which, coupled with NGSCB-enabled hardware, will allow future versions of
Windows to support the Nexus execution mode. Under the Nexus mode the sys-
tem will support protected memory, which is a special area in physical memory
that can only be accessed by a specific process.
It is too early to tell at this point how difficult it will be to crack protection
technologies on trusted computing platforms. Assuming good designs and
solid implementations of those platforms, it won’t be possible to defeat copy
protection schemes using the software-based approaches described in this
book. That’s because reversing is not going to be possible before a decrypted
copy of the software is obtained, and decrypting the software is not going to be
possible without some level of hardware modifications. However, it is proba-
bly not going to be possible to create a trusted platform that will be able to
withstand a hardware-level attack undertaken by a skilled cracker.Attacking Copy Protection Technologies
At this point, it is obvious that all current protection technologies are inherently
flawed. How is it possible to control the flow of copyrighted material when
there is no way to control the user’s access to data on the system? If a user is
able to read all data that flows through the system, how will it be possible to
protect a program’s binary executable or a music recording file? Practically all
protection technologies nowadays rely on cryptography, but cryptography
doesn’t work when the attacker has access to the original plaintext!
The specific attack techniques for defeating copy protection mechanisms
depend on the specific technology and on the asset being protected. The gen-
eral idea (assuming the protection technology relies on cryptography) is to
either locate the decryption key, which is usually hidden somewhere in the
program, or to simply rip the decrypted contents from memory as soon as they
are decrypted. It is virtually impossible to prevent such attacks on current PC
platforms, but trusted computing platforms are likely to make such attacks far
more difficult to undertake.
Chapter 11 discusses and demonstrates specific cracking techniques in detail.Conclusion
This concludes our introduction to the world of piracy and copy protection. If
there is one message I have tried to convey here it is that software is a flexible
thing, and that there is a level playing field between developers of protection
technologies and crackers: trying to prevent piracy by placing software-based
barriers is a limited approach. Any software-based barrier can be lifted by
somehow modifying the software. The only open parameter that remains is324 Chapter 9