How easy is to crack the following copy protection?
I am trying to copyprotect some work, which is a bootable SD card booting a linux kernel on ARM device (Raspberry pi). I am using this approach:
The approach uses an initrd to mount an encrypted root filesystem.
The initrd generates the filesystems' password according to the CID of the SD card. (a hash function is used, did not decide yet over md5 or sha1). Initrd will try to mount the filesystem using that generated password.
Now here is the most interesting/suspect part: The initrd itself is encrypted using a custom C function, basicaly each byte is XOR'ed using a custom made pseudo random generator. Kernel is modified to have the same encrypting function, which works as decryptor.
The system itself is stripped down so there is no way to use a keyboard or external storage. A single app runs full-screen.
So after the bootloader loads kernel and initrd, the kernel decrypts the initrd and executes its init script, which will generate the password and mount the root filesystem.
My question is: How easy it would be to break this setup (to decrypt the root filesystem and make it boot from any sd card)? What are the most weakest parts? How easy is to decompile the kernel and find those custom encrypting functions?
I am trying to copyprotect some work, which is a bootable SD card booting a linux kernel on ARM device (Raspberry pi). I am using this approach:
The approach uses an initrd to mount an encrypted root filesystem.
The initrd generates the filesystems' password according to the CID of the SD card. (a hash function is used, did not decide yet over md5 or sha1). Initrd will try to mount the filesystem using that generated password.
Now here is the most interesting/suspect part: The initrd itself is encrypted using a custom C function, basicaly each byte is XOR'ed using a custom made pseudo random generator. Kernel is modified to have the same encrypting function, which works as decryptor.
The system itself is stripped down so there is no way to use a keyboard or external storage. A single app runs full-screen.
So after the bootloader loads kernel and initrd, the kernel decrypts the initrd and executes its init script, which will generate the password and mount the root filesystem.
My question is: How easy it would be to break this setup (to decrypt the root filesystem and make it boot from any sd card)? What are the most weakest parts? How easy is to decompile the kernel and find those custom encrypting functions?
No comments:
Post a Comment