Page 6 of 11 « First 45 6 78 Last »
Reply
Thread Tools
allnameswereout's Avatar
allnameswereout is offline allnameswereout
2009-10-11 , 20:20
Posts: 3,397 | Thanked: 1,212 times | Joined on Jul 2008 @ Netherlands
#51
Originally Posted by vivainio View Post
I don't think there is a full VM/emulator for maemo either. Or are you saying you got useful work apart from compilation done on ARM qemu? ;-)

IIUC the sdk vm images they are shipping are just ubuntu images with scratchbox.

You could theoretically create a hacked kernel image that "looked like" the "secure" one for the applications, bypassing the Fritz chip completely, but I don't see the point. It's probably easier for the consumer just to skip the services that require DRM and stay in the "Open" mode.
No, not necessarily a hacked kernel, actually if it checks checksum right after bootloader that is gonna be a bit hard. Provided it doesn't use CRC32 for that.

We're not talking about the average consumer. Or, at least, I am not. I'm talking about a Maemo version of Jon Lech Johansen.

Since one can (theoretically) run the whole Maemo 5 OS on SBox, the hacker can indeed use a rootkit for QEMU. Once that is works its childs play to jailbreak the device. For example, spoofing or ignoring some system calls. MITM is also a potential vulnerability. Or one local hole in one of the bundled software.
__________________
Goosfraba! All text written by allnameswereout is public domain unless stated otherwise. Thank you for sharing your output!
 
vivainio is offline vivainio
2009-10-11 , 20:49
Posts: 222 | Thanked: 205 times | Joined on Jul 2009 @ Finland
#52
Originally Posted by allnameswereout View Post
No, not necessarily a hacked kernel, actually if it checks checksum right after bootloader that is gonna be a bit hard. Provided it doesn't use CRC32 for that.
The device would be running in "open" mode with the hacked kernel, so the checksum failure is not a problem. The hacked kernel can do anything it wants, including "impersonation" of the locked down kernel to applications. How applications can determine whether or not they are running in the open or locked environment is anyone's guess now that the system is not deployed yet. Basically, I'm thinking of the use case where you have an app that wants to run in closed environment, but can be fooled to think it has such an environment when it in fact doesn't (so it would store drm keys to normal filesystem, etc...).

We're not talking about the average consumer. Or, at least, I am not. I'm talking about a Maemo version of Jon Lech Johansen
.

Yep, that's the only "target audience" you need to think of when designing a system like this ;-). We can imagine there will be people with custom hardware trying to hack this thing. Again, hacking doesn't seem to be "required" to use this phone normally (unlike w/ android and iPhoneOS), so I don't care either way.

Since one can (theoretically) run the whole Maemo 5 OS on SBox, the hacker can indeed use a rootkit for QEMU.
SBox doesn't run the target kernel, which is the most important part in scheme like this, so attacks from this direction are probably ineffective.
 
allnameswereout's Avatar
allnameswereout is offline allnameswereout
2009-10-11 , 21:19
Posts: 3,397 | Thanked: 1,212 times | Joined on Jul 2008 @ Netherlands
#53
Hmmm, you're right about SBox, but you already do run a Linux kernel. You could run the very same Maemo 5 Linux kernel in an ARM emulator (QEMU...). However because the hardware isn't emulated it probably won't work in that DRM-mode even though you enabled it.

What is even easier is if you can run QEMU on the N900 itself. For that it needs host and guest support. You then backdoor the QEMU VM, and let it run everything signed, while in reality you're in control via the backdoor (rootkit). From there the hard core fun part begins.

At least you can execute arbitrary code, and start debugging to learn how the DRM works. Then you need to develop a library which emulates the DRM and you're done. Or just hexedit the DRM library a bit. SoftICE would also help. The part to pay attention to is where it determines authentication is correct or not.

On OSX it'd be wiser if they'd keep their jailbreak intact and gradually figure wtf changed in the new firmware and slowly but surely import the new binaries in an already broken jail.

I don't care much either, btw. I find Comes With Music a rather fair service. Plus, I do wish it'll be easy to make micro payments. Like for example, a week subscription for Ovi, signed up & paid for in 3 or 4 'touches'. Lost in Spain? Bah. Buy a license for 5 EUR.

Besides, its the freedom of the developer to pick DRM. I just don't believe it generally works well unless its some kind of bulk service like Comes With Music. As soon as it really pisses off a talented techie the system will fail. Cause you gave him or her the itch to scratch.
__________________
Goosfraba! All text written by allnameswereout is public domain unless stated otherwise. Thank you for sharing your output!
Last edited by allnameswereout; 2009-10-11 at 21:22.
 
tso's Avatar
tso is offline tso
2009-10-11 , 21:33
Posts: 4,783 | Thanked: 1,253 times | Joined on Aug 2007 @ norway
#54
Originally Posted by allnameswereout View Post
Or, at least, I am not. I'm talking about a Maemo version of Jon Lech Johansen.
heh, the guy didnt really write the decryption bit of decss, what he did was make a windows front end, and distribute it on a web site registered in his name.

he was used as a example to try and scare others, only their choice of law to charge him by was poor. Said legal hole have later been closed, iirc...

whole thing was a legal circus on par with the pirate bay trial...
__________________
Be warned, posts are often line of thoughts at highway speeds...
 
tso's Avatar
tso is offline tso
2009-10-11 , 21:39
Posts: 4,783 | Thanked: 1,253 times | Joined on Aug 2007 @ norway
#55
Originally Posted by VRe View Post
Well, if they do the DRM right, it works the opposite way. The binary is encrypted and will not run without it being decrypted by the chip and maybe some more. The whole chain to start the process is also verified with checksums etc., so one should not be able (easily) to dump the unencrypted version from the memory. The same way the whole audio chain is locked when an DRM'd music is played.
sounds like the trusted platform module (note that trust in this case is coming from the media companies and others that want to trust YOUR computer can not do something THEY dont like) that supposedly is the basis for the microsoft's next-generation secure computing base (NGSCB, also known as palladium).
__________________
Be warned, posts are often line of thoughts at highway speeds...
 
allnameswereout's Avatar
allnameswereout is offline allnameswereout
2009-10-11 , 21:58
Posts: 3,397 | Thanked: 1,212 times | Joined on Jul 2008 @ Netherlands
#56
Originally Posted by tso View Post
sounds like the trusted platform module (note that trust in this case is coming from the media companies and others that want to trust YOUR computer can not do something THEY dont like) that supposedly is the basis for the microsoft's next-generation secure computing base (NGSCB, also known as palladium).
Thanks for refreshing memory regarding Jon. There can be various persons involved. If you do reverse engineering is even recommended. The guy who writes the frontend is important for end-users, but the guy who cracks the DRM is also important, obviously, as well as the guy who documents the specification. Maybe can be thrown again at 'implementing proprietary standard for interoperability' like with DVD.

The 'trust' is assigned to whoever owns the master keys. That could be anyone. IOW you can use hardware-based authentications like Fritz chip to your advantage. End-users can, power-users can, corporations can, government can, and those who sell you trojan horse with tech product can as well.

We have never seen a corporation sued for stopping DRM service of paid content (Microsoft, Google, ...), use remote killswitch (Apple, Amazon), intentionally crippling hardware (Nintendo, Sony), or heck using DRM itself on remote devices...
__________________
Goosfraba! All text written by allnameswereout is public domain unless stated otherwise. Thank you for sharing your output!
 
tso's Avatar
tso is offline tso
2009-10-11 , 22:27
Posts: 4,783 | Thanked: 1,253 times | Joined on Aug 2007 @ norway
#57
Originally Posted by allnameswereout View Post
We have never seen a corporation sued for stopping DRM service of paid content (Microsoft, Google, ...), use remote killswitch (Apple, Amazon), intentionally crippling hardware (Nintendo, Sony), or heck using DRM itself on remote devices...
i could have sworn there was rumblings of class actions on both one of the DRM server shutdowns, and the amazon kindle mess, but at either time the corporation involved relented in some way so that the whole thing dried up...
__________________
Be warned, posts are often line of thoughts at highway speeds...
 
qgil's Avatar
qgil is offline qgil
2009-10-12 , 09:31
Posts: 3,105 | Thanked: 11,088 times | Joined on Jul 2007 @ Mountain View (CA, USA)
#58
Just found http://mer-l-in.blogspot.com/2009/10...iberation.html - cool!

I'll try to get Elena's slides up asap. I don't even know whether she is working today so bare with us if it takes one day.

We'll keep checking the wiki page and answering there (mostly Elena since she is the specialist). I'll keep also following here in order to help clarifying things on the emotional side.

For instance:

DRM is not in the way if you want to enjoy free content or free apps. It's not that you would need to choose between "official stuff + DRM" or "community stuff + freedom". In practice the use cases might well be:

- User has a DRM enabled device as it came out of the box, with DRM and DRM-free content and applications.

- User has a DRM enabled device as it came out of the box, but the DRM feature is unused since he deals only with DRM-free content and apps.

- User really can't stand DRM and he has gone to DRM-free mode (officially documented and legal), keeping the same access to all the non-DRM content and applications, free or commercial.

About the lock-in "feature", the Maemo 6 security framework technically enables the possibility to configure locked systems, which is a potential requirement from e.g. operators. Another different question is whether there is a corporate customer interested in the commercializations of such devices. What we are saying is that no matter what user will have access to new Maemo flagship devices unlocked, at least through the official Nokia distribution channels.

My *personal* opinion with my software freedom hat on: if someone voluntarily signs a contract with an operator for a locked-in device and voluntarily purchases DRM apps or content, then I don't see what ownership and freedom rights can he really claim. If freedom is so important for someone then get an unlocked device, get DRM-free apps and content and be good with it.

About the simplest way to switch from one mode to the other, it's too soon to tell. I guess the desirable scenario would probably be rebooting from one mode to the other e.g. through an option in the power button menu. We'll see.
__________________
http://maemo.org/profile/view/qgil/ + http://qt-project.org
 

The Following 6 Users Say Thank You to qgil For This Useful Post:
ewan's Avatar
ewan is offline ewan
2009-10-12 , 09:45
Posts: 445 | Thanked: 572 times | Joined on Oct 2009 @ Oxford
#59
If Nokia supplies devices in such a locked down configuration then you're going to have real problems with any software licensed under the GPLv3 because of its 'anti-tivoisation' provisions. AIUI the Maemo platform (unlike e.g. Android) has quite a lot of FSF/GNU software in it, and they're obviously keen to push GPLv3.
 
eiffel's Avatar
eiffel is offline eiffel
2009-10-12 , 10:07
Posts: 600 | Thanked: 742 times | Joined on Sep 2008 @ England
#60
Originally Posted by qgil View Post
...What we are saying is that no matter what user will have access to new Maemo flagship devices unlocked, at least through the official Nokia distribution channels...
Provided that remains true in the future, then we have no problems.

Originally Posted by qgil View Post
...if someone voluntarily signs a contract with an operator for a locked-in device and voluntarily purchases DRM apps or content, then I don't see what ownership and freedom rights can he really claim.
Fair comment, if the user genuinely understands what's going on (which is often not the case when carriers cripple a product).

I would really like to see Nokia require carriers to use a different model number (or at least a suffix) when they provide a device with different functionality compared to the device provided directly by Nokia. At the moment, some carriers do this anyway, and some don't.

Regards,
Roger
 

The Following 2 Users Say Thank You to eiffel For This Useful Post:
Reply
Page 6 of 11 « First 45 6 78 Last »

Tags
drm, harmattan, maemo 6, windows

« Previous Thread | Next Thread »

 
Forum Jump


All times are GMT. The time now is 06:42.

Contact Us - Home - Archive - Top