QUOTE(speculatrix @ Mar 6 2008, 07:34 AM)
QUOTE(pelrun @ Mar 6 2008, 12:01 PM)
Whereas I'd objdump it, find the "insert valid card" message and work backwards to find where it was triggered. Then nop that bit out.
I imagine, if picsel have any clue, the card check will be scattered through the code in different ways to prevent it being easy.
Has anyone ever actually come across an application which makes use of the "secure" in "secure digital card", using DRM to prevent file/music copying?
My hunch is that is exactly what we are looking at in this situation. I think Picsel Browser is looking for information stored in the Protected Region of the SD Card.
Read this from the SD Card association itself (Section 4 is what you need to read) http://www.sdcard.org/about/memory_card/
Just look at the facts we know.
1) The Picsel case study says Panasonic were the ones who created the Picsel embedded SD cards for the Zaurus.
2) Panasonic is a co-creator of the SD Card standard.
3) The DRM technology in SD cards is licensed to the SD Card Association by 4C.
4) 4C is the DRM licensing company of multiple companies including Panasonic.
5) The DRM technology on SD Cards uses a Protected Region with a key stored in it. If the key can't be decrypted or found then playback is not allowed.
Based on these facts it would not be a stretch for Panasonic to extend the playback DRM to binary execution. It looks to me like the Picsel binary is looking for the encypted key in the Protected Region of the SD. If it can't find it, it won't allow the program to run. So the only way to make a backup copy of a Picsel SD card would be to decrypt the Protected Region on the original card. Pull out the key and place it into the Protected Region of another SD card.
What do you think?