WEBVTT

00:00:00.060 --> 00:00:04.920
JACK: I kind of want to start the show with you just talking about how

00:00:04.920 --> 00:00:07.770
the original Xbox got hacked. BUNNIE: Mm-hm. Sure.

00:00:07.770 --> 00:00:12.120
JACK: This is bunnie, or at least bunnie is his hacker handle. Back in

00:00:12.120 --> 00:00:16.800
2003 he published a book called Hacking the Xbox just after graduating from MIT.

00:00:16.800 --> 00:00:19.320
BUNNIE: Yeah, I was in MIT as a grad student at the time.

00:00:19.320 --> 00:00:24.480
JACK: Oh, and just as a random fact here, the term ‘hacker’ actually emerged from the MIT Tech Model

00:00:24.480 --> 00:00:30.240
Railroad Club in the 1960s and that ethos sort of paved the way for the hacker culture today. They

00:00:30.240 --> 00:00:35.160
were hacking model railroad sets to make them do things they weren’t intended to do, and bunnie fit

00:00:35.160 --> 00:00:40.560
right in with this hacker culture at MIT. BUNNIE: Basically, every toy, every game console

00:00:40.560 --> 00:00:46.860
I had gotten since childhood, I had always taken apart. If I got tired of playing the game,

00:00:46.860 --> 00:00:51.660
I would just change the resources in the game and get the highest score or whatever it is. It was

00:00:51.660 --> 00:00:55.980
more fun to sort of hack the games than it was to play the game itself, is the bottom line.

00:00:55.980 --> 00:01:00.360
JACK: Around this time, the original Xbox came out. Bunnie got ahold of one and found

00:01:00.360 --> 00:01:03.840
it had high-end computing parts in it. BUNNIE: When I took it apart, it was very

00:01:03.840 --> 00:01:12.180
clearly a PC to me on the inside. Being able to run my own code on it, put Linux on it, to make

00:01:12.180 --> 00:01:18.720
the game do what I want to do, right, was just a natural impulse to me. If you paid whatever,

00:01:18.720 --> 00:01:24.120
$300 it was at the time for this thing, that’s not a small amount of money particularly to a student,

00:01:24.120 --> 00:01:27.780
and then you’re told that you can’t use it for what you want to use it for. Like, what if I’m

00:01:27.780 --> 00:01:34.860
done playing games? I need a computer to write my paper. This is ridiculous. That’s the feeling

00:01:34.860 --> 00:01:39.000
that ran through my blood at the time. JACK: That’s the goal. Bunnie owned an Xbox

00:01:39.000 --> 00:01:43.260
which had all these parts that a computer would have, and he wanted to use it like a PC.

00:01:43.260 --> 00:01:48.120
BUNNIE: It was basically a high-end PC. It should be able to run my word processing software,

00:01:48.120 --> 00:01:51.720
or I should be able to just tell it to boot to a shell or something like that

00:01:51.720 --> 00:01:56.220
so I can do what I want with it. It seemed like a reasonable prospect to me.

00:01:56.220 --> 00:02:01.320
JACK: He tried to put his own software on it but there was a problem. It wouldn’t run.

00:02:01.320 --> 00:02:08.460
BUNNIE: The firmware image needed to be signed, encrypted to a key, and the key was not known,

00:02:08.460 --> 00:02:14.040
obviously, to the people who didn’t have it. I couldn’t put my own code

00:02:14.040 --> 00:02:17.220
in there unless I had that key. JACK: Challenge accepted. Forget about

00:02:17.220 --> 00:02:21.300
playing the games on the Xbox; the game now was to find this key and somehow

00:02:21.300 --> 00:02:26.580
make it so he can run his own software. BUNNIE: Right. A bunch of people were searching

00:02:26.580 --> 00:02:33.300
for it at the time. I figured they would just crack it open but they all pointed down to this,

00:02:33.300 --> 00:02:42.720
what was a hidden key that’s read from a location inside of memory that would be mapped out after

00:02:42.720 --> 00:02:49.200
you booted. The processor would wake up in the morning, it would go to a secret location,

00:02:49.200 --> 00:02:54.540
get its keys, and then it would brick over the door, turn it into a regular wall so you couldn’t

00:02:54.540 --> 00:02:58.980
find it again. Once you’re in the outside space, none of the other exploits could figure out what

00:02:58.980 --> 00:03:04.920
that key was. It was obviously hidden somewhere in the hardware, this extra-architectural feature

00:03:04.920 --> 00:03:12.420
of the Xbox. Since I was a hardware guy doing research on hardware at the time, this played

00:03:12.420 --> 00:03:17.820
into my alley so I started poking around. JACK: [MUSIC] After a lot of research,

00:03:17.820 --> 00:03:22.500
bunnie had an educated guess that this key probably travels over a specific wire,

00:03:22.500 --> 00:03:27.720
or bus. He tried to figure out a way to sniff the data that was going over that bus.

00:03:27.720 --> 00:03:35.280
BUNNIE: Simply put, I built a little circuit board that could capture the data going across that bus

00:03:35.280 --> 00:03:42.120
and log it to another piece of hardware that we could use for later analysis. Then essentially,

00:03:42.120 --> 00:03:49.860
as we boot the device, we could watch that secret ROM going to the CPU and then observe

00:03:49.860 --> 00:03:56.820
the key embedded inside that secret ROM. JACK: This worked. He captured the data which

00:03:56.820 --> 00:04:02.280
looked kind of like it could be a key. He tried using the key in different ways to test some code,

00:04:02.280 --> 00:04:07.740
but it wasn’t working. But then he used the key with a certain offset and shazam,

00:04:07.740 --> 00:04:12.060
the whole thing started being decrypted. BUNNIE: I had to pinch myself. I couldn’t believe

00:04:12.060 --> 00:04:19.320
it. Then I was like, this can’t be. This had to be a mistake in the code. It couldn’t be right.

00:04:19.320 --> 00:04:23.880
Then I just double-checked and double-checked. I was like holy cow, this is it. This is the key.

00:04:23.880 --> 00:04:29.280
I couldn’t believe it. I think it was like four a.m. and my girlfriend was asleep already so I

00:04:29.280 --> 00:04:35.520
wasn’t going to bother her, but I was jumping out of my skin. I couldn’t scream and shout so I sent

00:04:35.520 --> 00:04:44.640
a note into the IRC form that was on at the time, and other people validated it that it was correct.

00:04:44.640 --> 00:04:49.560
Then the next day, I saw my PHD advisor and told him about it, and that’s when he informed me about

00:04:49.560 --> 00:04:55.500
the DMCA and all the consequences that could have happened as a result of this. I was like oh my

00:04:55.500 --> 00:05:02.640
God, I didn’t even realize this was a thing. How [00:05:00] could this even possibly be illegal for

00:05:02.640 --> 00:05:07.740
me trying to run my own code on my own box? JACK: The DMCA, or Digital Millennium Copyright

00:05:07.740 --> 00:05:12.780
Act, specifically says it’s illegal to disseminate technology in order to circumvent copyright

00:05:12.780 --> 00:05:18.360
protections. But the excitement of cracking a key on the Xbox was thrilling. Bunnie kept

00:05:18.360 --> 00:05:22.980
tinkering with it and eventually got the Xbox to run Linux, which was a victory in

00:05:22.980 --> 00:05:27.780
this little game he set out to play. But now there was this looming issue that this whole

00:05:27.780 --> 00:05:32.700
thing might be illegal. Bunnie, being a good MIT student, wanted to do the right thing.

00:05:32.700 --> 00:05:34.680
BUNNIE: We want to do the whole responsible disclosure thing,

00:05:34.680 --> 00:05:42.600
like tell Microsoft about the problem, figure out the right way to present the research,

00:05:42.600 --> 00:05:48.000
that sort of stuff. For several months it went back and forth with lawyers and

00:05:48.000 --> 00:05:50.700
whatnot to try to figure out what was the right way to disclose the research

00:05:50.700 --> 00:05:55.080
without doing it irresponsibly. JACK: Bunnie and Microsoft came to an

00:05:55.080 --> 00:05:58.500
agreement. Microsoft said you can publish your report, but…

00:05:58.500 --> 00:06:03.660
BUNNIE: Basically, just don’t share the key. You can tell how you did it and what the research

00:06:03.660 --> 00:06:08.640
was and all the methods, but just don’t print the exact key. That’s reasonable, right?

00:06:08.640 --> 00:06:13.440
JACK: Bunnie started writing about how to reverse engineer the Xbox but he had to make a choice

00:06:13.440 --> 00:06:18.240
on where to stop with all this hacking. BUNNIE: I kind of wanted to avoid anything that

00:06:18.240 --> 00:06:26.640
could be perceived as unlawful, particularly because I wanted to go public with it and I

00:06:26.640 --> 00:06:32.280
wanted to share the results of the work. You can’t really play it both ways; either you go white hat

00:06:32.280 --> 00:06:36.900
or you go black hat, right? I just solidly decided I was going to go white hat on this one.

00:06:36.900 --> 00:06:41.940
JACK: One thing led to another and bunnie ended up writing an entire book on how to

00:06:41.940 --> 00:06:46.140
hack the Xbox and reverse-engineer it. He ended up actually self-publishing

00:06:46.140 --> 00:06:50.040
the book and sold it through his own website. Guess what? It became fairly popular.

00:06:50.040 --> 00:06:55.260
BUNNIE: Drive up to the post office with this – I had this old Maxima sedan filled

00:06:55.260 --> 00:07:00.660
floor-to-ceiling with books and envelopes. They’re like oh, it’s that guy again,

00:07:00.660 --> 00:07:07.080
that weirdo with the car full of books. They’d bring out a big whatever the rolling cartons are,

00:07:07.080 --> 00:07:11.100
and I would just dump it all in there. JACK: This book inspired many hackers to learn

00:07:11.100 --> 00:07:14.760
how to do this and to take this so much further.

00:07:14.760 --> 00:07:19.260
BUNNIE: I think the problem that every technologist faces that every technology

00:07:19.260 --> 00:07:26.220
is potentially dual-use. This happened with the atomic bomb. Some people thought they could

00:07:26.220 --> 00:07:31.800
create an energy source for humanity and other people saw a weapon. I think there

00:07:31.800 --> 00:07:38.040
is a responsibility the technologists to consider potential ethical ramifications of what they do,

00:07:38.040 --> 00:07:45.000
but it’s also not the place of the technologists to deprive all of humanity because they solely

00:07:45.000 --> 00:07:48.120
judged that the technology may be used one way or the other.

00:07:48.120 --> 00:07:52.440
It’s just something you have to be aware of in a disclosure and how you educate people how to

00:07:52.440 --> 00:08:00.000
use it. We then say oh, man, shouldn’t touch fire because fire can lead to burns. It also

00:08:00.000 --> 00:08:08.700
leads to cooking and heating and staying alive. The question does keep me up a lot at night,

00:08:08.700 --> 00:08:14.580
but at the end of the day, some people are gonna do what they want to do, right? Who am I to say

00:08:14.580 --> 00:08:21.780
what’s right or wrong? Over time, sometimes things will evolve in a direction you can’t control,

00:08:21.780 --> 00:08:27.000
but I think to each their own at that point in time. There’s only so much you can do

00:08:27.000 --> 00:08:36.120
to control destiny. JACK (INTRO): [INTRO MUSIC]

00:08:36.120 --> 00:08:42.840
These are true stories from the dark side of the internet.

00:08:42.840 --> 00:09:02.220
I’m Jack Rhysider. This is Darknet Diaries. SKITZO:

00:09:02.220 --> 00:09:09.180
Okay, I guess the best thing to start is basically from the beginning.

00:09:09.180 --> 00:09:11.580
JACK: Wait, wait, wait, before we get started, what should we call you?

00:09:11.580 --> 00:09:16.140
SKITZO: [00:10:00] Skitzo’s fine. JACK: Okay. Skitzo it is. [MUSIC] Skitzo

00:09:16.140 --> 00:09:21.660
was a member of the Xbox hacking crew called Team Avalaunch. It was big in 2009. Oh, and I

00:09:21.660 --> 00:09:25.320
should give a warning somewhere at the beginning here; this episode and the next episode, they’re

00:09:25.320 --> 00:09:30.120
explicit in nature. There are a lot of cuss words in these two, and the second one gets dark. We’re

00:09:30.120 --> 00:09:35.280
gonna talk about drugs and depression then, but if you can make it through that, holy cow are you

00:09:35.280 --> 00:09:42.180
in for an amazing story. It’s so amazing, I can hardly believe any of this, except I do believe it

00:09:42.180 --> 00:09:49.200
because I spent months fact-checking this as much as possible. But it’s still unbelievable.

00:09:49.200 --> 00:09:59.280
SKITZO: Jeez, Team Avalaunch is a collective group of hackers and hardware enthusiasts,

00:09:59.280 --> 00:10:03.780
let’s put it that way. The main focus there was Xbox. There were some members

00:10:03.780 --> 00:10:11.160
that ventured into different areas. You had individuals like Lantus that was really,

00:10:11.160 --> 00:10:18.120
really great with the emulation side of things. People like Redline,

00:10:18.120 --> 00:10:23.880
who could do wonders with networking, and then you had some greed and you had some people that

00:10:23.880 --> 00:10:28.920
took up space for God knows what. JACK: The original Xbox that came out was

00:10:28.920 --> 00:10:32.640
amazing. The graphics were stunning, the games were great. Halo was my favorite,

00:10:32.640 --> 00:10:36.960
of course. The AI of the enemies in that game was just unlike anything I’ve ever seen before.

00:10:36.960 --> 00:10:42.180
It was amazing. But after the Xbox was out for a while and that initial sheen sort of wore off,

00:10:42.180 --> 00:10:48.240
some people didn’t like the dashboard that came with it. The Xbox dashboard is the menu within the

00:10:48.240 --> 00:10:52.320
Xbox and it lets you pick the games you want to play, log into Xbox Live, look at your settings,

00:10:52.320 --> 00:10:56.880
that kind of stuff. The stock dashboard just wasn’t enough for this group of hackers,

00:10:56.880 --> 00:11:01.680
so they got together to try to make a better dashboard. They wrote the software themselves

00:11:01.680 --> 00:11:05.760
and then got the Xbox to play it. This wasn’t easy to do, to hack the Xbox

00:11:05.760 --> 00:11:11.220
into playing your own homemade software, but eventually they got it. The dashboard that Team

00:11:11.220 --> 00:11:15.960
Avalaunch made was pretty popular among the people who liked modding their Xbox. Another thing this

00:11:15.960 --> 00:11:21.300
group tried to do is play other games on the Xbox like Nintendo games and PlayStation games. You

00:11:21.300 --> 00:11:25.800
know what? They were doing it. They were hacking the Xbox to play all kinds of games the Xbox was

00:11:25.800 --> 00:11:31.140
not supposed to play. But really, if we take out our moral compass here, changing the dashboard

00:11:31.140 --> 00:11:37.500
and running emulators on your Xbox might be just entering the yellow area of hacking. Yeah, it’s

00:11:37.500 --> 00:11:41.760
against the terms of service and might be illegal, but it’s not really that big of a deal for someone

00:11:41.760 --> 00:11:46.920
like Microsoft to crack down on, investigate, or hire some lawyers to go after you.

00:11:46.920 --> 00:11:52.200
SKITZO: It was, you know, you want to do this with your Xbox, you’re gonna do this

00:11:52.200 --> 00:11:58.380
with your Xbox. But it was never a malicious attack on anything. It was a hobby.

00:11:58.380 --> 00:12:02.880
JACK: Team Avalaunch tinkered and toyed with getting the Xbox to do all kinds

00:12:02.880 --> 00:12:09.024
of things. When the Xbox 360 came out in 2005, they were all over that, too.

00:12:09.024 --> 00:12:15.840
SKITZO: That’s more or less where I come in. During that time of the OG Xbox scene,

00:12:15.840 --> 00:12:21.900
I was more into the Sony and Dreamcast scene. It wasn’t only until the 360 scene;

00:12:21.900 --> 00:12:27.720
that’s where I came in with Team Avalaunch. JACK: The Xbox 360 architecture was more secure

00:12:27.720 --> 00:12:32.880
than the original Xbox. Remember how bunnie was able to sniff that key off of one of the busses on

00:12:32.880 --> 00:12:38.460
the Xbox? Well, the 360 made it so the key never left the chip that it was on, making it impossible

00:12:38.460 --> 00:12:44.280
to do what bunnie did. All new methods for getting custom software to run on the Xbox had to be done.

00:12:44.280 --> 00:12:49.860
Team Avalaunch figured this out and built a custom dashboard for the 360. A few things were

00:12:49.860 --> 00:12:55.020
released publically for other people to also do, but a lot of hacking was just kept secret within

00:12:55.020 --> 00:13:00.480
the group and wasn’t publically shared. SKITZO: I mean, obviously we ruffled feathers but

00:13:00.480 --> 00:13:07.260
we weren’t there to play pirated games. I mean, obviously ultimately when the majority of people

00:13:07.260 --> 00:13:14.160
that will do this want to do that, I was more than happy playing CPS3 games and Super Nintendo games,

00:13:14.160 --> 00:13:23.340
and XBMC on my OG Xbox than I was more concerned about playing a pirated game.

00:13:23.340 --> 00:13:26.280
JACK: You kinda get the feel of what Team Avalaunch is up to,

00:13:26.280 --> 00:13:29.820
right? They’re figuring out how to mod the Xbox, take it apart,

00:13:29.820 --> 00:13:33.840
make it do things it’s not supposed to do. One of the members of Team Avalaunch was

00:13:33.840 --> 00:13:39.240
named Rowdy Van Cleave. He was thirty-eight years old, living in California.

00:13:39.240 --> 00:13:42.600
SKITZO: Howdy got… JACK: Hold on. I call him

00:13:42.600 --> 00:13:44.670
Rowdy. You call him Howdy. SKITZO: I call him Howdy.

00:13:44.670 --> 00:13:51.240
JACK: Okay, but he goes by both? SKITZO: He goes by both.

00:13:51.240 --> 00:13:57.000
Howdy was at the right place at the right time. [MUSIC] Howdy had a friend who had

00:13:57.000 --> 00:14:01.740
access to a recycling facility. JACK: This is an electronics recycling

00:14:01.740 --> 00:14:07.200
facility. Computers often contain a lot of toxic components and need to be disposed of properly.

00:14:07.200 --> 00:14:12.060
Rowdy heard there were Xbox DVD drives for sale at this facility, cheap. He went down

00:14:12.060 --> 00:14:17.340
there [00:15:00] to take a look. While he was down there, he found a couple of Xbox 360 motherboards,

00:14:17.340 --> 00:14:23.760
but these looked different than what Rowdy knew an Xbox 360 motherboard looked like. He took a

00:14:23.760 --> 00:14:29.760
few of these motherboards home and popped one into his Xbox 360 and booted it up. The words

00:14:29.760 --> 00:14:37.080
that Rowdy said next were ‘holy shit, this is a freaking dev motherboard.’ The Xbox 360 dev

00:14:37.080 --> 00:14:40.620
motherboards were used by programmers themselves to make video games for the Xbox.

00:14:40.620 --> 00:14:46.980
You could only get one after Microsoft vigorously screened you to be a legitimate developer. It

00:14:46.980 --> 00:14:51.600
enabled a lot more features on the Xbox and gave them extra access to do things. Under

00:14:51.600 --> 00:14:58.500
no circumstance did Microsoft ever want these in the hands of consumers, much less Xbox hackers.

00:14:58.500 --> 00:15:03.900
They called these ‘dev kits’ and they looked, acted, and worked just like a regular Xbox 360,

00:15:03.900 --> 00:15:11.580
but with a ton more features. Rowdy knew this and to him, this was a jackpot of a

00:15:11.580 --> 00:15:16.140
find. He went back to the facility to look for more and couldn’t believe what he saw.

00:15:16.140 --> 00:15:21.780
SKITZO: There were thousands and thousands and thousands of kits. Here, I’ll put it to you in

00:15:21.780 --> 00:15:29.700
this way; I had a kit that was covered in mud. That’s how the kit went to this facility. It was

00:15:29.700 --> 00:15:35.100
covered in mud. I called it the Joe Dirt Kit. I never cleaned it ‘cause I found it hilarious.

00:15:35.100 --> 00:15:39.960
I was like, what the hell did Microsoft do to these kits for it to be covered in mud?

00:15:39.960 --> 00:15:44.220
JACK: You can imagine a fairly popular and long-running Xbox hacking group

00:15:44.220 --> 00:15:50.460
stumbling upon a find like this. It’s like finding actual treasure. Rowdy was finding

00:15:50.460 --> 00:15:53.640
complete Xboxes there, too. SKITZO: These are complete kits set

00:15:53.640 --> 00:15:55.200
to be destroyed. JACK: Do you have any

00:15:55.200 --> 00:16:01.080
idea where these were coming from? SKITZO: Microsoft. I want to say probably

00:16:01.080 --> 00:16:05.220
100% of these kits were meant to die. JACK: When he says ‘meant to die’ he means

00:16:05.220 --> 00:16:10.980
recycled, destroyed, discontinued, because maybe Microsoft didn’t have a need for these anymore,

00:16:10.980 --> 00:16:14.220
or these were returned ones, or defective or something,

00:16:14.220 --> 00:16:22.560
but Microsoft just didn’t need them anymore and wanted them gone. [MUSIC]

00:16:22.560 --> 00:16:27.720
Rowdy grabbed all that he could and started passing them out to everyone in Team Avalaunch.

00:16:27.720 --> 00:16:31.980
People didn’t take just one; you took one just to take apart, and then you grabbed another to try

00:16:31.980 --> 00:16:37.320
modding it, and then you grabbed another to see what it was capable of on Xbox Live and stuff.

00:16:37.320 --> 00:16:40.800
There were so many kits going around that it was so easy to get multiples of them.

00:16:40.800 --> 00:16:45.240
It sort of became a business for Rowdy. Not that he really wanted to get rich off it,

00:16:45.240 --> 00:16:49.200
but he wanted to put the kits in the hands of Xbox hackers that he knew and trusted.

00:16:49.200 --> 00:16:54.180
SKITZO: During that time, I got introduced into it. Like hey, why don’t you have a

00:16:54.180 --> 00:16:58.080
quick peek at what’s going on here? JACK: Now Skitzo is stoked on getting his

00:16:58.080 --> 00:17:03.120
hands on one of these. The Xbox 360 dev kit is exactly the same as a regular Xbox,

00:17:03.120 --> 00:17:08.760
just with all kinds of developer options enabled. One of the most amazing things about owning a dev

00:17:08.760 --> 00:17:14.640
kit was the ability to access PartnerNet. SKITZO: Basically, it’s the developer

00:17:14.640 --> 00:17:24.000
version of Xbox Live. All kits had a, air quotes, ‘credit card’ so you could make any profile and

00:17:24.000 --> 00:17:33.060
just jump on PartnerNet and you could, if need be, purchase Xbox Live points at that time. But

00:17:33.060 --> 00:17:39.840
90% of the time, developers who put their games up for testers to get ahold of it, or to demo,

00:17:39.840 --> 00:17:46.500
and you download it. It acted exactly as retail Xbox Live did at that time.

00:17:46.500 --> 00:17:51.720
JACK: Through PartnerNet, you could potentially see and play unreleased games or unreleased

00:17:51.720 --> 00:17:56.640
patches, or unreleased add-ons for games, or unreleased maps. It was amazing for this hacker

00:17:56.640 --> 00:18:02.520
crew to all have the first peek at all this stuff. It was like the wild west for them. While playing

00:18:02.520 --> 00:18:08.340
games on it was fun and lasted a while, the hot new game was now to hack the dev kits and to see

00:18:08.340 --> 00:18:11.400
what you could get them to do. SKITZO: The goal was basically hey,

00:18:11.400 --> 00:18:19.620
how can we run code on this and what can we do to it? That was the ultimate goal;

00:18:19.620 --> 00:18:28.920
can we get an emulator running on it? Can we get MAME on this thing? Can we get anything to XBMC,

00:18:28.920 --> 00:18:33.420
things of that nature? What’s the architect behind it? What are the limits?

00:18:33.420 --> 00:18:39.660
The network presence that Microsoft took at this time was far more advanced than

00:18:39.660 --> 00:18:46.500
what the original Xbox had, with respect to connecting on Xbox Live and things like that.

00:18:46.500 --> 00:18:55.320
How was hard drive structure and the encryption? How did Hyper-V work? It was that Pandora’s box

00:18:55.320 --> 00:19:01.620
of like – to your point, how excited were you, it wasn’t necessarily exciting getting the system but

00:19:01.620 --> 00:19:06.780
getting under the hood that made it fun. JACK: This was very exciting times for Skitzo,

00:19:06.780 --> 00:19:11.340
Rowdy, and everyone on Team Avalaunch. They knew that this was something the public was

00:19:11.340 --> 00:19:15.960
never [00:20:00] meant to see and here they were, a whole team of people, hacking away at it.

00:19:15.960 --> 00:19:23.280
SKITZO: The public should never have this. It’s the gateway into all the millions of millions of

00:19:23.280 --> 00:19:29.940
dollars and manpower that you spent on securing your system. Why don’t you tape your house key

00:19:29.940 --> 00:19:35.880
to your front door when you get home? You’re pulling the curtain behind the console, right?

00:19:35.880 --> 00:19:39.660
With the right tools you can get into the console. You can see how things load. You can do timed

00:19:39.660 --> 00:19:45.660
attacks on it. You can do a number of different things to the console, have an easier time doing

00:19:45.660 --> 00:19:50.880
it than retail that’s locked up. JACK: Around this time, Halo 3 was about

00:19:50.880 --> 00:19:55.500
to be released and those who pre-ordered it got access to the beta version a few months

00:19:55.500 --> 00:20:00.000
before the release. With these DEV kits, Skitzo and the team could play the public

00:20:00.000 --> 00:20:04.920
beta version of Halo 3. Nothing really special here, but the beta only lasted a short while,

00:20:04.920 --> 00:20:09.360
just to test it, and then the game was not playable for a few months until the official

00:20:09.360 --> 00:20:15.000
release. But Team Avalaunch, using their dev kits, figured out a way to keep playing Halo 3

00:20:15.000 --> 00:20:22.260
long after the public beta was closed. SKITZO: [MUSIC] We were able to run that

00:20:22.260 --> 00:20:33.180
on PartnerNet and we were on the server that Bungee had set up and we would play.

00:20:33.180 --> 00:20:41.880
Bungee was trying to take the server down, and Bungee had a custom welcome screen for us

00:20:41.880 --> 00:20:51.960
because we kept a dev kit running called Halo 3 Dummy. Halo 3 Dummy kept that server alive

00:20:51.960 --> 00:21:02.220
so we could get in and play while after the air quotes, ‘beta time’ expired on Partners.

00:21:02.220 --> 00:21:07.260
JACK: They did so much more with these dev kits, grabbing stuff from Xbox Live and moving it to dev

00:21:07.260 --> 00:21:11.400
so that they could play it as developers. Like, you could enable things like double

00:21:11.400 --> 00:21:16.380
experience points or load up special loot. It’s like you could be a GM in many games,

00:21:16.380 --> 00:21:23.100
and they played a lot of beta games and unreleased stuff. It was great times.

00:21:23.100 --> 00:21:29.280
SKITZO: [XBOX SOUNDS] It was amazing, astonishing,

00:21:29.280 --> 00:21:32.700
to look back at all this stuff. JACK: [HALO MUSIC]

00:21:32.700 --> 00:21:37.440
Rowdy kept getting more kits to send to people, and mostly these kits would only be put in the

00:21:37.440 --> 00:21:41.100
hands of people in Team Avalaunch. He wanted to keep this secret and underground.

00:21:41.100 --> 00:21:46.320
SKITZO: But for a while it was very close-knit. It was a family.

00:21:46.320 --> 00:21:55.740
We were a family and I know that term is used a lot but all good things must come to an end.

00:21:55.740 --> 00:22:04.260
We had greed that started happening with the one guy who kept getting the kits

00:22:04.260 --> 00:22:12.540
and was always just for us, just for us, and next thing you know, shit’s starting to flood

00:22:12.540 --> 00:22:20.460
the market and every jackass out there with five hundred bucks is getting a fucked-up kit.

00:22:20.460 --> 00:22:24.720
The kits are getting into the hands of people that shouldn’t have had it, and

00:22:24.720 --> 00:22:31.320
you had garbage cans of human beings getting closer to the scene.

00:22:31.320 --> 00:22:38.700
Then you had the new bloods that came in and it was just, fuck it. Just go.

00:22:38.700 --> 00:22:43.260
JACK: Let’s talk about these new bloods. First, let’s meet Dylan. Hello, can you hear me?

00:22:43.260 --> 00:22:46.320
DYLAN: Yeah, can you hear me? JACK: Yeah, I hear you.

00:22:46.320 --> 00:22:48.900
DYLAN: Perfect. JACK: This is Dylan, right?

00:22:48.900 --> 00:22:54.240
DYLAN: Yeah, Dylan. JACK: Dylan was young. In 2010, Dylan was only

00:22:54.240 --> 00:22:59.700
14 years old. This is kind of what he meant by new bloods, right? These are young kids just getting

00:22:59.700 --> 00:23:04.980
in the Xbox hacker scene. Because Skitzo and Rowdy were much older and had been in the scene for many

00:23:04.980 --> 00:23:10.380
years at this point, they were like veterans. But now young kids like Dylan are showing up, and back

00:23:10.380 --> 00:23:21.900
then, Dylan’s hacker name was Dae, D-A-E. SKITZO: Dae came around and he really didn’t give

00:23:21.900 --> 00:23:26.280
a fuck. He truly did not care. JACK: Okay, Dylan,

00:23:26.280 --> 00:23:31.020
what is one of your first hacks? DYLAN: I got suspended twice during high

00:23:31.020 --> 00:23:34.800
school for actually getting into computer networks I probably shouldn’t have gotten into.

00:23:34.800 --> 00:23:40.680
JACK: Whoa. DYLAN: I think it was the thrill of knowing what’s

00:23:40.680 --> 00:23:44.580
behind doors that kind of got me into it. JACK: Look at this recipe; a young kid,

00:23:44.580 --> 00:23:49.620
doesn’t care much about the rules, loves video games and the Xbox, loves hacking, and is hungry

00:23:49.620 --> 00:23:55.680
to learn more and do something crazy. Combine that with a high level of curiosity, and someone

00:23:55.680 --> 00:24:01.200
who has always ‘on’ energy, you get Dylan. DYLAN: I think back then it was just not knowing

00:24:01.200 --> 00:24:10.380
what you can and can’t do. Just not being told this is wrong doesn’t necessarily go

00:24:10.380 --> 00:24:16.440
past a teenager’s mind, [00:25:00] so I think I just liked the thrill of it. It was kind of

00:24:16.440 --> 00:24:23.280
like a rush, it was like an adrenaline rush every time I got into something, and seeing

00:24:23.280 --> 00:24:30.480
things that I shouldn’t have seen. That’s kind of what makes you want to do it even more.

00:24:30.480 --> 00:24:35.940
JACK: Dylan was so fascinated with Xboxes, he wanted to learn how to hack it. Yeah, he starts

00:24:35.940 --> 00:24:40.320
joining Xbox hacker forums and hanging out in the chat rooms, and getting to know who’s who

00:24:40.320 --> 00:24:46.740
in the scene. There’s another person who showed up in the Xbox hacking scene around this time, too.

00:24:46.740 --> 00:24:50.340
Is Diane all set up? We ready to go? DIANE: I just hit record.

00:24:50.340 --> 00:24:52.680
SANAD: Yeah, she just hit record so we’re good to go.

00:24:52.680 --> 00:24:58.320
JACK: Let’s start out with you telling us your name. What is your name?

00:24:58.320 --> 00:25:03.660
SANAD: My name is Sanad Nesheiwat. For some reason on my birth certificate, the doctor’s

00:25:03.660 --> 00:25:09.480
messed up and put my middle name and first name together. That’s why it says Sanadodeh Nesheiwat.

00:25:09.480 --> 00:25:12.720
But it’s just Sanad. JACK: Sanad grew up playing

00:25:12.720 --> 00:25:16.320
console games, and loving them. SANAD: Yeah, I was definitely a hardcore

00:25:16.320 --> 00:25:23.280
gamer. I had Dreamcast, PlayStations. I’ve been gaming since I was about eight years old. I

00:25:23.280 --> 00:25:29.700
didn’t really get into that whole hacking thing up until the Dreamcast came out. That’s when I

00:25:29.700 --> 00:25:33.000
really started getting into things. JACK: Sanad is a hardware guy.

00:25:33.000 --> 00:25:39.060
SANAD: Well, I mean, I like taking things apart, figuring out what they do, and trying to modify

00:25:39.060 --> 00:25:42.660
them in ways that will benefit me. JACK: When he was younger, he had a

00:25:42.660 --> 00:25:47.040
soldering iron, oscilloscope, lots of chips, electronic parts everywhere. At one point,

00:25:47.040 --> 00:25:50.700
I asked him a question about electronics and jeez, he just went off the rail,

00:25:50.700 --> 00:25:55.200
crazy deep on me. Listen to this. SANAD: What a BGA station does, is it has

00:25:55.200 --> 00:26:00.180
heat plates and it shoots up hot air from the bottom and hot air from the top. It allows you

00:26:00.180 --> 00:26:06.120
to take the chip off and clean out the solder and put brand-new solder balls on it.

00:26:06.120 --> 00:26:10.560
JACK: Okay, okay. You get it, right? Sanad is passionate about electronics. He’s a hardcore

00:26:10.560 --> 00:26:14.580
gamer and he loves breaking things just to open them up and see what’s inside, and how they work.

00:26:14.580 --> 00:26:20.400
He loves Dreamcast and Xboxes, and these kind of things. Sanad was deep in the console hacking

00:26:20.400 --> 00:26:24.780
scene. At one point, he and a friend created a launcher that would run pirated software on

00:26:24.780 --> 00:26:29.760
the Xbox. But his friends started telling him about the Xbox dev kits that were going around

00:26:29.760 --> 00:26:35.400
in the scene at the time. His friends said… SANAD: Hey, you guys can totally use dev kits to

00:26:35.400 --> 00:26:41.820
make your launcher a lot smoother, and you can debug it in real-time, and so on and so forth.

00:26:41.820 --> 00:26:48.660
I was like alright, so we put together a PayPal donation account and a bunch

00:26:48.660 --> 00:26:52.860
of people donated so I was actually able to get everybody on the team a dev kit through

00:26:52.860 --> 00:26:58.260
Rowdy. That’s when I first got one. JACK: There was something absolutely magical

00:26:58.260 --> 00:27:03.900
about being a console hacker in 2010 and getting an Xbox dev kit in the mail.

00:27:03.900 --> 00:27:09.120
This was something you weren’t supposed to have; this was forbidden. Here Sanad is, opening it up,

00:27:09.120 --> 00:27:14.460
eager to plug it in and play it, like it’s a doorway to a magic kingdom. Oh, what fun

00:27:14.460 --> 00:27:19.680
he could potentially have with this. SANAD: My first dev kit, I actually bricked

00:27:19.680 --> 00:27:27.240
within two hours. But luckily, I had made a flash dump of it before even messing with it and

00:27:27.240 --> 00:27:32.340
I was actually able to revive it. JACK: Once he got it up and working again,

00:27:32.340 --> 00:27:35.100
it was amazing. SANAD: Going on PartnerNet

00:27:35.100 --> 00:27:41.400
was phenomenal. Imagine going on Xbox Live but everything that you download

00:27:41.400 --> 00:27:46.320
is betas and it’s all free.