Author Topic: Conclusions #1  (Read 10616 times)

0 Members and 1 Guest are viewing this topic.

Offline para

  • Senior Member
  • Veteran.
  • *****
  • Posts: 181
Conclusions #1
« on: March 27, 2005, 12:35:53 am »
Ok, from my point of view it's time to sum up some of our findings here and discuss them on a general (not too technical) level.

1) All interesting files on the DMS are signed
2) The DMS disk (its unique data like serial, etc.) seems to be signed
3) The firmware is checked by a non-accessible bootloader
4) Signed files are (compared to encryption) validated by public-keys only

These four basic findings lead me to the impression that it's going to be very hard to hack the DMS as these guys @Phatnoise (yes, I do mean you) knew what they'd done - no wonder, they're (were?) people like us! As long as we don't devise a way of using some still undiscovered bugs I can only imagine some hardware solution. We either might recode their initial bootloader (assuming it's an EEPROM) and/or try to manipulate the harddisk's firmware. Both of which I havn't done yet :-/

Time to discuss, and please keep it on a general level as the detailed technical means should be discussed in their respective threads...

Para
« Last Edit: March 27, 2005, 12:37:31 am by para »

Offline AndyMan

  • Getting the hang of things.
  • **
  • Posts: 75
Re: Conclusions #1
« Reply #1 on: March 27, 2005, 03:16:03 am »
I'm not holding out much hope of getting the rc.sh signed by Brendan (more's the pity) because I think it may just have worked... the hardware to accomplish this still has not arived BUT they tell me it'll be available later this week.

basically, I wanted to load hdb rather than hda in the drive map (Vince, if you're looking) would this be futile??

Brendan, any chance of getting the script signed?
« Last Edit: March 27, 2005, 03:16:18 am by AndyMan »

Offline para

  • Senior Member
  • Veteran.
  • *****
  • Posts: 181
Re: Conclusions #1
« Reply #2 on: March 27, 2005, 12:35:44 pm »
What I wanted to say is: changing files (or patching code) is not an option at the moment so let's discuss other possibilities. Of course this doesn't mean to give up any research in these areas...