Slashdot Mirror
Apple Files Patent for "Tamper-Resistant Code"
freaktheclown writes "The US Patent and Trademark Office has revealed that Apple has filed patent no. 20050246554 for a "system and method for creating tamper-resistant code." The system is presumably for use in Apple's Intel version of its Tiger operating system."
For those who are interested, link to the original application publication.
Why didn't I think of that?
Seriously, this idea sounds so silly, it will only invite more developers to hack OSx86 in their spare time. With OpenDarwin already ported to x86, unless they make serious changes to the OS X kernel, I doubt any measure of TPM will be able to keep people from homebrewing their Macs now.
Seeing how Apple's business model revolves mostly around hardware sales, I can understand why they'd go to such lengths to keep people from installing it on any computer they want.
Havoc Video
It's called "tamper-resistant" because the Titanic was unsinkable.
"Ancillary does not mean you get to rule the world." --U.S. Circuit Judge Harry Edwards, speaking to the FCC's lawyer
1. A method comprising: receiving a first object code block; translating the first object code block into a second object code block, wherein the translating includes applying tamper-resistance techniques to the first object code block or the second object code block; and executing the second object code block.
Sounds like a checksum would fall into that category.
I do believe HAL 9000's tamper resistant code kicked into high gear around hour 2 of 2001.
"I'm sorry Dave, I can't let you do that"
They didn't say tamper-proof. They said resistant. The scheme they describe would make it rather hard to alter they bytestream.
The Titanic was really sink-resitant...
What do you know I wrote a novel
My first reaction to this subject was "there is no code which cannot be cracked, given enough time and determination."
After looking over the article, the method reminds me of Synapse Software's SynCalc (and related) programs for the 8-bit Atari computers. They had some real good code obfuscation, and they managed to do it in less that 48K of RAM! I never did get as far as figuring out whether they were using more than one level of a virtual machine, code obfuscation, or what have you.
...that they just want people not to tamper with their code? I see no need for a patent. I recall a time when a patent was for something important: a novel idea or mechanism of some kind. Making a patent doesn't really do much, other than making it impossible for other people/companies to hack into osX 86. But then again, it was illegal anyway, so no one could (legally) hack osX x86 before this patent. Seems kind of redundant.
public class null extends java applet { System.out.print ("Tabula Rasa"); }
They are patenting Perl?
For me as an administrator in a Mac-centric company, the most interesting part of this is Apple's accomodation of Linux, Windows and the Mac OS on their intel platform while simultaneously attempting to prevent their OS from being installed on a generic intel PC. If Apple can pull it off, it will give a significant value-add to their intel boxes. That's something that Micheal Dell would give his right arm to be able to do.
20. A method comprising: receiving a system call, wherein the system call is formatted for requesting a service from a first operating system, wherein the system call is included in a first object code block, wherein the first object code block is a run-time translation of a second object code block; determining which system call services of a second operating system are needed for providing the service; determining whether system call services for servicing the system call have been disabled, wherein the determining is based on a tamper-resistance policy; servicing the system call, if the system call services for servicing the system call have not been disabled.
21. The method of claim 20, wherein the tamper-resistance policy disables system call services that access system resources.
22. The method of claim 20, wherein the first operating system is selected from the set consisting of Mac OS X, Linux, and Microsoft Windows.
23. The method of claim 20, wherein the second operating system is selected from the set consisting of Mac OS X, Linux, and Microsoft Windows.
However, the patent describes a process whereby users would be able to load one of three operating systems as their primary OS and then load a secondary operating system as their secondary OS. In the patent application, titled, System and method for creating tamper-resistant code, they describe the process as thus:
From the sound of this, Apple is indeed going to do what I had simultaneously hoped for and feared: They're going to enable people to boot into OS X and run Windows at the same time (and vice versa)-- probably very similar to the way Classic runs now.
I had hoped for this because it makes switching infinitely easier-- people can just load up Windows and their apps on their Intel-based Mac, and make a gradual transition to OS X. Those who use Windows-only vertical-market apps will have the world of the Mac opened up to them.
I had feared this because there are bound to be some cheap/lazy asshole developers who will take one look at the Windows compatibility environment, cancel the Mac versions of their products, and tell Mac users to just use the Windows versions in said compatibility environment. I'd hate to see this reverse the Mac application availability renaissance that has been going on for the last few years.
~Philly
I for one welcome our new tamper-resistant overlords.
Get your Unix fortune now!
Essentially, I cannot imagine how it could happen effectively. I program is a series of isntructions. We can talk about multiprocessor systems and all that all day long, but the fact is, it's code that is watching code to ensure it is authentic.
That said, someone could try to create a processor that does not but audit the code being run and that it be outside of the main system's functions. I can imagine a lot of things that could be done with a scenario like that... but again, just like a thousand other things, it'll be hackable.
Apple should just face the facts: Build on a system that is already populated with crackers and coders who are intimately familiar with hacking software systems, and you are giving them a new toy to play with. They had a good thing going when they were vending relatively unique hardware. Now they have decided to switch, ever increasingly, to less propietary hardware in order to save costs. They did it when they adopted PCI, PC style memory and IDE mass storage devices. Before long, people were upgrading their own systems with non-Apple stuff. Now the very core of the computer itself is being moved over to something more readily available on the market... they don't expect people to want to play?
They are going to spend a LOT of money to avoid the unavoidable... they are going to waste a LOT of money. At some point they are going to have to choose either to abandon the OSX86 project and go back to PowerPC or just live with the fact that some people will run their OS on PCs not made by them.
This article has been up on mac-centric news sites for a while now. The difference is that all the others pointed out the more interesting aspect of the new patents: You can select, from MacOS X, Windows, and Linux a primary OS and secondary OS.
So not only is Apple not preventing users from installing Windows or Linux along side OS X, they are going out of their way to enable them to do so.
Michael Dell is feeling a tightening of the rectum right about now.
And yet...slashdotters are still preoccupied with how Apple might someday try to prevent the OS from being installed on non-Apple hardware.
I think Arxan has significant prior art here. They specifically mention obfuscation. I unfortunately can't say much more other than that I've seen some demos of what they offer under NDA. I wish their web site had more meat (e.g. a white paper). I will say they have some bright guys, some of whom come from the NSA, working with them. Heck, even Gene Spafford's on their technical advisory board.
And for the paranoid, I've mentioned nothing above I couldn't find on Arxan's or someone else's public website.
Program Intellivision!
it's candle proof? it can't be narrowed?
That sounds hip and jaded, but it also belies a disturbing lack of faith in society. Next you'll declare that all employees care about, by definition, is their paycheck -- therefore they don't care if their job consists of beating children with baseball bats, as long as it pays the bills. And all politicians care about is getting elected, therefore they'll just put their feet up and masturbate once they get into office; and all men care about is sex, and all women care about is babies ... et cetera.
In this specific case, what's wrong with Apple developing technology to make its products hard to emulate or reverse-engineer? Aside from its potential for harassing pirates, I don't see the harm in it. And the harm to pirates is most likely illusory anyway, since pirates and crackers are a very, very resourceful demographic.
Tamper-proof code is still ultimately only as secure as the hardware at its weakest link, and that weakest link for Apple will be this: The DVD that a new OS upgrade ships on. Put it in the drive, read it off. From there, it's only a matter of a carefully developed emulation environment and a precise sequence of code patches until the software is just as redistributable as the latest RedHat image.
Still, and as has been said a million times already, Apple doesn't need to make it impossible - just inconvenient for the layman. And even if Apple ties its OS to its hardware with a zillion steel cables, ... what's the loss, for a company that refuses to license them separately? You wouldn't complain that the software operating your Honda Accord isn't portable to your Ford Taurus, would you? (Well, if you're a Linux rivethead, you'd probably point and laugh, but you still wouldn't complain.)
As for the Powerbook with strips "all over" the LCD ... call AppleCare and keep complaining until they take it back. A friend of mine (who now works for Apple, ironically) sent his 15" PowerBook back THREE TIMES before receiving a machine that didn't have white spots on the LCD, and Apple paid the postage both ways each time. (They also told him they were tracking all the returns in order to build a legal case against the supplier of their LCD screens.)
And as for "why shouldn't I just buy a Dell", ... I don't know, why shouldn't you just buy a Dell? Get the freaking system you'll be happy with. The rest is just slashdot-esque dick-measuring.
No worries mate, it worked out pretty good for OS/2 Warp.
The more you know, the less you understand.
I'll gladly translate into multiple dialects for you.
Marketing language:
"20. A method comprosing: receiving a system call, wherein the system call is in synergy with other components of a system, wherein the sum of the system is leveraged to meet market demands in a new and fundamentally influential way, wherein a paradigm-shift results from the impact of the novel processes and inherently forward-looking business model that thereby ensues."
Money language:
"20. A method comprising: we program our computer to do something, someone else somewhere on earth programs their computer to do something that turns out to be similar; we determine that they have a computer doing something that only we are allowed to do; we sue; we make money."
Tinfoil-hat language:
"20. A method comprising: receiving a system call, wherein the system call is formatted to include all personal information on the computer, wherein this information is then encrypted and sent off to corporate HQ servers in order to be analyzed and thereafter used against the user of the originating personal computer sytem."
(very) Plain english:
"20. A method comprising: stuff happens."
Plain english:
"20. A method comprising: A translation layer between different operating system abstraction levels. When a running program (which may have been translated from a stored version of the program) makes a system call to the operating system, this methodology will handle that system call in such a way as to be "tamper resistant." For instance, it will only allow operations determined to be acceptable."
22: The method of claim 20, wherein the first operating system is selected from the set consisting of Mac OS X, Linux, and Microsoft Windows.
23: The method of claim 20, wherein the second operating system is selected from the set consisting of Mac OS X, Linux, and Microsoft Windows.
29: The method of claim 24, wherein the machine includes an operating system selected from the set consisting of Microsoft Windows, Linux, and Mac OS X.
66: The machine-readable medium of claim 64, wherein the first operating system is selected from the set consisting of Microsoft Windows, Linux, and Mac OS X.
67: The machine-readable medium of claim 64, wherein the second operating system is selected from the set consisting of an Apple Macintosh Operating System, Linux, and Microsoft Windows.
Also, Slashdot seeks new software to spell-check all posts, especially those that misspell words in the topic title, which appears in the title bar while viewing the page.
I recently had a friend ask me for help in debugging a PHP extension for some CMS... Ah, Google to the rescue; it was SEF Advance, a Joomla extension that did... something, I never really bothered to find out. Anyway, issue was that the guy was trying to debug the script locally (maybe to add something) and it was saying that it "was only licensed to x and y domains", where x and y were the production servers. The code itself was a bunch of open source config variables, then a statement as follows:
:^D)
eval(gzinflate(base64_decode('7T39Vxs5k...')));
The parameter went on for ages. When I changed the eval to echo, I got another block of the same, only the data was different. Apparently the guy had just gzipped his code over and over (five times to be exact) and used that as "encryption" so nobody would be able to modify it. I got around it in around five minutes, and sure enough, the domains were simply an array in the decrypted (inflated?) code.
The point is, according to the parent, it looks like Apple is patenting object code encryption, which has been done many, many times before in many different ways. I'm sure that the rest of the patent indicates something "unique" (and I put unique in quotes because there's no way to know it hasn't been done before somewhere) but in the end it's just diminishing possible future innovations by a little bit, like all software patents.
(Does this mean I'm liable under the DMCA?
It's better to vote for what you want and not get it than to vote for what you don't want and get it.
- E. Debs
By separating it into 2 or more inert components and storing them seperately. How is that at all like tamper-resistant code?
It's not impossible to create code that is very difficult to alter in a desirable manner, unless that desire is to have it cease functioning. The current StarForce copy protection achieves this by encrypting the executable and libraries of the program in question, and then running them on its own virtual machine which runs at the driver level. It sounds like Apple is planning to do exactly the same thing, unless I'm misinterpreting their patent. Each of their points says: But that's just how I'm reading it.. I could be wrong. At any rate, StarForce has yet to be cracked directly, but since its main purpose is to prevent copying, other weaknesses have been exploited; mainly in the area of virtual drives. Evidently it tries to identify the drives on a system, and if it successfully IDs one, it will require the disc to be placed in that drive. To ensure forward compatibility, if it cannot identify any of the drives, it will accept any drive that the disc appears to be in. It still attempts to blacklist virtual devices though, so the virtual drive software must be obfuscated. As I said, the only successful means of defeating the protection thus far have been to alter the data external to the program; the executables and DLLs themselves have not been successfully cracked, except when the publisher opted not to use encryption.
https://www.eff.org/https-everywhere
So patents are apparently written in a very strange way for reasons that no doubt make sense to someone. Aside from converting a tree structure into a series of numbered paragraphs (this patent describes an X being comprised of Y and Z. The Y comprises a Q, R, and S. etc.) it is also written in a bewilderingly specific and yet vague way so as to at all times make it clear that whenever they talk about something in particular, they in fact mean to include stuff that they haven't mentioned and may not even have thought of.
So, having tried to wade through all of this, here's my potted summary.
A "tamper-resistant" code block can be created *automatically* (i.e. not by hand) by translating an ordinary code block into a tamper-proof code block. The tamper proof code-block may be composed of checksummed code with extra inserted code that performs arbitrary operations (using, for example, information stored on a ROM, or taken from the computer's clock, or from the user's settings) and then is expected to produce a specific result.
E.g. multiply the current time by the user's name converted into a number and subtract the checksum of the code block and produce the number it did when the code was initially "tamper-proofed".
To verify the code has not been tampered with it can be executed in an environment (a virtual machine, say) which behaves like the real environment but where system calls have no effect so that only the ancillory results are produced. If these results aren't right, the code block is rejected.
I'm probably missing a lot, but the proposed system is AT LEAST this sophisticated, which is a heck of lot more convoluted than, say, checksumming code blocks. I think figuring this out is well beyond the script kiddies that produce the majority of malware.
What the (blank) department would like to see in future Intel based Macintosh computers.
1. A multi-button mouse. With the recent "Mighty Mouse" part of this need has been address. Although, this mouse could use more ergonomic feedback and improvements. A default option from the Apple Store for the "Mighty Mouse" is fine, but additional choices for a two button or three button mouse from a pull down menu choice will give customers more flexibility.
2. The HFS+ journaled filesystem must coexist with an NTFS, or any Linux filesystem like XFS or ext3 on a multi- partition harddrive.
3. Intel based Macs should have IEEE-1394 support and have Firewire target mode and netboot from EFI (the new Intel based BIOS)
4. Intel based Macs should be able to run Windows XP SP2 on it and future Windows Vista. i.e. minimize or eliminate custom ASICs on motherboard that would cause problems installing Windows. Dual booting Intel based Macs will be desirable, but what would be even better is virtualization using Intel's Vanderpool technology to run the few Windows applications that haven't been ported to Mac OS X i.e. AutoCad, Rhino 3D.
5. Intel based Macs have to support PCI Express x16 for graphics cards. Support high end professional graphics card from Nvidia Quadro and ATI FireGL with CoreImage support is absolutely critical for engineering, scientific and the visualization industry. If possible a 3rd player supporting Mac OS X, like 3DLabs Wildcat Realizm series. This would greatly benefit the Mac OS X platform as a more serious player in the CAD and high end computer graphics industries.
Last but not least for all Macs (x86 and PPC) an easy integration with Active Directory or AFS for user login. Currently both methods require work on Mac OS X.
It's not that it's unhackable, it's just too much trouble to have been broken so far. The encryption engine and relevant microcode is hidden deep in an ASIC, and no one has been able to secure an e-beam slicer long enough to open it up. There are only a few of them at major universities and chip fab labs, and it's pretty hard to "borrow" time on them during your lunch hour for such a "project". Someday, it will probably be broken but it has served the purpose of any successful encryption system - to keep sensitive data from prying eyes until it's no longer sensitive.
Actually, no one ever really cracked the P3 DRM either, what was known was due to internal leaks, rumored to have been possibly deliberate, as NDC (Rupert Murdoch) owns their competitor, Dish Network! Anyway, the P3 hacks were all workarounds that still needed the real hardware DRM decryption engine to do the work. There was rumors of a soft decryptor, but I never saw one and personally I think that was vaporware.
-- You are in a maze of little, twisty passages, all different... --