[Gllug] [OT] CF card mp3 players?

[Mike Brodbelt]

On Fri, 2004-10-15 at 15:46, Richard Jones wrote:

> But how is this region "locked"?

Hardware in the SD card allows access to this area only when
"appropriate" external devices are detected, according the the SD
website. I take this to mean it works a bit like CSS on DVDs, in that an
"appropriate device" is one that can present the correct cryptographic
authentication. I'd guess that's why no open drivers - to manufacture a
device that's allowed to talk to the protected area, you need a key
provided by the SD association, which you then build into your player
hardware or driver software. Doubtless getting such a key is contingent
on signing an appropriate NDA, and promising not to build any hardware
that can do things the copyright cartel wouldn't like.

> Surely to decrypt the track you've
> got to read the encrypted track and the key, and presumably the SD
> card itself doesn't have any decryption technology on it, so that
> means it must be the connecting device which reads the key ... in
> which case you've got no security.  Is the reason that SD drivers must
> be closed source mere security-through-obscurity?

Basically, I think so, yes. That's what CSS was based on too - it only
worked as long as none of the manufacturer keys were compromised. As
soon as one was, breaking the rest of it became straightforward
(admittedly they'd also used a bad algorith implementation, IIRR).

There's an overview at http://www.sdcard.org/sd_memorycard/index.html
which may be worht a quick look. There are also patent problems with
some elements of SD/SDIO, I think.

Mike.

-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug