Originally posted by discordian
View Post
How can you be sure that the "talking to the remote part" part of the software hasn't been overwritten with "NOP"s and replaced with a routine that simply says "success" ?
Case in point, that's a (over simplified) view of how busting a gaming console's protection works.
Unless you actually need to rely on some process that *happens inside* the remote, and thus are *required* to contact the remote (e.g.: use the TPM to decrypt some DRMed media), the OS might unknowingly have been modified in such a way that it never actually contacts the remote. (1)
Again, once you let arbitrary code run, you can't guarantee anything anymore. Including the capability from within the unsigned OS to actually realize that the OS is indeed unsigned.
An unsigned OS could run any arbitrary command set that wasn't validated by the signatory. Including code that simply "NOP"s out any attempt at detecting the absence of signature.
That's why you have things like Sony's Xperia (and other opendevices), once they have been unlocked and allowed to run unsigned code, will always display a warning message instead of the standard boot logo.
Because indeed, there's no way to guarantee anything anymore.
----
(1) - which is also the only point where gaming console hacking is limited. As long as you only run games locally, you can patch out any attempt for the game to detect that its running on an unauthorised OS (E.g.: imports, pirate copies, etc.)
As soon as the game *needs* by design to talk to online servers (e.g.: for online multiplay) the game might be patching into thinking that everything is going well, but the remote server can detetc somethign fishy and ban the account.
Leave a comment: