ZuneGate '08: What Really Happened!
Here's the deal. Microsoft botched the code in the firmware for its Zune 30GB handheld players. Like a ticking time bomb, the problem started exploding for Zune owners once 2008 started transitioning into 2009. Users worldwide quickly found that their Zunes were completely locked out. Locked out as in "completely inoperable," that is: Zunes began resetting without warning or completely turning off. When a user flipped the power back on, the Zune operating system would begin to load and freeze on the actual loading screen. And no amount of begging, pleading, or cursing could fix the issue for a hapless user.
Microsoft was quick on the "solution," which I've paraphrased thusly: Wait it out. Not the best response I can think of, even though it did end up working in the end. But two larger questions remain. How did this happen in the first place, and what other unpleasant code lurks within the Zune OS? I unfortunately don't have much of an answer for the latter, but AeroXperience's own Bryant Zadegan dug deep into the code to find the Achilles' Heel that took the Zunes out of commission. You can check out the full source code right here if you want to take a look at the big picture in a more readable fashion than this blog post can provide. We've snipped down to the problem area shown below:
#define ORIGINYEAR 1980
BOOL ConvertDays(UINT32 days, SYSTEMTIME* lpTime)
int dayofweek, month, year;
//Calculate current day of the week
dayofweek = GetDayOfWeek(days);
year = ORIGINYEAR;
while (days > 365)
if (days > 366)
days -= 366;
year += 1;
days -= 365;
year += 1;
For all the non-coders out there, here's what happened. According to Zadegan, the code is designed to calculate out the year by looking at the number of days that has elapsed since a predefined ORIGINYEAR of January 1, 1980. The operating system keeps on subtracting 365 days (or 366, in the case of a leap year) from the total number of days, adding one to the year value, until it can no longer do so--thus makes the correct year.
If you're sharp, you will have noticed the single botched element in the code. On a leap year, there are 366 days in a year. December 31 is the 366th day of the year. The amount 366 is greater than 365, but it is not greater than 366. What happens then? The loop cycles back to the beginning to check the 366-day amount that's remaining. It's greater than 365 days, passing through that line of code. It's not greater than 366 days, so nothing happens. The amount loops back through the code, and loops back through the code, and...