Slashdot Mirror
Apple Files Patent for "Tamper-Resistant Code"
freaktheclown writes "The US Patent and Trademark Office has revealed that Apple has filed patent no. 20050246554 for a "system and method for creating tamper-resistant code." The system is presumably for use in Apple's Intel version of its Tiger operating system."
My first reaction to this subject was "there is no code which cannot be cracked, given enough time and determination."
After looking over the article, the method reminds me of Synapse Software's SynCalc (and related) programs for the 8-bit Atari computers. They had some real good code obfuscation, and they managed to do it in less that 48K of RAM! I never did get as far as figuring out whether they were using more than one level of a virtual machine, code obfuscation, or what have you.
...that they just want people not to tamper with their code? I see no need for a patent. I recall a time when a patent was for something important: a novel idea or mechanism of some kind. Making a patent doesn't really do much, other than making it impossible for other people/companies to hack into osX 86. But then again, it was illegal anyway, so no one could (legally) hack osX x86 before this patent. Seems kind of redundant.
public class null extends java applet { System.out.print ("Tabula Rasa"); }
For me as an administrator in a Mac-centric company, the most interesting part of this is Apple's accomodation of Linux, Windows and the Mac OS on their intel platform while simultaneously attempting to prevent their OS from being installed on a generic intel PC. If Apple can pull it off, it will give a significant value-add to their intel boxes. That's something that Micheal Dell would give his right arm to be able to do.
20. A method comprising: receiving a system call, wherein the system call is formatted for requesting a service from a first operating system, wherein the system call is included in a first object code block, wherein the first object code block is a run-time translation of a second object code block; determining which system call services of a second operating system are needed for providing the service; determining whether system call services for servicing the system call have been disabled, wherein the determining is based on a tamper-resistance policy; servicing the system call, if the system call services for servicing the system call have not been disabled.
21. The method of claim 20, wherein the tamper-resistance policy disables system call services that access system resources.
22. The method of claim 20, wherein the first operating system is selected from the set consisting of Mac OS X, Linux, and Microsoft Windows.
23. The method of claim 20, wherein the second operating system is selected from the set consisting of Mac OS X, Linux, and Microsoft Windows.
However, the patent describes a process whereby users would be able to load one of three operating systems as their primary OS and then load a secondary operating system as their secondary OS. In the patent application, titled, System and method for creating tamper-resistant code, they describe the process as thus:
From the sound of this, Apple is indeed going to do what I had simultaneously hoped for and feared: They're going to enable people to boot into OS X and run Windows at the same time (and vice versa)-- probably very similar to the way Classic runs now.
I had hoped for this because it makes switching infinitely easier-- people can just load up Windows and their apps on their Intel-based Mac, and make a gradual transition to OS X. Those who use Windows-only vertical-market apps will have the world of the Mac opened up to them.
I had feared this because there are bound to be some cheap/lazy asshole developers who will take one look at the Windows compatibility environment, cancel the Mac versions of their products, and tell Mac users to just use the Windows versions in said compatibility environment. I'd hate to see this reverse the Mac application availability renaissance that has been going on for the last few years.
~Philly
Essentially, I cannot imagine how it could happen effectively. I program is a series of isntructions. We can talk about multiprocessor systems and all that all day long, but the fact is, it's code that is watching code to ensure it is authentic.
That said, someone could try to create a processor that does not but audit the code being run and that it be outside of the main system's functions. I can imagine a lot of things that could be done with a scenario like that... but again, just like a thousand other things, it'll be hackable.
Apple should just face the facts: Build on a system that is already populated with crackers and coders who are intimately familiar with hacking software systems, and you are giving them a new toy to play with. They had a good thing going when they were vending relatively unique hardware. Now they have decided to switch, ever increasingly, to less propietary hardware in order to save costs. They did it when they adopted PCI, PC style memory and IDE mass storage devices. Before long, people were upgrading their own systems with non-Apple stuff. Now the very core of the computer itself is being moved over to something more readily available on the market... they don't expect people to want to play?
They are going to spend a LOT of money to avoid the unavoidable... they are going to waste a LOT of money. At some point they are going to have to choose either to abandon the OSX86 project and go back to PowerPC or just live with the fact that some people will run their OS on PCs not made by them.
I think Arxan has significant prior art here. They specifically mention obfuscation. I unfortunately can't say much more other than that I've seen some demos of what they offer under NDA. I wish their web site had more meat (e.g. a white paper). I will say they have some bright guys, some of whom come from the NSA, working with them. Heck, even Gene Spafford's on their technical advisory board.
And for the paranoid, I've mentioned nothing above I couldn't find on Arxan's or someone else's public website.
Program Intellivision!
Have you seen this? It's just scary!
Look out!
There's an iso standard for how water resistant watches have to be to get the 30/50/100/200/1000 metre resistant mark.
A 30 metre resistant watch will probably survive washing up, or wearing in the shower. a 50 should survive surface swimming. a 100 should survive diving to 10 metres, a 200, should survive diving to 30 metres and a 1000 to as deep as humans have ever been and survived.
The standards are ISO 2281 and ISO 6425 if anyone cares.
Official GOD FAQ.