#57655 - juhees - Mon Oct 17, 2005 5:17 pm
Hi
I've got an Idea on how to protect our DSes from "bad" software. We would need a new firmware and i'm not sure this can be done...
The new firmware would test the signature of the code (1024 bit RSA like a normal DS). But instead of testing for one sig (Nintendos), it would test for 3 sigs and runs the code only, if it is signed with one of the 3 sigs.
The first would be Nintendos (for official, legal games).
The secound would be a sig for the homebrew scene.
The third can be choosen before flashing.
If you write your own program, you would sign it with your own private key and run it for testing on your DS. if you want to share it, you send your sourcecode to a thrusted person (only he - or a few thrusted persons - has the private key from the homebrew sig), he tests your program and take a look at the sources. Than signes it and sends it back. This programm can now run on all flashed DSes and can be shared any way you want.
Can unthrusted Software run on your DS?
No, only Software form Nintendo, tested by a thrusted person or written by you.
How can I share a beta version for quick testing?
Send it unsigned. If someone wants to try it, he has to thrust you and signe it himself (with his key).
What if i don't want to share my sourcecode?
You don't make it open source, you just show it one person. If you don't want to do that, you will have to life with it and share it unsigned (so anyone will know that he has to be carefull...)
Can I run everything i download anywhere?
You can try it. If it runs, it's tested, "not bad" code. If it's a virus, some pirated stuff or any other suspicios code, it will never get a signature! So it will not work and you are save.
Would this work?
Juhees
#57656 - SevenString - Mon Oct 17, 2005 5:40 pm
| Quote: |
| If someone wants to try it, he has to thrust you... |
Let me be the first to say it: I'll pass on that part of the process.
_________________
"Artificial Intelligence is no match for natural stupidity."
#57667 - MaHe - Mon Oct 17, 2005 6:19 pm
LoL :D
#57670 - JaJa - Mon Oct 17, 2005 6:37 pm
But if someone says "Play my new doom demo" and you sign it, it could still brick your DS. Darkfader was the only one who could really do this. Whilst signing may seem like a good idea, i don't like the fact that one group of people get to control signing.
A better idea is to only download from trused sites like www.ndshb.com or the DSlinux pages.
Lynx checks all the stuff he puts up for download.
Also don't use any "R0mz l0ad3rs" and you'll be safer.
#57673 - juhees - Mon Oct 17, 2005 6:53 pm
| JaJa wrote: |
But if someone says "Play my new doom demo" and you sign it, it could still brick your DS. Darkfader was the only one who could really do this. Whilst signing may seem like a good idea, i don't like the fact that one group of people get to control signing.
A better idea is to only download from trused sites like www.ndshb.com or the DSlinux pages.
Lynx checks all the stuff he puts up for download.
Also don't use any "R0mz l0ad3rs" and you'll be safer. |
You don't like that a few people have the control over the signing but you're fine with a few people have control over the thrusted sites? Seems to be the same for me...
What about new smaler webpages with collections of the "best homebrew tetris versions" or the "top 10 graphic demos"? You wouldn't thrust these guyes and have to seek for these programs on thrusted sites... But you could download homebrew and homebrew collections from everywhere (including p2p), because only thrused code gets a sig!
Do you thrust pouet.net? Never heared of it? It's a big demo site with tons of demos for the gba, perhaps someday for the DS. you don't know it you don't thrust it, but there you have a good sorted collection of graphic demos with 0 searching.
This is where i see the advantage in the key thing.
#57677 - 0xtob - Mon Oct 17, 2005 7:25 pm
I don't know if anything like this is possible at all with the community's present knowledge of the firmware, but another idea would be to include a warning in the firmware that pops up if a homebrew program is unsigned, so you wouldn't have to sign unsigned code before running it.
But I think this sould be left an option. People who want the security could flash the new firmware, people who don't want it sould still be able to run all homebrew, signed or unsigned, with the current FlashMe.
Tob
#57680 - Legolas - Mon Oct 17, 2005 7:31 pm
I think that is not matter of reinventing the wheel. Why don't try to make a pc app that check if a ds file try to write on the firmware address? It could be feasible to use dualis sources for this stuff?
_________________
My homepage!
#57687 - juhees - Mon Oct 17, 2005 7:46 pm
| Legolas wrote: |
| Why don't try to make a pc app that check if a ds file try to write on the firmware address? |
That routine could be crypted and gets decrypted and executed only once in 10 runs (and only if it doesn't detect an emu)...
You can't check for that maschine instruction and you can't run it to see if that instruction gets executed.
But you could write a virus scaner for already known virii. This could run from gbamp on your ds (build in in your multiboot loader program?). If you try to run a known virus it just prints "i can't do that dave..." ;-)
Would be a easy alternative to new firmware.
#57690 - natrium42 - Mon Oct 17, 2005 7:48 pm
This thread is a joke.
Do you also run only trusted software on your computer? I think not.
Do you sign the programs you write for PC with the HobbyProgrammersKey? I think not.
Guess what, anybody could trash your motherboard's BIOS or format the hard drive. Ever heard of rootkits? And still you download software from shady non-trusted sites.
BTW, any coder who has enough skills to read a simple datasheet could easily write a NDS bricker... in 5 minutes. But why would a person who spends his spare time writing homebrew games and applications (generally for fun and recognition) shoot himself in the foot by releasing a bricker? The very idea of "all homebrewers" (as if they form a tightly-knit comany) uniting in their evil quest to brick every DS out there is quite stupid and out-of touch with reality. And frankly, it's also quite insulting.
/end of rant
_________________
www.natrium42.com
#57695 - DsPet - Mon Oct 17, 2005 8:03 pm
> This thread is a joke.
And mostly redundant too
Although this thread proposes a different implementation, the main idea, tradeoffs and criticism are discussed here:
http://forum.gbadev.org/viewtopic.php?t=7147&highlight=
My much simpler solution: USE FLASHME !!
#57696 - mike260 - Mon Oct 17, 2005 8:11 pm
Here's an alternative proposal:
If some idiot bricks your DS, you tell everyone. Then noone trusts the culprit ever again.
#57701 - tepples - Mon Oct 17, 2005 8:53 pm
| natrium42 wrote: |
| Guess what, anybody could trash your motherboard's BIOS or format the hard drive. |
Nope. Windows, Mac OS X, BSD, and Linux have memory and I/O protection. Only an app running as admin can access hard drive sectors by number or overwrite the BIOS chip. Besides, a lot of motherboards have a double-size BIOS chip to allow for anti-brick protection as part of the POST (power-on self-test), such that if the content of the BIOS chip doesn't match the encrypted checksum, it falls back to the last known good configuration in the other half of the flash chip.
Consoles, on the other hand, generally don't have such a full-featured privilege system. Licensed games run as admin, and the intent is that everything else doesn't run at all.
_________________
-- Where is he?
-- Who?
-- You know, the human.
-- I think he moved to Tilwick.
#57702 - dXtr - Mon Oct 17, 2005 8:54 pm
| natrium42 wrote: |
This thread is a joke.
Do you also run only trusted software on your computer? I think not.
Do you sign the programs you write for PC with the HobbyProgrammersKey? I think not.
Guess what, anybody could trash your motherboard's BIOS or format the hard drive. Ever heard of rootkits? And still you download software from shady non-trusted sites.
|
this is what I have been thinking in every thread I've read involving this topic here ;D
to make this threads even more ridiculus :P
when you are out shopping (just as an example) an apple.. do you check the brand of the apple with a trusted apple-farmers list so you know that none injected poison in it?
edit:
forgot to add:
if all are so scared I'd be happy to test ALL DS apps you don't dare run in the future.. b\c the state the scene is in now is just ridiculus
#57707 - Abscissa - Mon Oct 17, 2005 9:08 pm
| juhees wrote: |
You don't like that a few people have the control over the signing but you're fine with a few people have control over the thrusted sites? Seems to be the same for me...
What about new smaler webpages with collections of the "best homebrew tetris versions" or the "top 10 graphic demos"? You wouldn't thrust these guyes and have to seek for these programs on thrusted sites... But you could download homebrew and homebrew collections from everywhere (including p2p), because only thrused code gets a sig!
Do you thrust pouet.net? Never heared of it? It's a big demo site with tons of demos for the gba, perhaps someday for the DS. you don't know it you don't thrust it, but there you have a good sorted collection of graphic demos with 0 searching.
This is where i see the advantage in the key thing. |
Just FYI, it's "trust", not "thrust". ;)
_________________
Useless Rants a.k.a. My futile attempts at rationalizing my unreasonable reluctance to call my site a 'blog'.
#57710 - juhees - Mon Oct 17, 2005 9:27 pm
| natrium42 wrote: |
This thread is a joke.
Do you also run only trusted software on your computer? I think not.
Do you sign the programs you write for PC with the HobbyProgrammersKey? I think not.
Guess what, anybody could trash your motherboard's BIOS or format the hard drive. Ever heard of rootkits? And still you download software from shady non-trusted sites.
|
Thats why I have some firewall and anti-virus software on my win pc and only go online with linux.
| natrium42 wrote: |
BTW, any coder who has enough skills to read a simple datasheet could easily write a NDS bricker... in 5 minutes.
|
Now thats an argument not to care about my DS...
But i see, every thread with "bricker" or "virus" in it will turn into a useless flamewar after a few hours. Never mind, it was just an idea.
#58005 - darkfader - Wed Oct 19, 2005 11:06 pm
| mike260 wrote: |
Here's an alternative proposal:
If some idiot bricks your DS, you tell everyone. Then noone trusts the culprit ever again. |
Yeah. It might even end up on all news sites or something.
You say nobody will ever trust me again? :/
#58008 - deltro - Wed Oct 19, 2005 11:54 pm
Yea, you kind of fucked yourself :) move, get a new nickname- domain- and all that jazz.
PS: I still trust you :), waiting for r0mloader2 :o
#58076 - dXtr - Thu Oct 20, 2005 5:37 pm
| darkfader wrote: |
Yeah. It might even end up on all news sites or something.
You say nobody will ever trust me again? :/ |
I can speak for others.. but atleast I trust you. sure I can agree with lots of other people that this was alittle unnecessary to release that thing. but I can see you atleast trying you're best to make up for that misstake.
just thought of something that matches this subject kind of nice
"we learn from our misstakes"
_________________
go back to coding and stop screaming wolf :)
#58093 - JaJa - Thu Oct 20, 2005 7:51 pm
I was browsing the forum and came across your post dated Apr 11 2005.
You were talking about how the DS firmware is unprotected and it was your idea to put recovery code in.
In some ways we must thank you darkfader.
#60841 - pixxel - Tue Nov 15, 2005 7:31 am
| JaJa wrote: |
I was browsing the forum and came across your post dated Apr 11 2005.
You were talking about how the DS firmware is unprotected and it was your idea to put recovery code in.
In some ways we must thank you darkfader. |
i think we all owe df a lot more than that, without his work id be suprised if we had passmes/wifimes/flashmes at all. df has done a GREAT deal of good work for the ds scene, and one single dumbass thing.
i know exactly how he feels, i used to write millions of 'doors' (games) for BBSs on the amiga, got quite a name for myself. then randomly when drunk decided to add an evil back door to one of my most popular doors...and used it to take control of another persons bbs. clever me picked on a part time police officers bbs. eventually i did recover from the complete humilation and the complete lack of trust i gained, but i never wrote another door, and my old (trojan free) doors soon disapeared completely.
at least df was doing what he was doing for the right reasons, even if they were slightly misguided and it was all blown out of proportion. i actually know someone who bricked his ds with it tho. good thing is he was a dumb pirate and it allowed me to laugh at him (i even loaned him my passme coz he wanted to try it)...i did tell him to put flashme on (mainly so i could get my passme back sooner)...but he wanted to see if the loader worked before he 'risked' flashing his firmware. i can assure u he feels rather silly.
end of the day we all do stupid things, sometimes not accidently, we just dont see what we are getting into. just look at katie holmes ;)
#60854 - thos_thom - Tue Nov 15, 2005 11:36 am
A signing process is not impossible to set up, but from experience it requires management and someone to do testing. These things both take time, and therfore cost money. Perhaps wait till somone is making money from homebrew before giving people a setup cost to run apps on your hardware.
Ive seen apps ignore a signing proceses time and time again and still achieve market penetration. That, and this is overkill for a comunity such as this for a problem that could easily be solved by *keeping your eyes open*.
but if you prefer to sleep while running homebrew.
_________________
--------------
^thom(as)?
--------------