- Joined
- Sep 17, 2003
- Messages
- 3,519
- Trophies
- 2
- Age
- 43
- Location
- Switzerland
- Website
- www.indiedb.com
- XP
- 2,557
- Country
If they use a signed file you have a problem. Certificating is a process in which you first encrypt the game file using a private key. Then you append the SHA1 fingerprint of the unencrypted data to the stream. This system is used in PGP for email encryption and is safe in reference to all 4 security principles.
Hence if the files are encrypted this way you can not trick the machine in any way... unless... and there comes the funny part. Security always breaks at the weakest link in the chain. Certification is really strong so you have no chance to break this link but you can try to break the "reliability" link. For decrypting and verifying the certificate two things are needed: A Public key and a Certificate. Both files are stored somewhere in the firmware. The trick would be then to generate your own Key pair ( private key / public key ) and your own certificate you sign yourself with this key pair. Once placed in the machine your encrypted files are considered valid.
This trick though requires a way to hard-flash a firmware onto the machine.
Hence if the files are encrypted this way you can not trick the machine in any way... unless... and there comes the funny part. Security always breaks at the weakest link in the chain. Certification is really strong so you have no chance to break this link but you can try to break the "reliability" link. For decrypting and verifying the certificate two things are needed: A Public key and a Certificate. Both files are stored somewhere in the firmware. The trick would be then to generate your own Key pair ( private key / public key ) and your own certificate you sign yourself with this key pair. Once placed in the machine your encrypted files are considered valid.
This trick though requires a way to hard-flash a firmware onto the machine.