Practically speaking, people already have cell phones that are impossible to own, because in many cases, users are not allowed to unlock the bootloaders of their phones.
Only with a client server model like in multiplayer or always online games. DRM is a conceptual scam. This kind of attack is unpatchable. It’s essentially a blue pill attack against a single program.
I think Denuvo technically does a little bit of this.
I forgot the exact details, but one of the keys that’s used to unscramble the bytecode has to be downloaded from their registry server on first launch.
Although that still never totally protects it. I’ve seen a fair few number of passionate game communities bring online-only games back from the dead by reverse engineering the server architecture. It’s a lot of work, but if you know how the software is supposed to function then you can write the other half of the software that gives the response to make that work.
Yeah, I can see that. I’m thinking of streaming assets and code on demand, similar to how an optical disk works. It’s a terrible waste of resources, and they can be grabbed if they are not cryptographically secured.
That would protect the IP, but the response time is terrible. Pinging Google.com I get a response time of about 80 ms. At that delay, everything would feel spongy and laggy.
It’s totally possible to achieve. TPM is the desktop equivalent of the technology that runs on your cellphone to have apps detect if you have an unlocked bootloader or root. It’s the same technology prevents your favorite concole (ie: switch 2, ect) from running pirated games.
This improved security does come at a price: we/the users are the enemy and cannot be trusted. This means modifying your system will be prohibited and we (the consumer) will have to trust that Big Tech has our best interests in mind. /s
It’s all built on top of the concept of “a chain of trust”, starting at the hardware level.
(as mentioned) TPM is a chip that’ll store encryption keys at a hardware level and retrieval of these keys can only happen if the hardware is unmodified.
I assume that part of this key is derived from aspects of your OS (ie: all device drivers are signed by MS).
The OS will fetch this key, if it’s valid - the OS knows that the hardware is untampered, it can then verify that the OS is unmodified, which can then be used by application to determine that their not modified, etc.
Now you could spoof your own TPM chip (similar to how Switch 1’s are chipped/nodded), but the deal-breaker is that when you add your key to the TPM chip, you sign it with a hardware vendor specific public key. And that vendor private key is baked into the hardware (often into the CPU, so the private key never crosses the hardware bus).
I don’t think this is matter of mathematics, it is difficult to define what “software only running on desired machine” is. Like, do you permit functionally equal software with different code? With painstaking effort, functionality should be approximated fairly close (although idk what that means in mathematical context)
On the other hand, requiring exact code is likely not what they want.
Cryptographic guarantee requires mathematical specification, which seems ill-fit in this scenario.
On the one hand software freedom.
On the other this has me thinking about how fascinating this problem is from academic standpoint.
How can you ensure software can ONLY run on the machines you allow? Even if the user has ring 0 access?
Is it mathematically impossible to achieve?
Practically speaking, people already have cell phones that are impossible to own, because in many cases, users are not allowed to unlock the bootloaders of their phones.
Only with a client server model like in multiplayer or always online games. DRM is a conceptual scam. This kind of attack is unpatchable. It’s essentially a blue pill attack against a single program.
SAAS. You never install the entire application. Large parts of the engine never run locally.
I think Denuvo technically does a little bit of this.
I forgot the exact details, but one of the keys that’s used to unscramble the bytecode has to be downloaded from their registry server on first launch.
But after that, it’s not required.
Although that still never totally protects it. I’ve seen a fair few number of passionate game communities bring online-only games back from the dead by reverse engineering the server architecture. It’s a lot of work, but if you know how the software is supposed to function then you can write the other half of the software that gives the response to make that work.
Yeah, I can see that. I’m thinking of streaming assets and code on demand, similar to how an optical disk works. It’s a terrible waste of resources, and they can be grabbed if they are not cryptographically secured.
Even that, a dedicated player can capture it. If it has to be rendered on the device then they have access to the assets.
City of heroes is a big example
The original code for that was leaked, most if not all replacement servers run that code, not reverse engineered code.
Or use the cloud gaming approach and just stream the video, no local engine at all!
That would protect the IP, but the response time is terrible. Pinging Google.com I get a response time of about 80 ms. At that delay, everything would feel spongy and laggy.
If they cared about your experience they wouldn’t be using intrusive DRM at all.
It’s totally possible to achieve. TPM is the desktop equivalent of the technology that runs on your cellphone to have apps detect if you have an unlocked bootloader or root. It’s the same technology prevents your favorite concole (ie: switch 2, ect) from running pirated games.
This improved security does come at a price: we/the users are the enemy and cannot be trusted. This means modifying your system will be prohibited and we (the consumer) will have to trust that Big Tech has our best interests in mind. /s
What’s preventing spoofing this with a fake implementation?
To expand on this a bit:
It’s all built on top of the concept of “a chain of trust”, starting at the hardware level.
(as mentioned) TPM is a chip that’ll store encryption keys at a hardware level and retrieval of these keys can only happen if the hardware is unmodified.
I assume that part of this key is derived from aspects of your OS (ie: all device drivers are signed by MS).
The OS will fetch this key, if it’s valid - the OS knows that the hardware is untampered, it can then verify that the OS is unmodified, which can then be used by application to determine that their not modified, etc.
Now you could spoof your own TPM chip (similar to how Switch 1’s are chipped/nodded), but the deal-breaker is that when you add your key to the TPM chip, you sign it with a hardware vendor specific public key. And that vendor private key is baked into the hardware (often into the CPU, so the private key never crosses the hardware bus).
Cryptography.
I don’t think this is matter of mathematics, it is difficult to define what “software only running on desired machine” is. Like, do you permit functionally equal software with different code? With painstaking effort, functionality should be approximated fairly close (although idk what that means in mathematical context) On the other hand, requiring exact code is likely not what they want.
Cryptographic guarantee requires mathematical specification, which seems ill-fit in this scenario.
Yes