[extropy-chat] FWD (SK) RFC: copy protection report

Adrian Tymes wingcat at pacbell.net
Thu Dec 1 22:15:36 UTC 2005


--- Eugen Leitl <eugen at leitl.org> wrote:
> The system is not going to be officially FIPS 140-1/140-2 certified
> and is probably not even going to be tamper-responding. However, do 
> you know many who could launch an attack like several described in
> http://www.cl.cam.ac.uk/~mgk25/sc99-tamper.pdf (notice that the
> state of the art in protection has advanced since), given that
> you only extract *a single key*?

Actually, I do know quite a handful of people who could and would, if
(and this is the kicker) they used that software or worked for someone
who did, and somehow did not have the authority to reject the software
outright because the manufacturer is obviously so worried about their
own profits that user functionality is given short shrift, so the
customer would get better value for their time and money elsewhere.

> That's got to be some truly
> expensive
> piece of software to warrant the effort. 
> 
> Would you spend 200 k$ in order to be able to make copies of one
> piece of software? 

I've seen software where people claimed a single install license was
worth at least $200K.  Quite a few of them still tried to used copy
protection.  I don't believe I'm allowed to say how many of them (or
which ones at which clients) were hacked as a matter of course, but I
can say it wasn't zero.

> > > The XBox
> > > key was only snarfed because bus traffic was in clear. If
> > > the lane between CPU and chipset is encrypted, or if the key
> > > resides within the CPU itself and executes cypher the 
> > > user never sees plain in the first place.
> > 
> > Hacker: "Ooh!  A *challenge*!"
> > (a short while later)
> > Hacker: "Okay, kiddies, here's how you get the cypher..."
> 
> Perhaps I wasn't entirely clear. Your hacker will get one (1) key.
> He will not get a meta-method by which other keys can be extracted.
> This is different from DVD and BluRay.

The hacker isn't doing it to get the key.  The hacker is testing a
procedure to get the key.  The hacker then publishes the method.  If
the hacker's method isn't cheap, other people publish refinements -
hacks of the hack, if you will - to make it so.

> "Invasive Attacks
> Depackaging of Smartcards
> 
> Invasive attacks start with the removal of the chip package. We heat
> the card plastic until it becomes flexible. This softens the glue and
> the chip module can 
> then be removed easily by bending the card. We cover the chip module
> with 20�50 ml of fuming nitric acid heated to around 60  C and wait
> for the black epoxy res
> in that encapsulates the silicon die to completely dissolve (Fig. 1).
> The procedure should preferably be carried out under very dry
> conditions, as the presence
>  of water could corrode exposed aluminium interconnects. The chip is
> then washed with 2
> 
> The next step in an invasive attack on a new processor is to create a
> map of it. We use an optical microscope with a CCD camera to produce
> several meter large 
> mosaics of high-resolution photographs of the chip surface. Basic
> architectural structures, such as data and address bus lines, can be
> identified quite quickly
>  by studying connectivity patterns"
> 
> Noticed something? Remember, all you for your pain is just one (1)
> key.

The basic architectural standards will remain the same from chip to
chip.  This includes the location of the circuits which encode the
key.  Simpler methods to obtain the key from similar chips can then be
deduced - say, using remote sensing which induces current through the
packaging, or a specific (undocumented) series of inputs to the chip.

> TPM is being shipped in many systems as we speak. Just as in DRM
> (the rights are being taken away from you), with TPM the computer
> no longer trusts its owner (and the owner no longer can trust his
> computer).

You mean this TPM?
http://www.hackinthebox.org/modules.php?op=modload&name=News&file=article&sid=18613&mode=thread&order=0&thold=0

(For those who don't want to click: the link goes to a news post
detailing the latest version a set of of TPM hacking tools, implying
it's been rather thoroughly defeated.)

> The general public a) is not aware what it is buying b) does not
> oppose DRM because it craves premium content so badly it waives
> its firstborn in the EULA.

You mean this type of EULA?
http://www.theregister.co.uk/2001/11/28/us_court_ruling_nixes_software/

(For those who don't want to click: it's about a ruling in the 2001
case of Adobe vs. Softman that software purchases be treated as sales
transactions, rather than explicit license agreements.  In other words,
that shrinkwrap EULAs are completely invalid.  It's only a local court
ruling, but it seems to be the highest precedent for EULAs so far.  If
anyone pressed it to a higher court, and the court upheld the precedent
as many courts often do, EULAs would lose their value even as a threat
in whatever area the court had jurisdiction over.)

...okay, I'll stop now.  ^_^;

> Here's an Office install. Please fashion an installable package from
> it.
> Oh, I forgot, it's self-decrypting from system fingerprint, so you'll
> have do some extra work.
> 
> Can *you* do it? Do you know many people who can?

If I had sufficient motivation.  (No, proving a point in discussion
isn't enough, especially if there's doubts that even that would
honestly convince you.)  I also know people who would do it for enough
money - say, in the tens or hundreds of thousands of dollars - and a
tightly written contract to prevent you from getting out of it with
"clarifications of what I meant" after they produce something that will
install Office on a Windows computer.

Although, frankly, if my motivation was just to get cracked Office
software, I'd probably get it faster (and with a lot less effort) by
combing the Web for others who have done it.  Office isn't $200K per
install - closer to $200 - and my time *is* valuable.  If I simply want
to use the thing for less money - which is, in the end, the most common
motivation in these cases - I don't care much about whether I crack it
myself, except as a means to an end.

> > > Extra points for computing a hardware
> > > fingerprint,
> > > and generate that code server-side as-u-wait (works especially
> well 
> > > for firmware).
> > 
> > Compare two installs.  See where they differ.  That's where the
> 
> 1) You will need *two* installs

So?  The desired end result is lots and lots of installs.  Paying for
only 2 installs is nothing if you're worried about paying for 100
installs.

> 2) Have you ever compared two live installations?
> 3) Have you heard of chaff? Watermarks?

Yes and yes.  So I duplicate the watermarks too.

> Have fun tracing the (obfuscated and stripped) installer. I have
> truly
> not expected demigod hackers on this list, I must admit.

*cough*  Not to brag too much, but yes, I have been paid to hack
systems before.  Of course, I'll only cop to completely lawful
instances, like this one where some people I built a system for
(writing my own code) lost the administrator password, and hired me to
hack back in through my own security to fetch it.  They owned the
system; the only copyright violations were with the full knowledge and
consent of all relevant copyright owners.  Good thing they only wanted
it to be secure against network intrusions, but were willing to give me
physical access.

I also know hackers who are far, far better than I am, and when to turn
to them for a job.

> Three strikes, and you're out (have to call the support line).

And you're using a competitor's product.  The point of this is that
trying to require copy protection winds up losing sales - over and
above how well it does or doesn't work.

> Yes, ain't DRM a bitch.

Enough to motivate an average user of that complex a system - and,
let's face it, $200K-per-install software kind of implies only
technical, sophisticated users with enough business behind them to
afford it (and who are smart enough to know when they're being played
like this) - to go elsewhere.

> You might be surprised that things have changed since the Commodore
> 64 days.
> There aren't too many users with hex editors these days, and you
> don't really
> want to handle a 300 MByte installation at that level.

Only the hacker needs a hex editor.  The hacker can then write a
program for script kiddies to download, with knowledge gleaned from the
hex editor.  (Actually, that's not hypothetical - that's how it really
does happen sometimes.)

By the way, if you want a good hex editor for Windows,
http://www.jbrowse.com/products/axe/ has given me fairly good results.
Note their pricing: the price itself is part of the copy protection,
because they know most of their users know when something's cheap
enough to be easier to buy than to hack.  (In fact, it could be argued
that this is the only form that really works.  Commercial pirating
operations have to be able to sell far enough below the manufacturer to
be noticed, but high enough above their own costs to make a profit.
Noncommercial pirating operations are more about face value than actual
money, so they aren't competitors in the traditional sense - and enough
has been written about how commercial operations can tolerate or even
take advantage of them that I shouldn't have to repeat it here.)



More information about the extropy-chat mailing list