NewLC - How do they crack our software?(3rd ed) - Comments

Re: How do they crack our software?(3rd ed)

puterman — Thu, 20 Mar 2008 16:15:14 +0100

One thing that seems to have gone missing from this discussion is that Symbian Signed was never intended to be an anti-cracking mechanism. If you're not used to thinking about computer security, it's easy to make the mistake of thinking of security in binary terms: either there's security or there's no security. However, there are always different aspects of security. One security measure can't protect you from all possible attacks.

Symbian Signed is designed to protect the individual phone user from malicious code, by means of signing the installation package with a signature, identifying the developer. That an application has been signed doesn't mean that it's not malicious. There's nothing preventing me from writing an app that does stuff that's harmful to the user's data and get it Symbian Signed. But when it starts doing harm to users' data, the app will be traceable back to me.

This also illustrates another important basic axiom in computer security, or any sort of security: there's always a tradeoff. Symbian Signed could have been designed to protect the user against any sort of harm ever happening to their data. The testing process would have had to be much more extensive than it is now, and would include eg. code inspection, to ensure that a signed app wouldn't do harm. However, in practice that'd be way too expensive.

The discontinuation of Developer Certificates should help

tonyn — Tue, 18 Mar 2008 18:42:54 +0100

At least it will help for applications that need signed-for capabilities.

Re: How do they crack our software?(3rd ed)

zol — Mon, 28 Jan 2008 09:37:19 +0100

I doubt operators will ever approve phones with "that kind of freedom" for using on their networks. Instead, a better balanced set of compromises between freedom and operator security demands need to be invented.

Re: How do they crack our software?(3rd ed)

alh — Fri, 25 Jan 2008 10:37:47 +0100

And who really believes Google that with Android all will be free and open and wonderful, and anybody who likes can even rewrite the core telephony application on his or her phone?

I would expect 'core telephony' to be in the layer (Linux or whatever) below Google's Davlik JVM and to be fixed. The telephony UI application may be replaceable, but I am skeptical that manufacturers or operators will allow too much tampering with such basic behaviours.

If you want that kind of freedom, then go get the OpenMoko (http://www.openmoko.com/)
The only truly "open source" cell phone out there. (yes, including hardware designs)
Just a few core things closed like radio baseband hardware that must be closed to be legal to use...

Re: How do they crack our software?(3rd ed)

tonyn — Fri, 25 Jan 2008 09:58:23 +0100

IMHO this supports my claim that no real technical problem would have prevented the introduction of encrypted SIS files.

One reason why encrypted SIS files the are not necessarily a simple & risk-free solution for cracking is that the encryption could also be used by other types of bad guys to wrap up malware. Quite a delicate thing to get right.

To repeat my earlier message, the problem of cracked software is something that is being considered within Symbian.

I think Symbian Signed is generally comparable to other code signing schemes such as Java Verified and Microsoft Authenticode in terms of expectations. I am looking forward to seeing how Apple & Google deal with this.

And who really believes Google that with Android all will be free and open and wonderful, and anybody who likes can even rewrite the core telephony application on his or her phone?

I would expect 'core telephony' to be in the layer (Linux or whatever) below Google's Davlik JVM and to be fixed. The telephony UI application may be replaceable, but I am skeptical that manufacturers or operators will allow too much tampering with such basic behaviours.

Re: How do they crack our software?(3rd ed)

rbrunner — Fri, 25 Jan 2008 07:43:13 +0100

...is essentially a re-invention of DRM?

Yes, I don't think that my proposal has anything really new, at its core. A lot of DRM systems must already be based on the principle of encrypted transfer of digital goods, along with some ways to look into things for parties who have a right do to so. IMHO this supports my claim that no real technical problem would have prevented the introduction of encrypted SIS files.

Also there is awareness that developers complain about the distribution of cracked software.

I had no accusation in my mind towards anybody that they are not "aware" about the problem. Of course all relevant players are aware that third-party developers suffer from the cracks. I am also convinced that with the situation as it is right now, it's a sound business decision for Symbian, their licensees and the operators, not to spend a lot of money to solve this problem, *and* they have the power to get away with this business decision against the anger of some developers.

Though changing how the protection is done would be disruptive to many people.

Yes, the horse has bolted already, and the train left the station

Personally I am pleased with the changes that Symbian introduced recently to the signing process. Let's also see what Apple with come up with for their iPhone: I wouldn't be surprised if they came up with a scheme right along the lines of Symbian Signed, only more restrictive still. And who really believes Google that with Android all will be free and open and wonderful, and anybody who likes can even rewrite the core telephony application on his or her phone? Did anybody ever ask the operators what their take is on this purported complete freedom? Maybe with Android there won't be single central signing authoritiy, because Google refuses to take on that role, but many many little signing schemes, one for every operator, and just think how wonderful that will be for developers...

Re: How do they crack our software?(3rd ed)

tonyn — Fri, 25 Jan 2008 02:10:26 +0100

Hi René

May I suggest that your encrypted SIS file & key distribution scheme is essentially a re-invention of DRM?


So, my SIS files must be naked, ...

Symbian Signed has evolved over the last few years, and has incorporated developer feedback. It is reasonable to expect that developer feedback will continue to be considered.

Also there is awareness that developers complain about the distribution of cracked software.


... and some directories on my own phone hidden forever, ...

Your proposal for encrypted tokens, for instance, would rely on this protection of private data from snooping. Though changing how the protection is done would be disruptive to many people.

Just my opinions and not an official message.

Re: How do they crack our software?(3rd ed)

paul — Thu, 24 Jan 2008 15:40:23 +0100

Well if someone believes they have a cracked application that has been resigned with a Symbian Signed signiture by someone else (ie not the rights holder) then they are welcome to send it to me to look at. Certainly if I find it was Symbian signed under the auspecies of another company I would have no problem reporting that fact to Symbian.

my email address is paul at toddsoftware dot com

Re: How do they crack our software?(3rd ed)

zol — Thu, 24 Jan 2008 14:36:40 +0100

No defense at all is a little harsh.

Sure harsh, but true. They indeed succeed doing it (either or another way), and the result is there on the net for anyone to download for free. The current security is definitely not for the developer (rather against him), but I foresee a high price to pay for this ignorance sooner or later.

Re: How do they crack our software?(3rd ed)

rbrunner — Thu, 24 Jan 2008 14:08:04 +0100

By the way, a hacker can just install the program on the memory card, so then he has full access to the .exe, can debug into it, change it as he wish, and then re-packs and signs it using a root certificate. I see no defense at all.

No defense at all is a little harsh. It may be possible, after install, collect all the various files that make up an application that went into various folders, write a new .pkg file for them, and make a new SIS file, but this is still considerably more difficult than just running UnSIS.

And if just only *one* file per application stays encrypted after install and is decrypted on-the-fly when the program is started, this memory-card trick already does not work anymore. Or if just *one* file per application always goes into the (pretty much un-removable) phone memory, again this attack vector is dead in the water.

I did not say it would be easy. I also said it would have cost money for Symbian to implement something. But impossible, no.

Re: How do they crack our software?(3rd ed)

zol — Thu, 24 Jan 2008 13:07:52 +0100

3rd-party developers for Symbian started to vanish, as a combined result of the constraints by the new security craze, and of the continued efforts by crackers. The lack of applications is already strongly criticized by end-users, so it might be time for the big players (manufacturers, operators, etc.) to realize what's going on, before they feel it on their profit.

By the way, a hacker can just install the program on the memory card, so then he has full access to the .exe, can debug into it, change it as he wish, and then re-packs and signs it using a root certificate. I see no defense at all.

Re: How do they crack our software?(3rd ed)

rbrunner — Thu, 24 Jan 2008 12:12:03 +0100

Its your duty though to say so if you think something is handled wrong

It makes me a little sad to say so, but I think at the moment the importance of third-party developers really is small enough that neglecting their problem with crackers costs less than, say, establishing a key distribution infrastructure to make encrypted SIS files possible. With "costing less" I mean "costing less for Symbian, their licensees and the operators".

So you could say that Symbian handles its business right.

One could hope that over time the importance of third-party developers increases up to a point where neglecting their cracker problem becomes more expensive than cracking-countermeasures built into the OS and the Symbian "ecosystem", but I don't hold my breath. Just look at Windows: Vista is full from top-to-bottom with protection stuff, but among all that stuff nothing to make the life of the Windows shareware author easier.

One could get a little cynical and say that even a cracked application makes a Symbian-powered phone more attractive to end-users, so even with cracked applications Symbian sells more licenses, Nokia and SE sell more phones, and operators get paid for more minutes. Just the poor program author is somewhat unhappy, but the monetary damage that this unhappiness causes is severly limited

Re: How do they crack our software?(3rd ed)

alh — Thu, 24 Jan 2008 11:35:54 +0100

I would go so far to say "Its life", period

There is always more considerations then the ones closes to your own heart, and you don't have total control over everything you care about.

Its your duty though to say so if you think something is handled wrong

Re: How do they crack our software?(3rd ed)

filio — Thu, 24 Jan 2008 09:35:10 +0100

So, my SIS files must be naked, and some directories on my own phone hidden forever..

Straight to the point. I'd love to hear the answer to that. tonyn?

Re: How do they crack our software?(3rd ed)

rbrunner — Thu, 24 Jan 2008 08:46:43 +0100

An interesting idea, but there are too many people who would want to see inside the SIS file.

After working in the IT field for 25 years I pride myself with having developed a fine sense to distinguish real technical challenges from mere power games that I lost.

You mention what I would call the "right and ability to have a look". You argue that so many parties have a legitimate right to look at the content of my SIS file, and must get the ability to have that look, that it would be too hard to establish a trusted key sharing infrastructure, and therefore I as a developer can't get my encrypted SIS files and the support that they would bring in my fight against crackers.

I feel that is just one of these power games that I lost: Third-party developers with their troubles with crackers are not important and not powerful enough that building a key sharing infrastructure seems worthwhile for the ones who hold the power.

I don't want to attack Symbian with this, and I am not angry either, I just don't like to confuse technical problems with just being overruled. Key sharing infrastructures are not a technical problem, they are a cost factor, and if cost can be avoided, businesses avoid them, that's only natural.

I compare this with my right and ability to look at the contents of my phone, as a phone user. There I learn that PlatSec brings me caged, private directories on my phone where even I as the phone owner cannot look what is stored there.

Just another of those power games that I lost, not a real technical problem. I am sure that one could have built PlatSec in a way that it would be a tolerable security risk to let phone users have a look at all files on their smartphones, but again that probably would have been more expensive.

So, my SIS files must be naked, and some directories on my own phone hidden forever, because I am not powerful enough to force my wishes. That's life in mobile IT, and who does not like this, best goes playing somewhere else

How do they crack our software?(3rd ed)

filio — Tue, 22 Jan 2008 17:18:51 +0100

I'm at the final stage of developing my application and this question popped up in my head? We pay for signing our applications, right? And the signing process is supposed to ensure this application came from me intact? So how can a cracker change the code inside to brake my registration We all know they do.