Slashdot Log In
How Encrypted Binaries Work In Mac OS X
Posted by
ScuttleMonkey
on Mon Oct 30, 2006 06:13 PM
from the under-the-hood dept.
from the under-the-hood dept.
An anonymous reader writes "By now we know that OS X uses encrypted binaries for some critical apps like Dock, Finder and LoginWindow. Amit Singh explains the implementation of this protection scheme which makes use of the AES crypto algorithm and a special memory pager in Mach. The so called Do Not Steal Mac OS X (DSMOS) kernel extension helps along the way by decrypting things for the special pager when apps get executed. A funny thing is that if you print the pointer at address 0xFFFF1600 in your own app you get as output Apple's karma poem for crackers! According to the article there are 8 protected binaries in OSX including Rosetta and Spotlight meta data demon. Interestingly Apple's window server is NOT one of those."
This discussion has been archived.
No new comments can be posted.
How Encrypted Binaries Work In Mac OS X
|
Log In/Create an Account
| Top
| 365 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
It sure was simpler back in the day! (Score:5, Interesting)
(Last Journal: Thursday May 27 2004, @02:14AM)
http://www.folklore.org/StoryView.py?project=Maci
History repeating!
One reason not to encrypt the windowing system (Score:3, Informative)
Re:One reason not to encrypt the windowing system (Score:5, Informative)
(http://pyile.com/ | Last Journal: Tuesday December 19 2006, @01:33PM)
Originally, developers could inject their own menus into it if they figured out Apple's undocumented API for it. However, Apple shut that down (in 10.2, I think) since an unstable menu would destabilize all of Apple's menus. They're all run in the same address space, presumably to allow Apple to cut some corners in their command-drag reordering system. After 10.2, some developers hacked it to allow them to inject other menus into it. Maybe that's what Apple is trying to stop.
Even so, it's a really odd pick for encryption.
whoa, people still like Apple? (Score:2, Insightful)
Actually, I *didn't* know that. I'm not going to "steal" the OS, why is Apple hiding parts of it from me? What else is hiding in there?
Apple seems to be very slowly turning evil again. *sigh*
Broken Encryption (Score:1)
(http://toastytech.com/evil/billsucks.html)
Thank you JaS.
http://www.kore-net.com/office/1.png [kore-net.com]
Typo? (Score:2, Funny)
(http://www.basilisk-digital.ch/)
DSMOS - Do Steal Mac OS?
DRM binaries eliminate competition (Score:3, Interesting)
and would I guess that they are planning to, but letting Apple pull it first, as Apple can get away with it.
Microsoft: "Apple used DRM music first, so locking everyone into our music player with DRM/Encrypted-Music is no worse".
Microsoft: "Apple used DRM binaries first, so locking everyone into our OS and Applications with DRM/Encrypted-Binaries is no worse".
where does dsmos_page_transform() get the key? (Score:1)
I need to put the controller down... (Score:1)
duh? (Score:2)
(http://www.lightandmatter.com/)
DSMOS (Score:2, Redundant)
(http://www.krunk4ever.com/)
Where is the HOWTO? (Score:2)
(http://www.mithral.com/~beberg/)
Where is the tutorial on how to get our own apps loaded into this special no-pageout protected memory area so that they aren't screwed up by idiots clicking "yes" on a web popup? Every bit of protection helps.
What a waste of resources (Score:2)
(http://www.ev4.org/)
Their developers are struggling against the cracking groups instead of improving the product, and every end user has to waste processor cycles running this crap and decrypting these binaries. Meanwhile, every version will eventually get cracked and put up on a p2p network.
Whatever Apple do, people will run pirate copies of OSX... But it doesn't run quite so well, it's slow and unstable... Even so, it lets far more people get experience with the OS than would have otherwise, i know several people who ran pirated osx on generic whiteboxes and then went out and bought a mac. Widespread piracy never hurt microsoft either, do you really think windows would be so prevelant in asia and russia if everyone had to pay full price for it?
A pirated OSX is a sub standard experience, like running a demo, and the people who pirate it are people who would never have bought macs to start with... Isn't it better to give them a taster in the hope that a few of them will change their opinion and buy a mac having had a small experience of osx?
From my experience, one of the guys i mentioned above hadn't used a mac since the days of system 7, and didn't like those old versions of macos at all. He'd heard OSX was much better, but had never used it and wasn't willing to buy a mac just to try it... Having run a pirated OSX for a couple of weeks, he bought an imac and now has a macbook too.
DSMOS (Score:1)
The Assimilation of Apple continues... (Score:2)
Windows XP running on Apple machines...
Encrypted binaries....
Ethical way to dump Apple's hardware requirements? (Score:3, Interesting)
(http://www.scarydevil.com/~peter/ | Last Journal: Monday September 26 2005, @06:53PM)
How about buying a Thinkpad and a Mac mini Core Duo, destroying the mini, and running that licensed copy of OS X on the Thinkpad?
Probably still illegal, but should be on firm ethical ground. Apple got their money, and I'm not running the OS on two machines.
Is this really a "feature"? (Score:3, Interesting)
I think Linux does the same thing, although I haven't checked. Somehow, this just feels wrong to me. If it's not a valid binary, and doesn't start with #!, why not just fail? Why keep trying?
Lack of details (Score:1)
- How is the decryption key protected ? If it is included in the kernel binary you can read it.
- How is the kernel protected? Can you write a modified kernel that use the kernel extension unmodified and allows you to look at the decrypted code ?
- Can you run the kernel on an emulator (on a mac) that relays the calls to the TC chip so that the kernel thinks it is on a Mac while making it possible for you to look at the decrypted code and package an unencrypted binary back ? If not, why ?
These are some of the things I'd be interested in knowing.
Re:Signed binaries = good, encrypted binaries = ba (Score:2)
(http://www.indistinct.net)
What you see here is obfuscation.
Re:Signed binaries = good, encrypted binaries = ba (Score:2)
(Last Journal: Tuesday September 13 2005, @03:45PM)
Re:Signed binaries = good, encrypted binaries = ba (Score:4, Insightful)
Uh, it might be a "fundamental Freedom" if you had a "fundamental Right" of some sort to do as you wish with other people's IP. Unfortunately, you don't. A significant number of people make a good living for themselves and their families working for companies that, while being very understanding and supportive of the free software movement in its proper place, gain competitive advantage over their peers by employing the best intellectual talent to solve problems with technological solutions that if copied would eliminate any sort of advantage that company may have in solving a certain problem.
Re:Signed binaries = good, encrypted binaries = ba (Score:5, Insightful)
When I purchase a car, the car is my property. Honda is not trampling on my liberties by not giving me all the CAD files and whatnot that were used to make my car.
Re:Some poem (Score:1)
(Last Journal: Thursday May 27 2004, @02:14AM)
Re:Signed binaries = good, encrypted binaries = ba (Score:2)
What MacOS X does, is try to start the application. If it's encrypted, it's decrypted as part of the load process into memory. If not, well, it's not. I'm certain you can replace OS X's encrypted binaries with unencrypted ones of equivalent functionality - it just won't go through the same code path since it doesn't need decryption. This way, during development, the software isn't signed and it's trivial to get working (rather than having to constantly resign it as part of the build process). Once finalized, it's encrypted, and unless the kernel has a bug, it should work the as if it was unencrypted.
Anyhow, when has DRM really stopped anyone determined to break it? Those who are going through the effort to break this are either doing it for fun, or aren't buying a Mac. I can think of one way to grab the decrypted code right out of memory... (requires external hardware). I'm sure someone else creative can figure it out. There are probably another dozen ways to do it without needing external hardware as well.
How hard is reverse engineering? (Score:2)
(Last Journal: Wednesday December 13 2006, @06:43PM)
Just wondering. How easy is it to reverse-engineer a massive closed-source piece of software (like, say, MS Windows)?
Such a reverse-engineering job would be of obvious commercial interest (especially to parties who work in countries with lax regulatory regimes), so there is an obvious incentive to do it.
However, my "armchair" estimation is that it is nearly impossible, since there exist parts of the world with large numbers of skilled computer scientists, and lax copyright laws. But so far there is no evidence that anyone has reverse-engineered Windows, or anything similar, on a large scale (e.g., I am not aware of any Russian web sites where you can download source of closed programs).
However, I am not a software engineer. Are there any experts out there who can enlighten me? I'm rather curious.
Re:Love mac - hate some of the choices (Score:1)
And honestly,unless your Mac is pretty old the Dock is hardly that massive of a resource hog.
why bother? (Score:4, Interesting)
Re:Signed binaries = good, encrypted binaries = ba (Score:4, Insightful)
It's easy to make up freedom definitions (Score:2)
(Last Journal: Sunday October 02 2005, @03:43AM)
I want to be free!" - Frank Zappa, "Teenage Wind"
Re:Signed binaries = good, encrypted binaries = ba (Score:3, Interesting)
I think a patent was just filed for this kind of technology.
Re:Oh look, we can scramble a binary. (Score:5, Funny)
(http://slashdot.org/)
"And I'm a Mac. My insides are all scrambled up. It protects me from dangerous crackers."
"All scrambled up?"
"Yep, that's right, my most important parts are very heavily scrambled."
"Does it hurt when you poop?"
"like you wouldn't believe"
Re:Oh look, we can scramble a binary. (Score:4, Funny)
(http://slashdot.org/)
Re:Signed binaries = good, encrypted binaries = ba (Score:2)
(http://emulation.victoly.com/ | Last Journal: Thursday November 30 2006, @06:03PM)
I know... I shouldn't feed trolls.... Maybe I should have taken offense at the insinuation that all GNU freaks have beards (including the women) instead....
Re:A nice benefit of this... (Score:3, Insightful)
(Last Journal: Thursday December 09 2004, @09:25AM)
Re:Printing 0xFFFF1600 ? (Score:3, Funny)
I'm running 10.2.8 - quite old. Printing 0xFFFF1600 as a string with printf causes a seg. fault on my box.
well that's one hell of an Easter egg!
Re:Mac Zealot Moderator Alert (Score:3, Interesting)
(http://ettlz.blogspot.com/ | Last Journal: Sunday February 12 2006, @06:53PM)
Re:Printing 0xFFFF1600 ? (Score:2)
Same here, version 10.3.9.
Re:Love mac - hate some of the choices (Score:4, Interesting)
"Critical real estate on the menu bar"? Exactly how big is your Spotlight icon? Mine is less than half the size of my little fingernail on my 12" iBook, as big across as the menu bar is thick. I hardly call that "critical" but if that's your opinion, then so be it.
Re:Love mac - hate some of the choices (Score:2)
Except that "locate" doesn't index the contents all your files... including Email. That is what makes spotlight powerful. But yeah, it sucks what the indexer starts at really bad times. Like if you plug in a Firewire drive.
-matthew
Re:Signed binaries = good, encrypted binaries = ba (Score:2)
(http://tsfraser.googlepages.com/index.html)
Re:That poem is scary.. (Score:2)
Re:That poem is scary.. (Score:4, Insightful)
(http://tron.lir.dk/ | Last Journal: Friday November 02 2001, @02:17PM)
Say Chevy offers Radiohead $1 Million to use one of their recordings in a stupid truck ad, and Radiohead refuses. By your logic, Chevy should then have the right to use the recording anyway, because since Radiohead refused to sell them the song they're not losing any money.
You may think it's right, but hundreds of years of copyright law would disagree.
Re:That poem is scary.. (Score:4, Informative)
(http://bdash.net.nz/ | Last Journal: Saturday January 11 2003, @06:42AM)