting late here, and my brain is shutting down as I type this (I think the first part is more coherent than the second part). Thoughts from you?
Re:(DON'T) MOD PARENT UP (Score:3, Interesting)
But now that you are aware of the DMCA, if you buy a DVD expecting to play it on a Linux system, then you're an idiot, pure and simple. From the point the law was passed, that was THE LAW and being ignorant of it is not a valid excuse.
No - they are not stealing your time. If you buy a DVD, then you are a willing participant in the so-called "theft" of your time and it is not really theft anymore.
If you happen
Re:(DON'T) MOD PARENT UP (Score:3, Insightful)
I buy a DVD with the expectation that I will be able to enjoy the contents on that DVD. I have equipment which is sufficient to allow me to do so (to wit: A computer equipped with a DVD-ROM drive), and so this would seem to be a reasonable expectation. I bring it home, pop it in, and find out that, for no better reason than I choose to use Linux (instead of Windows), I am unable to play the contents of this media.
Obviously, your expectation was false. You should have some
stealing something=stealing time (Score:3, Interesting)
For the most part, humans do think this way, but there is one area we don't: children. The loss of a child's life is amazingly tragic, whereas the loss of an adult's life is less so. This doesn't make much sense, in that the adult had more time on them, and more learning...consider a 30 year old has 30 years of investment for life, whereas a newborn does not, and a newborn is easily replicat
Re:(DON'T) MOD PARENT UP (Score:3, Insightful)
Every law is "idiotic" to those who don't like what it means.
Using the DCMA to protect digital cameras of this type isn't an injustice. Many people cannot afford to buy expensive digital cameras or have on
Re:Beware the DMCA..... (Score:2)
Exactly - just like the MPAA used it to stop people from downloading DeCSS. The most that they can do now is simply to come up with a better design.
Re:Beware the DMCA..... (Score:2)
So Fucking Sue Me! (Score:2)
Re:Beware the DMCA..... (Score:2)
Well if the DMCA was repealed, another would sprout up in it's place. That cycle would continue until the DMCA itself was encrypted, and any attempt to repeal it would result in jail time!
But it's unhackable! (Score:2)
According to a Mercury News story [siliconvalley.com] , the camera is nearly unhackable through its proprietary interface (aha! those wily hackers will never figure this one out!).
"Hackers will have a hard time making Dakota Digital cameras reusable at home. The cameras have a special plug, so you can't use any standard computer cable for connecting to a personal computer. Also, you can't erase more than one picture and the images are stored in a raw format that won't be recognized by photo-editing software."
Really... how ma
and now- (Score:2)
seriously, how many people will go to these lengths to have a digital camera with these limitations..
you jump thru hoops, and get a crappy digital camera for 12.99.. instead of a better digital camera, with support, for 99..
I don't understand... (Score:5, Insightful)
Why can't they use something like RSA to encrypt the photos so that only the Ritz people can read them?
Do these people shy away from proven algorithms because they don't have the processor power, because they don't want to pay licensing fees, etc? Do they use proven algorithms and implement them badly? Or do they just figure that they can make up something on their own, and that it will stand up to attack?
Re:I don't understand... (Score:3, Informative)
The last time I checked, $15 for a (film) disposable + $10 processing vs. $11 digital camera + $11 "processing". $25 film vs. $22 digital. I'd still go with the film just because of the better quality of photos. They're going
Re:I don't understand... (Score:5, Insightful)
Re:I don't understand... (Score:3, Informative)
It usually takes about 3 days to get them back.
I just sent 70 pictures there a few weeks ago, cost me less than $20.
Also, doing it this way you get to decide which pictures to print- so I ended up with 70 'good ones'.
Re:I don't understand... (Score:3, Insightful)
1) Increase amount of computing to save pic
2) Increase amount of time to save pic
3) Increase amount of power to save pic
Maybe they weren't so dumb... just naive
Re:I don't understand... (Score:2)
Public-key crypto might be a good idea for this... although it would depend on Ritz's ability to keep the secret key secret. All it would take is one bored, low-wage camera shop employee to leak the secret key, and all would be lost.
I suppose you could take steps to physically control access to the PC's doing the decryption, so that a cashier couldn't extract the key, but the technicians would still
Re:I don't understand... (Score:3, Informative)
Okay, there's a problem if someone gets their hands on the database, but that would be much harder to do. And remember, this is what a colleg
Re:I don't understand... (Score:2)
Re:I don't understand... (Score:2, Informative)
Re:I don't understand... (Score:2)
You don't. The camera wouldn't need a private key. The camera would have Ritz's public key and only Ritz would have their private key. Camera encrypts images with Ritz's public key. No key stored in the camera could be used to decrypt it.
Comment removed (Score:5, Informative)
Re:I don't understand... (Score:2)
Damn, damn, damn, damn! (Score:5, Funny)
I was just at Walgreens last night to try to find one of these suckers (who offer a different packaging, but same concept and circuitry). They didn't have them. I was going to go to a couple area Ritz to see if they had them. But noooooo. Slashdot broke the story and now Ritz will yank them off the shelves or others will grab them first.
Damn, damn, damn, damn! Damn, damn, damn, damn! Damn, damn, damn, damn!
why? why? why? (Score:5, Insightful)
you can get a logitech pocket digital for like 37 dollars; basically same specs, but looks a whole lot nicer and does exactly the same thing - except maybe actually storing more pictures on the internal memory.
With parts and time invested, I think it is more than worth the 26 dollars difference.
Yes i know there is the geek "i hacked my cheap-ass camera" factor, but come on... if you want to be a geek, there are more worthwhile projects on which to spend your time!
Re:Damn, damn, damn, damn! (Score:2)
I hear that these days they sell just about anything, even satellites
Re:Damn, damn, damn, damn! (Score:2)
"This is a very cheap ($12) "disposable" digital camera sold at select Ritz/Wolf Camera stores. Note that this is NOT the same as the one sold at Walgreens."
Re:Damn, damn, damn, damn! (Score:2)
Somebodie's getting Slashdotted. (Score:2)
Business Model? (Score:5, Insightful)
Depends on the deposit (Score:2)
For example, no one will put down $60 as a deposit on the camera, being told they'll get $50 back when they return the camera. And if the deposit is only $20 (for a total of $30 for the camera) people will still just walk away with 'em.
I think it'd be really hard to come up with a deposit cost that would both be ke
How... predictable (Score:5, Insightful)
Example, rather than use, say, USB cabling, use some proprietory GPIO system that only Ritz controls. Heck, patent the heck out of it. Only needs a $5 CPLD to impliment a controller, but most casual hackers don't care to get into hardware-hacking on this scale. Sure, someone will break it, but then those capable will be a limited subset of the market, and damage is minimized.
Shoot, I should apply to be a corporate consultant!
Re:How... predictable (Score:2)
Also, if someone will actually bother to make a custom USB cable, they can probably use a microcontroller as well.
Re:How... predictable (Score:5, Interesting)
Example, rather than use, say, USB cabling, use some proprietory GPIO system that only Ritz controls
Too much effort and cost. This problem can be handled in software; much cheaper.
How? I haven't seen these cameras, so I don't know for sure, but for $11 I really doubt they have an LCD display, which means that the camera has no need to be able to read the images it has taken.
Since that's the case, Ritz could just add a little bit of code to their camera and encrypt each image as it's written to flash. Simplest case, just give each camera a DES key, stored in ROM or NVRAM, and have it encrypt each while writing. DES is fast enough that it can be implemented in software on itty bitty microprocessors with no problem. AES is even faster, but DES is simpler (and there are a zillion PD implementations in whatever language you like). Users can feel free to find ways to download the images, but they'll get nothing useful.
Of course, if you could hack your camera to dig out the encryption key, you could get your pictures out without paying for "developing", but that's way too much effort.
If that's not secure enough, Ritz should just have the camera generate a random 3DES key for each image, encrypt with it, encrypt the 3DES key with a Ritz RSA public key and store the key with the photo. To break that one, someone would have to either break RSA or find a way to monitor the internals of the camera and extract the 3DES key while it's still in cleartext. Doable, but you'd pretty much have to have your camera hooked up to a bunch of equipment while taking the photos. So you could get "free" pictures of your basement... Might actually be easier just to hook inside and read the image out before it gets encrypted.
All of the code for either solution (on-camera code, manufacturing code for injecting keys, download and decrypt code for the printing) can easily be written, tested and debugged in two weeks by a competent programmer familiar with such things.
Shoot, I should apply to be a corporate consultant!
Me too!
Who didn't see this coming? (Score:4, Funny)
. . .
. . .
Anyone?
. . .
. . .
Wait, do I see one in the back? Yes? Care to explain yourself?
. . .
. . .
Ahh. Well, we have one guy in the back who was in a coma. Anyone else not see this coming?
. . .
. . .
As I thought.
-Trillian
Gotta put one in my time capsule (Score:5, Funny)
Re:Gotta put one in my time capsule (Score:2)
Bad PR for the Computer Community (Score:2, Insightful)
Woo hoo! (Score:4, Funny)
Wise idea to have it publically editable? (Score:2)
And uh, I guess he hasn't fixed that yet. Wonder how long before someone decides to delete it all?
how long till they envoke the DMCA? (Score:2)
Re:how long till they envoke the DMCA? (Score:2)
Dumb Joke (Score:5, Funny)
Ritz has a history of being hacked (Score:5, Funny)
Some more technical info.. (Score:4, Informative)
Compare and Contrast ... Ritz vs. Microsoft (Score:3)
Re:Compare and Contrast ... Ritz vs. Microsoft (Score:3)
XBOX hacking good : YES (xxx %) NO (xxx %)
Camera hacking cool : YES (xxx %) NO (xxx %)
This is a forum, with many people, some agree with you, others don't (even on this point there will be people who agree and people who don't). Some may be hypocritical, but I don't agree with you on this point, where do you see the many people saying this is a bad
Film disposables couldn't be reused.. (Score:4, Interesting)
Those film disposables are actually reuseable.. The film is in a normal 35mm cartridge.. The trick is the winding mechanism rolls the film into the camera when a shot is taken (most cameras do it the other way around). so reloading the camera is practically imposible and not worth it (you'd have to do it complete darkness)
I'm surprised they didn't do something similar to the digital cameras. Don't make it imposible, just not worth the effort. I gues they didn't try hard enough.
Re:Film disposables couldn't be reused.. (Score:3)
If Ritz had bothered to comission a modifed version of the chip th
Deja vu (Score:5, Insightful)
A $99 computer with a proprietary (QNX-based) OS on a flash disk, that was sold at a loss because the company figured they'd make money from their dialup service... Until someone found the IDE connector on the motherboard and installed something else.
Well, after a short war between the hackers and the company (including state of the art protection mechanisms as epoxy glue on the bios, torx screws, clipped IDE pins etc) the company finally had to raise the price of the unit, resulting in the sales plumeting, and in the end bankrupcy.
Now, I'm not saying it's a bad thing to hack devices like this, heck I've got an iopener (running jailbait [sf.net] linux) standing next to my main computer. But there is a good chance that soon nobody will use the $11 developing deal, resulting in the cameras getting pulled from the stores.
Just as there were lots of people happily using iopeners as they were intended, I'm sure there are lots of people happy with the service that Ritz is providing, and if so it's a shame if we, the hacker community, proceed to destroy yet another service for other consumers.
Re:Deja vu (Score:5, Insightful)
Yeah, and it shows. Try econ 201 some time.
and the battery....? (Score:2, Insightful)
How Reusable Is It? (Score:2)
Slashdot crowd not the swiftest (Score:5, Insightful)
How many people in society use disposable cameras? many hands raise How many of you know or care about taking a few hours to go to the lengths needed to get this hack done? few hands raised. To sum up for everyone crying doom for this business model:
Hacking value for fun: 8 out of 10 points.
Hacking value for ...um.... actual value: 1 out of 10 points.
In short, RTFA if you think Joe and Jane six-pack will care about this. If you still think this matters to the business plan after readinging TFA, keep refreshing untill you slashdot it again and get the I'm stupid page.
OK - but the pictures are crap so hoo cares? (Score:2)
autopsy / dissection of the camera (Score:4, Informative)
For people who don't read articles (Score:5, Informative)
1) The cameras are purchased, just like any ordinary (non-digital) disposable camera. There is no rental agreement, nothing to sign, no deposit, etc. Some previous comments have asked about this. Also, the camera IS cheap; the hardware itself costs probably no more than $25-50 to manufacture, and likely pay for themselves in 1 or 2 processings. The big draw is that you can use them in potentially hazardous environments, and if it gets destroyed or stolen, this only sets you back $11 + a few minutes to solder a new connector into a new camera.
2) The batteries are changeable by the user - they are ordinary AA alkalines. They will last much longer than 1 25-picture cycle (I haven't yet managed to exhaust a set), but when they do run down, just open the battery cover and pop in fresh ones.
3) The sensor is actually 1.3 megapixels, not 2MP as claimed on the package.
4) The picture quality is mediocre - but not nearly as bad as these [terrainhost.com] samples would have you believe (I don't know what happened to that guy's cam). Try the samples here [cexx.org] and here [maushammer.com] (middle of page) for other samples. The biggest problem seems to be motion blurs from not holding the camera steady enough (the "shutter speed" is pretty slow). The other problem is that the lens is adjusted to be in-focus at some specific point probably between 4-12 feet from the camera. In practice, your subject will usually not be exactly at the in-focus distance. While you've got the camera open to solder in a little USB socket (or whatever), you can rotate the lens to adjust it for other distances [cexx.org], up to within [cexx.org] an inch of the lens.
5) Concerns that this hack will be singlehandedly responsible for driving the cameras off the market, driving Ritz out of business, etc., seem largely unfounded. They will probably go off the market anyway - last time I was in Wolf Camera, the sales associates were actually warning people away from these cameras, saying that they would get slightly better image quality from the film disposables (for less $$, and 27 vs. 25 pictures - it's a no-brainer, come to think of it...)
Re:Mirror! (Score:2, Informative)
(please try and keep this document readable at large)
(if it grows further, it needs to be organized into separate pages)
Usably hacked! Download your pictures the fast, easy way with the bulk-transfer software for Mac, Unix and Windows. Download your pictures (actually, entire flash memory contents) the raw, 10-hour way with flashdump.c, flashdump2iso.c, and optionally chewfat.c
Re:Mirror! (Score:2)
Re:Mirror! (Score:2)
You'll take note that the error messages are database related. It has nothing to do with php not being able to handle the logic or programming needs of the website.
What is happening in this case is the database server has too many active connections at one time, and is denying the php script from any more connection attempts.
Another point. A wiki can be built using more languages than php. There are python powered [python.org] wikis too, to name but one example.
Re:Ritz Digital Camera (Score:2)
Re:Not impressed (Score:4, Insightful)
Wait...why is it my job to ensure that someone's business model succeeds? I bought the thing--let me tinker with it.
Even less impressive (Score:3, Interesting)
This business-model deserves to die a painful, CueCat-style death.
Re:Not impressed (Score:2)
I feel no compulsion to prop up stupid business models and no guilt when I break them to do something I want to do, within the bounds of the law.
Re:Not impressed (Score:3, Interesting)
As others have noticed, Ritz put together a business that relies on security through obscurity rather than through, y'know, actual security features. Some of the ideas posted elsewhere on this topic included a cheap, pattented Ritz-controlled cable, limiting the hacking to extreme hardware hackers,
Re:Not impressed (Score:2)
First attempts to extract picture data took 10 hours to read out 16MB
well, I think that they must have put up *some* kind of effort. it just wasn't enough, obviously.
Re:Not impressed (Score:2)
anyways, they should have just sold the damn cameras at profit ang get over with it. it's not like the damn cameras would have cost more than 20-40$ anyways(judging from picture quality).
and more importantly the product seems so shitty nobody technically apt wouldn't use it in the first place for the price(actually, they might rake in profit even if they were just used once with full amount of pics to test out the service and picture quality, per unit). if i w
Not violating the DMCA at all. (Score:2)
Think it through, friends and neighbors... (Gee, "think it through" rhymes with "Get a clue" but is ever so much more polite...)
Re:Not impressed (Score:2)
Evil hacker!
Re:Not impressed (Score:2)
Don't like it?
Chew harder.
Re:Not impressed (Score:3, Insightful)
Kinda like what they do with CDR for RIAA. It's such a good idea.
After they're done with that one, I think they'd better put in a levy on Craftsman tools, because home mechanics are cheating Midas Muffler out of revenue, and a levy on Tupperware containers, because we're
Re: (Score:3, Insightful)
Re:Cheap Digital Camera (Score:5, Funny)
Re:slashdotted already... (Score:2)
Re:um, that's stealing (Score:4, Insightful)
Moreover, if you "rent" something and don't stipulate a return-by date or charge a fee for extended possession, it most likely would fail to meet any legal condition for "rental". The idiocy of a company can rarely be mitigated by the idiocy of law.
Re:um, that's stealing (Score:5, Insightful)
Do you sign a rental agreement? Is there any paperwork in evidence to suggest that the transaction is anything other than a normal retail sale?
No? Then it's not stealing. It using your lawfully purchased property in the manner you see fit.
Schwab