[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] QEMU as a "virtual smart card"?
From: |
Paul Brook |
Subject: |
Re: [Qemu-devel] QEMU as a "virtual smart card"? |
Date: |
Fri, 4 Sep 2009 13:08:08 +0100 |
User-agent: |
KMail/1.12.0 (Linux/2.6.30-1-amd64; KDE/4.3.0; x86_64; ; ) |
> Assume that I wanted to protect a secret algorithm in some C program.
You're never going to be able to do this. At best you're going to add a few
levels of obfuscation. At worst you're going to give yourself a false sense of
security, while actually making it easier to defeat.
The reason the Windows DRM stuff works is because it's protected by the lowest
level of the OS/hardware, and that protection extends up the whole software
stack. As soon as you loose this link (e.g. by running inside a virtual
machine, or as a userspace application without host kernel magic) then you're
vulnerable to anyone with a copy of gdb.
The whole point of a smartcard is that it's a black box where you can't
observe its operation at all, only its output.
> Normally this is compiled into the machine code of a certain processor
> and there are standard tools (disassembler, debugger) that can be used
> to figure out what the secret algorithm does.
> A virtual machine has a virtual processor. Assume now that I was to
> shuffle around machine instructions both in the processor of the
> virtual machine and in the back-end of my c-compiler. I imagine that
> it would be possible to automate this process (some refactoring tool?)
> and to do some random shuffling.
This is no different from a simple bytecoded execution engine, and fairly
straightforward to reverse-engineer. An experienced hacker will have no
problem writing their own reverse engineering tools to strip away your
obfuscation. Remember that your "encryption" is still native host code, with
any keys plainly visible.
Paul
- [Qemu-devel] QEMU as a "virtual smart card"?, Bud P. Bruegger, 2009/09/01
- Re: [Qemu-devel] QEMU as a "virtual smart card"?, Laurent Vivier, 2009/09/01
- Re: [Qemu-devel] QEMU as a "virtual smart card"?, Jamie Lokier, 2009/09/01
- Re: [Qemu-devel] QEMU as a "virtual smart card"?, Blue Swirl, 2009/09/02
- Re: [Qemu-devel] QEMU as a "virtual smart card"?, Bud P. Bruegger, 2009/09/04
- Re: [Qemu-devel] QEMU as a "virtual smart card"?, Blue Swirl, 2009/09/03
- Re: [Qemu-devel] QEMU as a "virtual smart card"?,
Paul Brook <=
- Re: [Qemu-devel] QEMU as a "virtual smart card"?, Lennart Sorensen, 2009/09/04
- Re: [Qemu-devel] QEMU as a "virtual smart card"?, Bud P. Bruegger, 2009/09/04
- Re: [Qemu-devel] QEMU as a "virtual smart card"?, Jamie Lokier, 2009/09/04
[Qemu-devel] Re: QEMU as a "virtual smart card"?, Paolo Bonzini, 2009/09/02