Was PGP Source, Now : Copy Protection

Nexus nexus at patrol.i-way.co.uk
Tue, 4 Sep 2001 18:53:46 +0100 

----- Original Message -----
From: "Pete Bentley" <pete@sorted.org>
To: <ukcrypto@chiark.greenend.org.uk>
Sent: Tuesday, September 04, 2001 2:58 PM
Subject: Re: PGP source code
[snip]

> >The MAC address can be trivial to change dependant on your OS.
>
> That was Richard's point, I believe.

Yeah I know, I just forgot the "As he said" bit when restating it in a more
overt fashion.

> If the instructions to read the CPU ID register(s) are unprivileged
> (ie can be executed directly by user mode code), then the OS has very
> little say in the matter.  It's only where the system ID is stored in
> a seperate piece of hardware (eg the Sun IDPRAM) where access is
> mediated through a driver in the OS.

I don't care about privs, that's not the point, sorry, let me clarify.
Regardless of what privs a program requires, it has to interact via the OS -
it will need API calls, kernel modules, system libraries.. whatever.   These
factors can be controlled by the owner of the system.   If I write a
modified "passthrough" library then the software will never know that it is
being fooled as it has to "trust" the system files as it were - if it uses
it's own routines then they will probably hook into the system in a specific
way (probably an interrupt) and will be easy to find.

> >From my experience in past lives as a software developer, I'd say that
> a good proportion of them suffer from many holes.  However, your
> average end user is not going to jump in with a disassembler to find
> the holes.

True, but if your business is breaking copyright protection then you will
have the people with the necessary skills to circumvent or remove the
protection - software pirates could do this and then distribute either
cracked versions or a key generator.

> On the one hand it would be a wet dream for copy protectionists, but
> on the other it would be a logistical nightmare for them providing new
> binaries to customers in a timely manner when they changed CPU's for
> legitimate reasons...

*grin* Anyone want any odds on the "ease of use and support" beating
"security" at the Board level ?
Wonder why no-one is using LensLok protection anymore ;-)

Cheers,
            JJ