Re: [Fsfe-uk] BBC's DRM Iplayer windows only

[Chris Croughton]

On Tue, Jan 01, 2008 at 03:08:18PM +0000, Ralph Corderoy wrote:
> 
> Hi Chris,
> 
> > x86 machine code is over the head of 90% or more even if you include
> > virus writers.  I spent several years writing x96 assembler, and I
> > certainly wouldn't take on the task of decoding an executable without
> > a lot of pay and some expensive tools.
> 
> Even though the percentage is small, I think the actual number is
> probably large enough.  And it's not too hard just a little tedious so
> motivation has to be strong.

Well, that's what I said, I wouldn't do it without being paid for it.

> I've taken 64KiB of symbol-less ARM
> binary, disassembled it to mnemonics, and then annotated it, e.g.
> function names, variables, etc., to find out the logic implemented by
> this bootloader on an embedded system.  Given the CPU's datasheets the
> code typically has to interact with the hardware to start doing
> something useful and you can work bottom-up from that and top-down from
> the entry address.

ARM is pretty easy, mostly fixed length instructions and a regular
instruction set (OK, 2 instruction sets if you have Thumb code).

(When did you last see a Windows GUI exe which was only 64KiB?  I just
had a look on my system, the only ones I can find under 100KiB are
command-line ones, most of the GUI ones are in megabytes.)

> Similarly, a program running on Windows would have to talk to libraries
> and the kernel and so they're points to work back from.

However it's also likely to be written in MS's weird C++ variant, or C#,
and with loads of OO stuff.  I've looked at the code generated for even
simple things and it's not easy to decode even with the source.  Almost
all calls end up using a vtable of some kind, often with load-time
links, it gets very messy.

I didn't say that it couldn't be done (although translating it back to
anything at all resembling the original source is highly unlikely), but
you do need the motivation.  And that's why such things tend to be
reasonably secure, because few people have that sort of motivation unless
they can make money from it.  Just doing it to watch some low-quality
programmes from the BBC which you can probably get in high quality via
torrent isn't much motivation (everything I've wanted to "watch again"
-- actually usually for the first and only time -- from the BBC I've
been able to find via Mininova, and most of them are things the BBC
wouldn't be making available anyway, or not within the time period I
need them (if I'm away for a couple of weeks and want to catch up on
Doctor Who, for instance)).

It's the cost of breaking it versus the potential gain of doing it.
That's how most security works, you just have to make it hard enough
that it isn't worthwhile breaking it, not make it impossible to break.

Chris C