Cracking Apple’s Mac OS X for Intel doesn’t mean much now, Apple may have the last word

“As was to be expected once the software got out of the lab, OS X for Intel has been hacked to make it run on generic Intel platforms, not just the Apple-approved Developer Transition Kit machines. This is, at this stage, less of an event than it appears at first blush,” Larry Loeb writes for eWeek. “Getting around the TPM (Trusted Platform Module)—one of the requirements of enabling OS X to run on a generic platform— basically just involves programming the system code to ignore any calls to the TPM.”

“While this will allow OS X to boot, disabling the TPM also disables its functionality… If you want to run OS X/Intel software in the future, running on a hacked operating system will (as I said before) lose the TPM functionality, and the original software will not run since it will check for TPM,” Loeb writes. “To get a functioning application, you’ll have to disassemble and crack the TPM calls. Every one of them. And that is a lot of work.”

Full article here.

Related MacDailyNews articles:
Report: Mac OS X for Intel hacked to run on non-apple x86 PCs – August 11, 2005
Dvorak: Steve Jobs eventually intends for Apple’s Mac OS X to run on any x86 PC – August 09, 2005
DRM chip in Intel-based developer Macs prevents Mac OS X from running on non-Apple PCs – August 05, 2005
Report: Apple’s Mac OS X Intel kernel employs DRM to prevent OS from working unless authorized – August 01, 2005
Apple Intel-based Macs for developers runs Mac OS X and Windows XP – June 23, 2005
Apple’s ‘Mac OS X for Intel’ developer build reportedly running on Tablet PC – June 16, 2005
Video of Mac OS X 10.4.1 for Intel running on Dell laptop posted online – June 13, 2005
Report: Apple Mac OS X 10.4.1 for Intel hits piracy sites – June 11, 2005

20 Comments

  1. This article makes two broad assumptions.

    The assumption that future software for OS X will be locked with TPM.

    The assumption that Apple will use TPM in the final Macintel builds.

    The hacking community is busy taking apart the TPM now.

    But looking at past history. Its very possible Apple will secure OS X to Mac hardware through some other means.

  2. Money, money, money… Ibrahim al-Jaafari, Bill Gates, George Bush et al.

    To some people money is everything. So is market share to others. They both add up to the same thing: greed, and by greed I don’t mean an overweight child/adult eating all the pies, I mean these people want EVERYTHING. They’d have the only shirt on your back if it made them some money.

    This is purely my own opinion, but I think Steve/Apple just want people to have machine that work, that let people do what they want to do. A computer shouldn’t rule your life. It should help you achieve what you thought of before you even imagined using a computer to assist you. This is a very young industry, one that still has not found its way. I think Apple is leading the way, but I’m not an evangelist for Apple – I’m just chossing a platform that works. Seriously, when someone tells me about viruses, I laugh. Not out of contempt, but out of sorrow. I have never had a virus affect any of my work, and every person (37 & counting) I have persuaded to Switch® has never complained – just a thank you.

    Sorry to ramble, but this Capitalist bu11sh1t gets to me. Money is not everything. Ask Jonathan Ive if he would rather be the best Designer in the World or the richest man in the World.[ You know what his answer would be: Designer.

    …Now ask Bill Gates that same question.

  3. “”To get a functioning application, you’ll have to disassemble and crack the TPM calls. Every one of them. And that is a lot of work.”

    Of out hundreds of thousands of crackers out there, it only takes one dedicated, or a bunch working together to get the job done.

    The popular programs will be the first. Adobe’s PC products are widely distributed via P2P network as it is now.

    There are tons of people with nothing better to do than reverse engineer code and gain status as a top cracker.

    We are going to see DRM in the new MacTels like the world has never seen.

    My advice is if your thinking of buying a Mac, buy the most powerful DP PowerMac G5 you can get and sit on it for 7 years.

    All the new software coming out is going to model itself on the HDCP standard, which periodically checks “home” to make sure your machine is authorized to use the software.

    This is why Apple doesn’t install a “Little Snitch” outgoing firewall to check when websites and programs phone home.

    The infusion of widgets that need to constantly check online is to get us used to the idea of having our machines making unknown online connections.

  4. Here’s what I think is the relevant quote from this article:

    “… here’s where disabling the TPM bites back. If you want to run OS X/Intel software in the future, running on a hacked operating system will [result in] … the original software … not run[ning] since it will check for TPM.

    To get a functioning application, you’ll have to disassemble and crack the TPM calls. Every one of them. And that is a lot of work.

    Not that it can’t be done by motivated individuals … But it’s still a lot of work, and WITH THE DMCA YOU CAN NOW BE TOSSED INTO THE HOOSEGOW FOR DOING IT [emphasis mine].

    I think Apple still has some techno-tricks up its sleeve … Don’t assume that just because people could crack things at this point that they will be able to do so when the real software comes out… Apple [may have] put the first version of the OS out just to see what people would do with it, and thus know what to defend against.”

    I’ve been taking a lot of heat from people for suggesting that Apple’s move to Intel x86 was for suggesting that an elaborate hardware DRM scheme was the real reason – NOT performance of heat or wattage issues with PPC. And for suggesting that the reason hardware DRM was so damn important to them was because they needed to convert their entire product line to something the companies who control the video content would be comfortable with, so they would in turn loosen their grip on content and allow Apple to recreate the iPod/iTMS audio paradigm in the video sphere.

    We now, in this article, have someone explaining to us just how restrictive these TPM modules have the potential to be, for all but the most technically savvy of users, when using ANY and ALL software on future Macs. Not coincidentally, MDN has posted this story:

    http://macdailynews.com/index.php/weblog/comments/6643/

    which details the likely unveiling of a video iPod. Pertinent quotes here:

    “… NPD Group analyst Stephen Baker … noted that there is a lack of infrastructure in place to easily download and manage movies and television shows, a problem that iPod solved for the music world.”

    Half of that infrasructure problem is assumed to be lack of broadband. Yet, with the new H.264 compression standard in QuickTime, Apple COULD provide pretty good quality video at relatively low bit rates, thereby obviating the absolute necessity of waiting for widespread broadband penetration in this country … if they were allowed to. Which leads to the other half of the infrastructure problem – securing the devices that this content will be downloaded to. Apple’s software audio solution isn’t robust enough for these media companies to allow their precious video content ‘out into the wild’. But, with Intel’s TPM modules disabling whole computer systems of all but the most brilliant of hackers in the event they are circumvented, these companies are back in the catbird’s seat!

    They could thus charge what they want, track who they want, disable whatever ‘expired’ content they want. Protecting yourself from heavy handed activity would likely result in you breaking your computer. And while Apple would have to go along with most of these activities, that would not mean we’d have someone looking out for our interests, because Apple would seriously risk being cut off from their ‘suppliers’. Is it likely they would do that once they become ‘king of all video media’? Apple will be king all right, but sort of like a child-king, where the real power and decisions are made by the viziers behind the visible throne.

    One last quote: “… That may be why, analysts said, Apple has waited this long before rolling out what could be called a video iPod, while it works out all the kinks. Wall Street analysts have already said the company could introduce such a device as soon as September.”

    Apple waited this long because the media companies required incontravertable proof that they would tow the line with Intel’s DRM – the security scheme they’ve approved of for some time – before releasing their content. Now that the Macintel transition is underway, the gates are open to Apple, and we will start getting our iVideo products and online stores.

    I just hope we’re all happy with the result – happy enough to live with the consequences of what their availability will mean for the future of dealing with ‘Apple computing’ in general.

  5. Oddysey67 – I too felt that DRM and TPM had rather a lot to do with Apple going Intel (though not the only factor), although my personal conclusions were a little different.

    I think Apple wanted to make sure their iTunes monopoly is protected and prevent an MS/Intel pincer movement in defining standards that would exclude Apple.

    As for whether TPM will stop software being cracked – the simple answer is no. Once you’ve found and cracked one TPM call, it will be easy to scan code in other apps to find another. Short of making Macs that don’t support software development (i.e. console style ‘play only’ machines) it’s going to be doable – and as we know, every console system so far has been cracked. You can escalate the difficulty, but you can’t stop it – and as we know, something only needs to be cracked once.

    Or at least, only needs to be cracked once for that version – maybe we will move to an era of daily software patches, and making everything so bug-ridden you might as well buy the real software.

  6. Odyssey, you still haven’t explained how Apple intends to deal with the enormous existing install base of PPC Macs that won’t have the DRM. Will these new services simply not be available for these Macs? That would guarantee failure.

  7. “Odyssey, you still haven’t explained how Apple intends to deal with the enormous existing install base of PPC Macs that won’t have the DRM. Will these new services simply not be available for these Macs? That would guarantee failure.”

    Probably. Or, it may just be that the industry considers us to be an insignificant number of people to worry about.

  8. You forget that Rosetta ins’t needed on G3, G4, or G5 computers. Its purely for Intel Macs that need emulation to run PPC Mac programs. PPC Macs can natively run PPC programs. Also, most new programs designed for Intel will be dual-binary, meaning they can run on PPC and Intel architecture depending on what computer its installed on. Just look at Mac OS 10.4 or many of Apple’s current software, they have G5 64-bit optimizations, but will only use those parts of the code if running on a G5, run those on a G4 and they run fine, but don’t utilize the 64-bit optimizations. iMovie and Photoshop have G5 optimizations, but work great on G4s too.

    Has anyone stopped to think that maybe the Developer Kits have a special version of OS 10.4.1 for Intel?

    Think about it, you download shareware and you can use it free for 30 days, after that it asks you to purchase it so it continues working. Now lets use that idea and expand it to an entire OS. I don’t see Apple doing anything like releasing a full version into the wild and not thinking about people hacking it. Those Mac Intel dev kits are Apple property and Apple will request them back one of these days. Personally, I think Apple may have though of something like what shareware does. The OS 10.4.1 for Intel may have some code that kills the OS after a certain date. They could easily use Secure Delete or FlieVault to kill or lockdown the OS some time after they recall the Dev kits. Plus if anyone whines and says, “you killed all my files” Apple can say “you we’re illegally running out software, serves ya right!”

    Now, Im just specualting here, but it would make sense that Apple do such a thing.

  9. About DRM, you don’t need the TPM module for DRM. Your Mac OS knows alot of things about your computer. The major components in your computer have serial numbers and other identifying codes embedded in them, Your Mac OS knows your computer’s serial number, your CPU ID, video card ID, hard drive ID, motherboard ID, and your ethernet MAC address.

    Windows XP had already been using those identifiers to prevent people from installing the same copy of XP on two different computers. The installer checks all those IDs and if too many are different it denies the install. That allows you to replace or upgrade something with no problems but prevents you from doing illegal things. Apple could use a similar method for DRM in Macs that don’t have TPM.

  10. JulesLt says: “I too felt that DRM … had … a lot to do with Apple going Intel … my personal conclusions were … different. I think Apple wanted to make sure their iTunes monopoly is protected and prevent an MS/Intel pincer movement in defining standards that would exclude Apple.”

    Maybe. I also assume iTMS is factored into the TPM mix, but more as an ancellary thing. I don’t think Apple is feeling any pressure to change their software DRM scheme there – they seem to be getting much more pressure to allow others to use it, simply because they’re generating so much revenue with how it’s set up already. This is primarily being driven by video.

    “As for whether TPM will stop software being cracked – the … answer is no. Once you’ve … cracked one TPM call, it will be easy to scan code in other apps to find another. Short of making Macs that don’t support software development (i.e. console style ‘play only’ machines) it’s going to be doable – and as we know, every console … so far has been cracked. You can escalate the difficulty, but you can’t stop it – and as we know, something only needs to be cracked once.”

    The article says otherwise. The DRM scheme that Intel is cooking up apparently will not be a ‘one & yer done’ cracking exercise. The OS will keep asking for verification from the TPM chip for everything it does, or even apps. Consoles had DRM, but it was nowhere close to this sophisticated. Which gets back to my original statement – only the most hardcore will be able to get around this scheme. And even those guys & gals may find themselves with a mostly hobbled computer. Nevertheless, even you mention a console type computer as the alternative to thwarting hackers in what you see as the way this will play out. I think that’s exactly what this TPM deal the risks Macs turning into – video servers first, computers second.

    LordRobin says: “… you still haven’t explained how Apple intends to deal with the enormous existing install base of PPC Macs that won’t have the DRM. Will these new services simply not be available for these Macs? That would guarantee failure.”

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.