Decided to hack the Keurig 2.0 DRM

To be honest, this isn't really much of a hack. There are far more complicated things that can be done.

As for my story, it's pretty simple. I never liked limits, and I had a lot of people trying to impose them on me.

The earliest hack I can remember was sitting in the nursery at church. I would have been 5-6-ish years old at the time. My mother was in the choir, and I was bored, so I wandered around. The toys were stored in a cabinet, locked with a Master combination lock. I spent a fair amount of time manipulating it - feeling the mechanism out, finding the sticking points, getting a feel for where it would stick if the shackle was pulled on. I got it open by feel.

After that, I moved on to other things, like improvised picks with paperclips for my parent's filing cabinets. I discovered that cheap bike locks like this have a bit of wiggle on their dials when they are loose on the correct number.

The school district I was at was poor. The classrooms all had Apple IIs, so I was able to break out and mess around with ProDOS. Later, I convinced my grandparents to give me an old 8086 clone (Cordata 2MHz) they had sitting around and my family purchased a CompuAdd 286. It had a graphical interface of sorts (ASCII art).

Sometimes my games would drop me to a dos prompt, and I asked my parents why. Their answer, which sticks with me to this day, was one of the defining moments in my life. They told me not to worry about it, that I didn't need to know. They told me to simply type "dosshell" (to get back to this menu). I made it my personal crusade to know what was going on.

I started to collect DOS manuals and editions. PC DOS. MS DOS. Every version I could get my hands on. I saved up money to buy DOS manuals. I asked for them for birthday presents. I learned to use the terminal, and looked at the programs that came with them. DOS 2.11 (for example) had some neat TSRs and would play synthesized music, which I thought was awesome. They were written in BASIC. I started looking at other BASIC programs - grabbing old copies of 321 contact magazine (which had a basic program in each issue). My mother had a BASIC guide that she had of her own - I started modifying things, changing them. It became a bit of an obsession.

My parents tried to reign me in a bit, buying a piece of security software to lock me out without permission. I stayed up late that night, snuck down, bypassed the password and system (Direct Access 5.1), wrote a note about how I did it and went to bed.

We upgraded to a Pentium running Windows 3.1 (Acer). The internet opened up my horizons a bit. Before, I was on my own - now I had access to information, to equipment I couldn't get access to on my own. I learned that saltine crackers could make a fairly convincing vomit in the toilet for getting out of church. I learned to do everything in Character Map when they took the keyboard. I fixed computers for money, and cobbled together a computer from spare parts and hid them throughout my desk. The "broken" monitor on top could be connected to the various components in drawers; as long as there was no case, my parents had no clue where the system was. I played around at home and at school, finding joy in the tools I found at the "El Grande Mac Hacks" and Materva's place on intersurf.net.

I hacked a small, one-man ISP. Instead of prosecuting me, he gave me a server to play with. I owe him a lot. I was on dial-up, so I went towards Linux. Slackware and RedHat initially. Later, CentOS, Trustix, Debian, Ubuntu, Linux From Scratch, embedded - whatever I could get my hands on, whatever I could learn from.

I tried my hand at game hosting, and discovered that on the internet, nobody knows you're a twelve year old. I started coding, and making pretty decent money as a kid. My first site was through a connection through my parents church, doing a site in Perl for a surprisingly large corporation. I parsed their item .csv to make HTML.

At 15, I joined with a group of people to put together a piece of software. At 30, I'm still doing that, and I hack things for fun and profit. I'm working 2 jobs, a full-time student, and doing a startup because it fits my goals. I get stressed, or bored, and I go hack things. Something catches my fancy, and I spend however long it takes to do it. This time around it was a Keurig. Sometimes, it's games. I've had it be a bank (PoC only, against my own accounts), or an audiobook company, electronic safes, home automation, locks, calculators, PHP apps - take your pick. I pick a target, stick with it, and compromise it. I don't do anything that harms others, and companies generally appreciate a "heads up" from a white hat - they get to fix a problem before it's an issue.

Sometimes, I get paid to hack. I worked for a year or so in the Security Operations Center for a very large military contractor. It was neat - I got to own them. Repeatedly.

As for the "required skills", it's more thinking outside the box and paying attention than anything else. I'll give you an example:

Symantec has acquired a number of providers of internet certificates. One of these companies offered a $20 email certificate. What's interesting about this particular company is that they did not set the certificate usage to limit it to sending emails. They really should have. When I purchased their certificate, I took a look at it, and I happened to notice this fact and store it for later.

Later, we started running into issues with Authenticode. We sold software for Windows, and it was not signed. Computers complained. Code signing certificates are expensive. 1 years from Symantec costs $500 or so, and from what I remember, they cost more back then.

/r/electronics Thread Link - youtu.be