How Encrypted Binaries Work In Mac OS X

An anonymous reader writes "By now we know that OS X uses encrypted binaries for some critical apps like Dock, Finder and LoginWindow. Amit Singh explains the implementation of this protection scheme which makes use of the AES crypto algorithm and a special memory pager in Mach. The so called Do Not Steal Mac OS X (DSMOS) kernel extension helps along the way by decrypting things for the special pager when apps get executed. A funny thing is that if you print the pointer at address 0xFFFF1600 in your own app you get as output Apple's karma poem for crackers! According to the article there are 8 protected binaries in OSX including Rosetta and Spotlight meta data demon. Interestingly Apple's window server is NOT one of those."

It sure was simpler back in the day!

[KlaymenDK]

This is not the first "Do not steal Mac OS" they've done, although the first version never really got tested in action.

http://www.folklore.org/StoryView.py?project=Macin tosh&story=Stolen_From_Apple.txt&sortOrder=Sort%20 by%20Date&detail=medium&search=stolen

History repeating! :D

Re:Signed binaries = good, encrypted binaries = ba

[Wizard+Drongo]

Actually they're up to about 6% marketshare in the USA, and I think about 8% in the EU. And as for relevance, Apple, like Google are figureheads. When Apple do something, the rest of the market take notice. Like Widgets in OS X 10.4.....after Apple released this, Microsoft weighed in with 'Gadgets' (Yes, I know widgets come from Konfabulator, but Apple made them famous, and after Apple did so, Yahoo! bought Konfabulator, something that wouldn't have happened without Apple copying it in Tiger). So what Apple do is important because you tend to find 6 months after Apple do something, everyone else does too. I wouldn't be at all surprised if Microsoft use the encrypted binary idea in Vista SP1 or whatever comes after Vista (too late to put in Vista). I also wouldn't be at all surprised if Microsoft totally screw it up.

Re:One reason not to encrypt the windowing system

[Trillan]

No, SystemUIServer is the process that runs Apple's menu do-dads, like the battery indicator, volume menu, iChat menu, keychain menu, clock, spotlight menu... basically, everything in the top right corner. Except for menus that 3rd party applications add, which are always to the left of the SystemUIServer items.

Originally, developers could inject their own menus into it if they figured out Apple's undocumented API for it. However, Apple shut that down (in 10.2, I think) since an unstable menu would destabilize all of Apple's menus. They're all run in the same address space, presumably to allow Apple to cut some corners in their command-drag reordering system. After 10.2, some developers hacked it to allow them to inject other menus into it. Maybe that's what Apple is trying to stop.

Even so, it's a really odd pick for encryption.

Re:Oh look, we can scramble a binary.

[binarybum]

"Hi, I'm a PC."
"And I'm a Mac. My insides are all scrambled up. It protects me from dangerous crackers."
"All scrambled up?"
"Yep, that's right, my most important parts are very heavily scrambled."
"Does it hurt when you poop?"
"like you wouldn't believe"

Re:Signed binaries = good, encrypted binaries = ba

[Bastian]

If you purchase a physical item, do you still think of it as the seller's property after you've paid for it and taken it home?

When I purchase a car, the car is my property. Honda is not trampling on my liberties by not giving me all the CAD files and whatnot that were used to make my car.