27 Dec 2000 ksandstr   » (Journeyer)

I've been thinking about the possibly upcoming new ATA standard with that evil copy control thingy in it, and how Intel, IBM and the rest of those assholes are planning to implement it. I haven't read all of the .pdf files available at the FTP whose URL I already forgot, so don't take this as word of Bob or anything, OK?

So here's what I've come up with:
The 4C Entity consists of four members (at the moment); these are Intel, IBM, Matsushita and Toshiba. (according to the article in The Register).

  • IBM is a known harddisk manufacturer (both ATA and SCSI), so they're probably putting stuff into the new ATA standard (because they know what they're doing in the performance area) and are likely to be the first company to start making the new, evil'n'rude-enhanced HDs. Also, because IBM isn't just a drive manufacturer, they're probably also giving their contribution to the hardware part of CPRM, possibly software as well.
  • Matsushita makes, among other things, CDROM drives. I wouldn't be surprised if they would be the first company to implement ATA6, CRPM and all, in CDROM drives. Other than that, I don't know. Maybe they're also a HD maker.
  • Toshiba not only makes laptops, but from what I can tell, makes their own hard- and CDROM drives for them as well. Thus it would make sense that they would be the first company to start making CRPM-compatible laptops (maybe portable media players as well?).
  • Intel makes both IDE chipsets and other semiconductors. Also, Intel has a product (vapourware, maybe? there's only the HTML brochures on Intel's WWW site) called "Software Security Ifoobar", or something like that (I'm pretty sure that the acronym is SSI, SII or SIS). This software, according to the marketing blurb on the WWW site, installs a number of "software agents" on the user's (or should I say "victim's") computer which, after that, guard each other against integrity violations and do other stuff in the background (like being in semiregular contact with a central server to check for updates, license revocations, key changes, things like that).
    As most of you can tell, this sort of stuff can be cracked by disassembling or run-time monitoring either the installer program, the agents themselves or the player programs. (the communications stream between the central server and the installer/agent programs will probably need to be sniffed as well, but the stream is likely to be encrypted so this step will come after the encryption keys are recovered.)
    There's bound to be a weak link in there somewhere, because the installer is going to be a "trusted binary" in an untrusted environment (i.e. your wind'ohs installation running in a virtualized environment or a good old-fashioned emulator).

I was going to write more on this subject, but I seem to have forgotten what it was that I meant to say. I guess this is all, for now.

Latest blog entries     Older blog entries

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!