Re: A89: The logic behing signined and unsigned programs!


[Prev][Next][Index][Thread]

Re: A89: The logic behing signined and unsigned programs!




>How would you actually sell it and prevent piracy?  One of the only ways to
>do it would be to require you to type in your serial # on a webpage, and
>have the page generate a custom installer program that you download only
>after you pay.  Not such an easy website to setup.
>
>Bryan
>

That's exactly what I want to know.  If they did a custom generation of
certificates, where is the serial number placed?  If it is unencrypted,
there is no challenge to get it to work on your own calculator (read:
piracy galore)

If it is encrypted, then with what key is it encrypted?  If it is encrypted
with TI's secret key, it would be easy to get a hold of the key yourself.

So what exactly _is_ TI's strategy?  I bet that either TI or the sdk
generates a private-public key pair.  The public key is put in with the
source itself which is then signed (i.e. no cheap modifications to the
key), and your serial number is signed with the private key, and then put
into a certificate.  The rom then probably verifies both the program
checksum and the certificate validity before executing the program.

Face it, we are *screwed* unless the bootloader contains only the
bootloader and the RSA public key.  If for example the verification
routines are written in the writable part of the flashrom, at least the HW1
people will get free programs.

<grin> There _will_ be an market for the HW1 calcs if we can devise a hack
for the rom.  Can you say *free* everything?

-Zavyman
felix@megsinet.net




References: