Rockbox General > Rockbox General Discussion

discourse: why do corporations allow "jailbreaking" and "flashing" at all?

<< < (6/6)

cowonoid:

--- Quote from: soap on August 15, 2010, 03:11:30 PM ---1 - On public key cryptography:  That's all well and good, but processors don't execute cryptotext, they execute plaintext.  The firmware may be encrypted when stored, but is decrypted when run.

Either the firmware is stored in plaintext on the DAP, or the DAP itself must have the key (in order to decrypt the firmware before execution.)

This is the classic struggle, you are selling the end user both the lock and the key, you're just trying your best to hide the key from them.  It MUST be there, though.

--- End quote ---

Oh, the firmware is decrypted from the beginning and is readable by everyone! Only the device won't take the file if the signature, coming with it, is not fitting to the content. And a fully understood firmware is worth nothing if you can't alter it.
For that, it's necessary for the device to "encrypt" at least the signature and thus it has to have the (public) key, thats right. You would give it to the customer, but inside of a read-only filesystem, which is completely locked up. (Even if you could get the public key, you wouldn't have the private key to make own firmware versions trustable for the device..)


--- Quote from: soap on August 15, 2010, 03:11:30 PM ---2 - On a watchdog.  If the watchdog controls behavior by controlling the power lines... bypass it and feed power from somewhere else. 

--- End quote ---

Bypass the watchdog and manually power these little smd copper lines? For 99.99% of the customers this would mean to give it away to an electrician and even he would find it hard if he had to solder a wire to the trace in the middle-layer of the board which leads to the power pins of a BGA package.

soap:
This has been attempted and failed.  This has been attempted and succeeded.  The difference between success and failure can be strongly correlated to the effort put forth by the attackers.  It appears to me you're waving your hand and saying "this can be done in a foolproof manner" and while theoretically that is true, in practice it is not.


--- Quote from: cowonoid on August 15, 2010, 05:42:50 PM ---Bypass the watchdog and manually power these little smd copper lines? For 99.99% of the customers this would mean to give it away to an electrician and even he would find it hard if he had to solder a wire to the trace in the middle-layer of the board which leads to the power pins of a BGA package.

--- End quote ---
Yea, there is no market for console modchips.  ;)
And as I hinted, you don't always need to physically bypass a watchdog.  A watchdog is operating on inputs which can be, and have been, faked.

TexasRockbox:
I suppose the challenge of "getting out of jail" has fueled the demand.  There are plenty of programmers "out there" who seem to be more than willing to program their own devices.  One would think Apple, Microsoft, Cowon, Archos, etc. would try to encourage that activity and incorporate what is learned into the next generation of devices.  Guess not.

I guess it's Apple's worst nightmare that the iPod 5.5g hardware (and others) have survived well into 2010 -- not quite as disposable as they had hoped!   ;D

Navigation

[0] Message Index

[*] Previous page

Go to full version