News:

I have updated the spam detection on registrations, and as such I am enabling new users.  If we have spam, I will change it back to by approval.

Main Menu

Cryptographic web of trust

Started by bushing, June 01, 2005, 02:24:06 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

bushing

June 01, 2005, 02:24:06 AM
I've seen a lot of speculation as to what needs to be signed and what doesn't, so I'd like to put my thoughts down, because I think that I can at least answer that question.

phatd checks signatures on the following files:

  • exec.ini [i believe]
  • all of the players it runs out of exec.ini
  • pkeys2.e
  • /dos/nmp3
  • stuff in the plugins directory that it runs [i believe]
  • /dos/aadec
  • /dos/hdparm
  • playlists it loads

51d verifies the following signatures:
  • firmware.pac
  • boot.pac
  • boot5.pac
  • hdparm
  • progpld
  • blank.bif
  • prog.bif
  • anything which it would then run due to a SHELL directive
  • swgrli
  • some other file, in a function called "check_replacement_prog"

That leaves the following unaccounted for (ie, with signatures, but I can't find anything that checks them):
  • 51d
  • linux
  • phatd
  • pkeysa
  • ramdisk
  • rc.sh

The keys to verify those signatures are presumably in pkeys2.e.

Linux is not verifying any signatures; neither is busybox.  You can confirm this yourself by checking the phatnoise-provided sources:

http://unix.phatnoise.com/src/linux-2.4.18-rmk3-crypt1-20041101.tar.gz

http://unix.phatnoise.com/src/busybox-0.52-pn1.tar.gz

Now, this presumably means that all of those signatues are being verified by the boot ROM, and being verified using a key contained in the boot rom itself -- otherwise, we could just stick our own key in pkey2 and resign all of the other files.  (I'm still working on finding a way to use their signatures to verify their own binaries, so we can prove they are real signatures).

(someday, I'll edit this with a real diagram...)
Ben

judb

#1
June 01, 2005, 02:36:30 AM
I agree with your statements... I think we could either extract the key from memory using the JTAG interface or just replace the key if we could do it whole sale, unless the key is also stored on the drive itself in the magic sectors... hmmm

bushing

#2
June 01, 2005, 04:12:47 AM
QuoteI agree with your statements... I think we could either extract the key from memory using the JTAG interface or just replace the key if we could do it whole sale, unless the key is also stored on the drive itself in the magic sectors... hmmm


In theory, if we could figure out how to do it, we could replace ALL of the keys EVERYWHERE with a different key, and be good to go.  We'll see what we can manage.

I ordered both a JTAG and a serial-level-converter cable, but I'm beginning to believe we will be able to extract the rom image through the serial port, using the boot rom jumper...

-b
Print
Go Up Pages1
User actions