Date: Wed, 25 Sep 1996 13:37:52 -0700 (MST) From: Terry Lambert <terry@lambert.org> To: pechter@shell.monmouth.com (Bill/Carolyn Pechter) Cc: terry@lambert.org, freebsd-chat@freebsd.org, info-pdp11@transarc.com Subject: Re: System ID numbers Message-ID: <199609252037.NAA06661@phaeton.artisoft.com> In-Reply-To: <199609251858.OAA12278@shell.monmouth.com> from "Bill/Carolyn Pechter" at Sep 25, 96 02:58:55 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> In FreeBSD-current-digest Terry Lambert mentioned a Unique ID on PDP11's. > I follow the exerpt with my recollections -- can anyone mention any machine > except the Pro350/380 where a Unique ID was used in licensing PDP11 > applications or OS software. Actually, that wasn't me. It is my opinion that any unique ID which must depend on a kernel call to allow an application to retrieve it can be spoofed. This goes for hard numbers, as well as for "dongles" which are not active processing mechanisms (some dongles *are* active mechanisms; as finite state automatons, it *is* conceivable that you would be able to spoof the dongle at the driver level in any case). If there were a unique ID in ROM, all I would have to do is fault the reference and return the false ID. There is *no way* to fix this for anything but protected mode (kernel/"ring 0") code. Even then, on a 486 or better, I can set the MMU to fault pages in protected mode. As long as my OS architecture allows the handling of these faults at any given time, I can fake the reference at the driver level. In short, it's impossible to uniquely identify any hardware without allowing the identification method itself to be hackable one way or another. I suppose you could (if you got licenses from Public Key Partners and of three software patents, and the blessings of the US State Department to export the thing) put a PGP machine in a dongle, and send the dongle a random string, have it PGP sign the string, and validae the signature. Even so, it would be possible to attack this with a debugger. If you could not disable the check entirely, you could disrupt the randomness of the string, and pregenerate a table of signed values for potential strings, and return *that* via your spoofing interface. What license managers are for is to make it "sufficiently difficult to spoof that the economic cost of doing so exceeds the economic benefit". The same justification for copy protection schemes back in the 70's and 80's. Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199609252037.NAA06661>