|
OUYA Inc posted:The receipt decryption happens inside the application to help prevent hacking. By moving the decryption into each application there is no "one piece of code" a hacker can attack to break encryption for all applications. In the future, we will encourage developers to avoid using the decryptReceiptResponse method. They will need to move the method into their application, and perturb what it does slightly (changing for-loops to while-loops, and so forth) to help make things even more secure.
|
# ? Apr 4, 2013 06:26 |
|
|
# ? May 17, 2024 14:47 |
|
Aleksei Vasiliev posted:OUYA Inc That is a good one.
|
# ? Apr 4, 2013 07:24 |
|
I'm honestly speechless as to just what the could possibly have thought any of that accomplished.
|
# ? Apr 4, 2013 07:27 |
|
oh come on, are there any actual software developers working for that project
|
# ? Apr 4, 2013 07:30 |
|
Nope. Also I don't think it was posted here but the OUYA also doesn't force any confirmation on in-app billing. Completely silent. All up to the app itself to make a confirmation menu. And you're forced to add your billing info into the machine when you start it up for the first time. Edit: vvv I think so? I think that was the point where people finally started digging into the code-side of OUYA and laughing forever. Jewel fucked around with this message at 07:42 on Apr 4, 2013 |
# ? Apr 4, 2013 07:36 |
|
Did the bit about the Ouya's IAP API ignoring the testing attribute after the app gets released to the marketplace ever get posted in this thread?
|
# ? Apr 4, 2013 07:40 |
|
Jewel posted:Nope. Open Source Video Games
|
# ? Apr 4, 2013 07:41 |
|
dis astranagant posted:I'm honestly speechless as to just what the could possibly have thought any of that accomplished. It's pretty clearly an attempt to make the crypto code specifically not have a reliable address or layout in memory between different apps. Brainstorming on why that could matter: 1. If the device/kernel actually allows writable executable pages, then any code at a stable address would be relatively easy for an exploit to disable/alter/weaken. But that's mostly an argument for not having writable executable pages, or failing that, using one of the many well-known ways to make this less feasible as an attack vector. 2. Even if you don't have writable executable pages, then code at stable addresses can still be exploited for things like return-oriented programming. But it doesn't make sense to single out the crypto code as something to protect against this, and again, there are much better techniques for making ROP difficult. 3. An attacker with physical access might be able to use a debugging interface to compromise an app. That's slightly easier if you know where objects and code are in memory, but only very slightly. And of course all of this only has any effect on cross-app exploits. If you're willing to write a exploit that just targets one app — and one might hope that most exploits will not be of system code, although that seems like a slim hope given what we've seen — this suggestion will have precisely zero effect. tl;dr: they're worried about limiting the damage of an exploit and have no idea what they're doing.
|
# ? Apr 4, 2013 08:38 |
|
rjmccall posted:It's pretty clearly an attempt to make the crypto code specifically not have a reliable address or layout in memory between different apps. Brainstorming on why that could matter: The "exploits" they appear to be worried about are people modifying apps to be able to use them for free instead of having to by them. So yes it's pretty safe to assume they have no idea what they're doing.
|
# ? Apr 4, 2013 08:45 |
|
Jabor posted:The "exploits" they appear to be worried about are people modifying apps to be able to use them for free instead of having to by them. Okay, yeah, I see. They are worried about somebody having a script which cracks an arbitrary app image, so they want the decrypt code to be at a different offset in the image (less important, because finding a specific blob of bytes in an app is still trivially scriptable) and to not be byte-for-byte identical, so that ideally it would take human intelligence to actually crack each individual app. Of course, what will actually happen is that the universal crack — if it even attacks this way — will scan for close matches instead, because it's not like any other code in the program will look like the decrypt code anyway. Or any number of other approaches. Do they really not sign app images?
|
# ? Apr 4, 2013 09:16 |
|
One of the Ouya's design goals was being end-user rootable. The Google Play Licensing Service documentation has a similar discussion of taking their example code and modifying it for your own use, right before they tell you to run your apps through ProGuard.
|
# ? Apr 4, 2013 09:23 |
|
The bigger problem is a design model that, as someone in YOSPOS put it, allows you to make a Mario clone that bills the user silently $1 for each ingame coin they collect.
|
# ? Apr 4, 2013 12:07 |
|
Volmarias posted:Spend two days "fixing" it that you actually spend on making other things with less visibility better. Or updating your resume.
|
# ? Apr 4, 2013 13:22 |
|
Why do they think changing for-loops to while-loops will do anything?
|
# ? Apr 4, 2013 13:31 |
|
Suspicious Dish posted:Why do they think changing for-loops to while-loops will do anything? At first, without knowing what they were talking about, I thought it was a clumsy way of saying they should do stuff in constant time to avoid timing attacks. Now I realise I was giving them far too much credit.
|
# ? Apr 4, 2013 13:35 |
|
Suspicious Dish posted:Why do they think changing for-loops to while-loops will do anything? I'm also curious to learn what they mean by "and so forth" in that same parenthetical. Should we also be changing if-statements to gotos?
|
# ? Apr 4, 2013 14:14 |
|
I took it to mean that you should change the crypto code they give you so it's different for every new app. Let's say in the crypto code they give you there's the following snippet: code:
code:
Space Kablooey fucked around with this message at 14:51 on Apr 4, 2013 |
# ? Apr 4, 2013 14:49 |
|
Wouldn't the compiler optimize that down to the same code? Often it would be the same with while and for. What a bunch of morons.
|
# ? Apr 4, 2013 15:04 |
|
SavageMessiah posted:Wouldn't the compiler optimize that down to the same code? Often it would be the same with while and for. What a bunch of morons.
|
# ? Apr 4, 2013 15:21 |
|
Text changed because I can't remember what it was, but I do not think whoever coded this understands what a StringBuilder is for... (found in production code, of course)code:
|
# ? Apr 4, 2013 15:44 |
|
God of Mischief posted:Text changed because I can't remember what it was, but I do not think whoever coded this understands what a StringBuilder is for... (found in production code, of course)
|
# ? Apr 4, 2013 15:55 |
|
God of Mischief posted:Text changed because I can't remember what it was, but I do not think whoever coded this understands what a StringBuilder is for... (found in production code, of course) IDEA can auto-fix these things... not that (with constant strings) there's any difference either way, IIRC.
|
# ? Apr 4, 2013 15:58 |
|
SavageMessiah posted:Wouldn't the compiler optimize that down to the same code? Often it would be the same with while and for. What a bunch of morons.
|
# ? Apr 4, 2013 16:12 |
|
C++ code:
code:
|
# ? Apr 4, 2013 19:03 |
|
mobby_6kl posted:Not sure what kind of black magic lea is performing there, but other than that, As an aside, MSVC and ICC seem to be pretty sanguine on lea in general, and often replace general arithmetic muls and adds with it (in addition to the pure addressing stuff that a non-specialist human would tend to use it for). e: clarity Blotto Skorzany fucked around with this message at 19:12 on Apr 4, 2013 |
# ? Apr 4, 2013 19:08 |
|
That lea is a noop isn't it?
|
# ? Apr 4, 2013 19:10 |
|
The lea is a 3 byte NOP, used to align the loop (apparently onto a 16-byte boundary, which it seems can be a significant optimization for some processor architectures).
|
# ? Apr 4, 2013 19:10 |
|
Otto Skorzeny posted:As an aside, MSVC and ICC seem to be pretty sanguine on lea in general, and often replace general arithmetic muls and adds with it
|
# ? Apr 4, 2013 19:16 |
|
Zhentar posted:The lea is a 3 byte NOP, used to align the loop (apparently onto a 16-byte boundary, which it seems can be a significant optimization for some processor architectures). Why wouldn't the compiler just emit nop, nop, nop? Just to be hipster or something?
|
# ? Apr 4, 2013 19:40 |
|
Yep, not setting FLAGS is a major part of it; also, addressing-mode calculations also sometimes have their own functional units. But in this case, yes, it's a no-op being used to align the loop, which is a surprisingly effective optimization — effective enough that compilers will generally always try to align loops, in contrast to the usual worry about balancing code size. ETA: And you use longer nops instead of multiple shorter because there's overhead in interpreting and issuing instructions, even nops.
|
# ? Apr 4, 2013 19:41 |
|
trex eaterofcadrs posted:Why wouldn't the compiler just emit nop, nop, nop? Just to be hipster or something? It might be faster on that architecture.
|
# ? Apr 4, 2013 19:43 |
|
yaoi prophet posted:It might be faster on that architecture. I wonder if it has a negative effect on code cache. I don't know enough about instruction optimization any more
|
# ? Apr 4, 2013 19:44 |
|
I had to check the link to see whether you added the emphasis on perturb or if they did. That is absolutely the best part. "On this fairly critical security measure, we've moved the responsibility to developers so they can... do... welllll, stuff."
|
# ? Apr 4, 2013 20:42 |
|
It's obviously so if there's a security problem, they can blame the developers.
|
# ? Apr 4, 2013 21:11 |
|
pigdog posted:IDEA can auto-fix these things... not that (with constant strings) there's any difference either way, IIRC. There's no difference in Java with variable strings these days either. Since 1.5 or 1.6 "string" + someString + "string" is shorthand for new StringBuilder("string").append(someString).append("string").toString(); instead of .concat() like it used to be Goat Bastard fucked around with this message at 21:29 on Apr 4, 2013 |
# ? Apr 4, 2013 21:24 |
|
But I hope Java is smart enough to recognize concatenation of multiple constant strings as one single constant?
|
# ? Apr 4, 2013 21:38 |
|
evensevenone posted:It's obviously so if there's a security problem, they can blame the developers. Also this https://www.eff.org/deeplinks/2013/04/app-developers-lodsys-back One lawsuit would probably scuttle the whole thing.
|
# ? Apr 4, 2013 21:41 |
|
trex eaterofcadrs posted:I wonder if it has a negative effect on code cache. If you're caching the non-decoded instructions, then it doesn't matter, because they're the same size. Past that... the CPU architects are well aware that lea esp, [esp] (or equivalent) is a popular 3 byte NOP, so they're not going to handle it any less efficiently than NOP NOP NOP. Fun fact: the NOP opcode happens to be exactly the same as the opcode for xchg eax, eax.
|
# ? Apr 4, 2013 21:43 |
|
I wonder if Intel publishes "here's nops for all byte sizes that matter" which their processors will try to handle faster than other nop instructions.
|
# ? Apr 4, 2013 21:55 |
|
|
# ? May 17, 2024 14:47 |
|
ymgve posted:But I hope Java is smart enough to recognize concatenation of multiple constant strings as one single constant? As I read the language spec, Java is actually required to constant-fold concatenations that involve only constant strings and primitives, so "abc" + 4 * 5 + "def" is required to be treated exactly like "abc20def". If string concatenation in Java ever used String.concat, it was a very long time ago; Java was using StringBuffer for it at least in 1.1. It started using StringBuilder in 1.5 (when targeting 1.5 or higher).
|
# ? Apr 4, 2013 22:26 |