From: Laurent Giroud <laurent.giroud_at_libertysurf.fr>
Date: Tue, 30 Dec 2003 17:27:14 +0100

On Tue, 30 Dec 2003 16:52:19 +0100 (MET), "[IDC]Dragon" <idc-dragon_at_gmx.de> wrote:

> Accessing the ROM is very likely to be feasible, but may not help at all. If
> Archos "did it properly", they use real cryptography and a public/private
> key pair. The public key may be in the box's ROM, but you need the private key
> to author your own firmware. And this is what you're not gonna get...

I'm not so sure about the ROM since it seems to be embedded within the CPU and thus even bus spying as was done on the xbox would prove useless in such case. I cross fingers though.

> So, things can be really bulletproofed, but what usually stands against it
> are:
> - the runtime for a serious decryption, large number arithmetics is slow on
> "regular" embedded processors
> - implementation flaws that allow you to feed code some other way, thus
> bypassing the whole security mechanism, see XBox hacking.

Given what I read on this list regarding Archos code quality this should not be so hard to find flaws ;)

Regards,

Laurent
Received on 2003-12-30