Slashdot Mirror
Apple Files Patent for "Tamper-Resistant Code"
freaktheclown writes "The US Patent and Trademark Office has revealed that Apple has filed patent no. 20050246554 for a "system and method for creating tamper-resistant code." The system is presumably for use in Apple's Intel version of its Tiger operating system."
For those who are interested, link to the original application publication.
Why didn't I think of that?
Seriously, this idea sounds so silly, it will only invite more developers to hack OSx86 in their spare time. With OpenDarwin already ported to x86, unless they make serious changes to the OS X kernel, I doubt any measure of TPM will be able to keep people from homebrewing their Macs now.
It's called "tamper-resistant" because the Titanic was unsinkable.
"Ancillary does not mean you get to rule the world." --U.S. Circuit Judge Harry Edwards, speaking to the FCC's lawyer
I do believe HAL 9000's tamper resistant code kicked into high gear around hour 2 of 2001.
"I'm sorry Dave, I can't let you do that"
My first reaction to this subject was "there is no code which cannot be cracked, given enough time and determination."
After looking over the article, the method reminds me of Synapse Software's SynCalc (and related) programs for the 8-bit Atari computers. They had some real good code obfuscation, and they managed to do it in less that 48K of RAM! I never did get as far as figuring out whether they were using more than one level of a virtual machine, code obfuscation, or what have you.
They are patenting Perl?
For me as an administrator in a Mac-centric company, the most interesting part of this is Apple's accomodation of Linux, Windows and the Mac OS on their intel platform while simultaneously attempting to prevent their OS from being installed on a generic intel PC. If Apple can pull it off, it will give a significant value-add to their intel boxes. That's something that Micheal Dell would give his right arm to be able to do.
20. A method comprising: receiving a system call, wherein the system call is formatted for requesting a service from a first operating system, wherein the system call is included in a first object code block, wherein the first object code block is a run-time translation of a second object code block; determining which system call services of a second operating system are needed for providing the service; determining whether system call services for servicing the system call have been disabled, wherein the determining is based on a tamper-resistance policy; servicing the system call, if the system call services for servicing the system call have not been disabled.
21. The method of claim 20, wherein the tamper-resistance policy disables system call services that access system resources.
22. The method of claim 20, wherein the first operating system is selected from the set consisting of Mac OS X, Linux, and Microsoft Windows.
23. The method of claim 20, wherein the second operating system is selected from the set consisting of Mac OS X, Linux, and Microsoft Windows.
However, the patent describes a process whereby users would be able to load one of three operating systems as their primary OS and then load a secondary operating system as their secondary OS. In the patent application, titled, System and method for creating tamper-resistant code, they describe the process as thus:
From the sound of this, Apple is indeed going to do what I had simultaneously hoped for and feared: They're going to enable people to boot into OS X and run Windows at the same time (and vice versa)-- probably very similar to the way Classic runs now.
I had hoped for this because it makes switching infinitely easier-- people can just load up Windows and their apps on their Intel-based Mac, and make a gradual transition to OS X. Those who use Windows-only vertical-market apps will have the world of the Mac opened up to them.
I had feared this because there are bound to be some cheap/lazy asshole developers who will take one look at the Windows compatibility environment, cancel the Mac versions of their products, and tell Mac users to just use the Windows versions in said compatibility environment. I'd hate to see this reverse the Mac application availability renaissance that has been going on for the last few years.
~Philly
I for one welcome our new tamper-resistant overlords.
Get your Unix fortune now!
Essentially, I cannot imagine how it could happen effectively. I program is a series of isntructions. We can talk about multiprocessor systems and all that all day long, but the fact is, it's code that is watching code to ensure it is authentic.
That said, someone could try to create a processor that does not but audit the code being run and that it be outside of the main system's functions. I can imagine a lot of things that could be done with a scenario like that... but again, just like a thousand other things, it'll be hackable.
Apple should just face the facts: Build on a system that is already populated with crackers and coders who are intimately familiar with hacking software systems, and you are giving them a new toy to play with. They had a good thing going when they were vending relatively unique hardware. Now they have decided to switch, ever increasingly, to less propietary hardware in order to save costs. They did it when they adopted PCI, PC style memory and IDE mass storage devices. Before long, people were upgrading their own systems with non-Apple stuff. Now the very core of the computer itself is being moved over to something more readily available on the market... they don't expect people to want to play?
They are going to spend a LOT of money to avoid the unavoidable... they are going to waste a LOT of money. At some point they are going to have to choose either to abandon the OSX86 project and go back to PowerPC or just live with the fact that some people will run their OS on PCs not made by them.
This article has been up on mac-centric news sites for a while now. The difference is that all the others pointed out the more interesting aspect of the new patents: You can select, from MacOS X, Windows, and Linux a primary OS and secondary OS.
So not only is Apple not preventing users from installing Windows or Linux along side OS X, they are going out of their way to enable them to do so.
Michael Dell is feeling a tightening of the rectum right about now.
And yet...slashdotters are still preoccupied with how Apple might someday try to prevent the OS from being installed on non-Apple hardware.
it's candle proof? it can't be narrowed?
That sounds hip and jaded, but it also belies a disturbing lack of faith in society. Next you'll declare that all employees care about, by definition, is their paycheck -- therefore they don't care if their job consists of beating children with baseball bats, as long as it pays the bills. And all politicians care about is getting elected, therefore they'll just put their feet up and masturbate once they get into office; and all men care about is sex, and all women care about is babies ... et cetera.
In this specific case, what's wrong with Apple developing technology to make its products hard to emulate or reverse-engineer? Aside from its potential for harassing pirates, I don't see the harm in it. And the harm to pirates is most likely illusory anyway, since pirates and crackers are a very, very resourceful demographic.
Tamper-proof code is still ultimately only as secure as the hardware at its weakest link, and that weakest link for Apple will be this: The DVD that a new OS upgrade ships on. Put it in the drive, read it off. From there, it's only a matter of a carefully developed emulation environment and a precise sequence of code patches until the software is just as redistributable as the latest RedHat image.
Still, and as has been said a million times already, Apple doesn't need to make it impossible - just inconvenient for the layman. And even if Apple ties its OS to its hardware with a zillion steel cables, ... what's the loss, for a company that refuses to license them separately? You wouldn't complain that the software operating your Honda Accord isn't portable to your Ford Taurus, would you? (Well, if you're a Linux rivethead, you'd probably point and laugh, but you still wouldn't complain.)
As for the Powerbook with strips "all over" the LCD ... call AppleCare and keep complaining until they take it back. A friend of mine (who now works for Apple, ironically) sent his 15" PowerBook back THREE TIMES before receiving a machine that didn't have white spots on the LCD, and Apple paid the postage both ways each time. (They also told him they were tracking all the returns in order to build a legal case against the supplier of their LCD screens.)
And as for "why shouldn't I just buy a Dell", ... I don't know, why shouldn't you just buy a Dell? Get the freaking system you'll be happy with. The rest is just slashdot-esque dick-measuring.
No worries mate, it worked out pretty good for OS/2 Warp.
The more you know, the less you understand.
22: The method of claim 20, wherein the first operating system is selected from the set consisting of Mac OS X, Linux, and Microsoft Windows.
23: The method of claim 20, wherein the second operating system is selected from the set consisting of Mac OS X, Linux, and Microsoft Windows.
29: The method of claim 24, wherein the machine includes an operating system selected from the set consisting of Microsoft Windows, Linux, and Mac OS X.
66: The machine-readable medium of claim 64, wherein the first operating system is selected from the set consisting of Microsoft Windows, Linux, and Mac OS X.
67: The machine-readable medium of claim 64, wherein the second operating system is selected from the set consisting of an Apple Macintosh Operating System, Linux, and Microsoft Windows.
I recently had a friend ask me for help in debugging a PHP extension for some CMS... Ah, Google to the rescue; it was SEF Advance, a Joomla extension that did... something, I never really bothered to find out. Anyway, issue was that the guy was trying to debug the script locally (maybe to add something) and it was saying that it "was only licensed to x and y domains", where x and y were the production servers. The code itself was a bunch of open source config variables, then a statement as follows:
:^D)
eval(gzinflate(base64_decode('7T39Vxs5k...')));
The parameter went on for ages. When I changed the eval to echo, I got another block of the same, only the data was different. Apparently the guy had just gzipped his code over and over (five times to be exact) and used that as "encryption" so nobody would be able to modify it. I got around it in around five minutes, and sure enough, the domains were simply an array in the decrypted (inflated?) code.
The point is, according to the parent, it looks like Apple is patenting object code encryption, which has been done many, many times before in many different ways. I'm sure that the rest of the patent indicates something "unique" (and I put unique in quotes because there's no way to know it hasn't been done before somewhere) but in the end it's just diminishing possible future innovations by a little bit, like all software patents.
(Does this mean I'm liable under the DMCA?
It's better to vote for what you want and not get it than to vote for what you don't want and get it.
- E. Debs
Apple is not MS, I think they have other standards besides JUST market share.
I think they want to be BETTER in all ways, and let that sell their computers.
Jobs is a perfectionist, I think, before he is a capitalist.
You make better customers when you do this, have a superior product in all ways. How many Windows fanatics are there compaired to the Mac people. Much more? Pretty good being that MS has a 80% market share, yeah?
A patriot must always be ready to defend his country against his government. -edward abbey
By separating it into 2 or more inert components and storing them seperately. How is that at all like tamper-resistant code?
It's not impossible to create code that is very difficult to alter in a desirable manner, unless that desire is to have it cease functioning. The current StarForce copy protection achieves this by encrypting the executable and libraries of the program in question, and then running them on its own virtual machine which runs at the driver level. It sounds like Apple is planning to do exactly the same thing, unless I'm misinterpreting their patent. Each of their points says: But that's just how I'm reading it.. I could be wrong. At any rate, StarForce has yet to be cracked directly, but since its main purpose is to prevent copying, other weaknesses have been exploited; mainly in the area of virtual drives. Evidently it tries to identify the drives on a system, and if it successfully IDs one, it will require the disc to be placed in that drive. To ensure forward compatibility, if it cannot identify any of the drives, it will accept any drive that the disc appears to be in. It still attempts to blacklist virtual devices though, so the virtual drive software must be obfuscated. As I said, the only successful means of defeating the protection thus far have been to alter the data external to the program; the executables and DLLs themselves have not been successfully cracked, except when the publisher opted not to use encryption.
https://www.eff.org/https-everywhere
So patents are apparently written in a very strange way for reasons that no doubt make sense to someone. Aside from converting a tree structure into a series of numbered paragraphs (this patent describes an X being comprised of Y and Z. The Y comprises a Q, R, and S. etc.) it is also written in a bewilderingly specific and yet vague way so as to at all times make it clear that whenever they talk about something in particular, they in fact mean to include stuff that they haven't mentioned and may not even have thought of.
So, having tried to wade through all of this, here's my potted summary.
A "tamper-resistant" code block can be created *automatically* (i.e. not by hand) by translating an ordinary code block into a tamper-proof code block. The tamper proof code-block may be composed of checksummed code with extra inserted code that performs arbitrary operations (using, for example, information stored on a ROM, or taken from the computer's clock, or from the user's settings) and then is expected to produce a specific result.
E.g. multiply the current time by the user's name converted into a number and subtract the checksum of the code block and produce the number it did when the code was initially "tamper-proofed".
To verify the code has not been tampered with it can be executed in an environment (a virtual machine, say) which behaves like the real environment but where system calls have no effect so that only the ancillory results are produced. If these results aren't right, the code block is rejected.
I'm probably missing a lot, but the proposed system is AT LEAST this sophisticated, which is a heck of lot more convoluted than, say, checksumming code blocks. I think figuring this out is well beyond the script kiddies that produce the majority of malware.
Sure it runs, but it runs best when there is a remote control driving it.
My point is that Apple have logical ways that entice people to spend their money rather than hack around it, if the mac is for convienience and luxury, then hacking, possible slowdowns via emulated hardware and losing stability are simply not on the agenda.
Additionally a similar argument is that alot of Mac software doesn't come with activation(when their intel counterparts do.) This is because there is strong correlation between people that purchase macs and people who are willing to cough up the dollars for software to run on it. A person who is unwilling to pay for software, is also someone who is unwilling to pay the premium prices that apple ask for.
And Another: You can burn all your DRM iTunes Music Store songs to CDs, re-rip them and put them on any device you like... but the majority are happy with just using it on an iPod.
My point is that, by taking away trivial hacks to make OSX work on generic hardware, the people who are likely to buy a mac, still will. The people who are never going to buy a mac, will hack it and run it on any hardware they like and probably aren't interested in purchasing an apple anyway; but this will just eat away a bit of that MS Windows marketshare. (Which makes Jobs happy.)